Richard
Tue Oct 23 05:22:15 PDT 2007
Stevie Lamb wrote:
> I'm relatively new to VBScript. I have successfully written a couple
> of logon scripts for my company, with half-decent validation & program
> flow. I now need to deploy this, and remove the old batch logon script
> from users' account objects in AD.
>
> Having read some posts, I've seen suggestions ranging from:
>
> selecting multiple users in AD & selecting "Properties", then making
> the change (this doesn't work on either WinXP SP2 or Win 2000)
>
> to
>
> using LDIFDE to export the desired information, make the change, then
> re-import this data to update the schema. However, LDIFDE looks
> extremely complex & bug-prone - see
>
http://support.microsoft.com/kb/555634.
> For example, this document suggests that blank values can't be used to
> set attributes, which ruins my plans. It also contains lots of caveats
> - by default, accounts are disabled, passwords set to NULL, "user must
> change password at next logon", etc, making for a very complex series
> of switches & arguements for performing any import.
>
> Is there no way of simply using VBScript to build a collection of user
> objects and loop through them, setting the desired value? Any
> suggestions would be greatly appreciated.
>
You should be able to use Joe Richards' ADMod for this:
http://www.joeware.net/freetools/tools/admod/index.htm
A VBScript program can use ADO to retrieve the value of the
distinguishedName attribute for all users that have a value assigned to the
scriptPath attribute (where the logon script path is saved). Then the
program can bind to each user object and remove the scriptPath value. You
must use the PutEx method to clear the attribute. You cannot assign a blank
string. For example:
=================
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strDN
Dim objUser
Const ADS_PROPERTY_CLEAR = 1
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects with a value assigned to scriptPath.
strFilter = "(&(objectCategory=person)(objectClass=user)(scriptPath=*))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
' Bind to user object.
Set objUser = GetObject("LDAP://" & strDN)
' Clear the scriptPath attribute.
objUser.PutEx ADS_PROPERTY_CLEAR, "scriptPath", 0
' Save changes.
objUser.SetInfo
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
============
For more on using ADO, see this link:
http://www.rlmueller.net/ADOSearchTips.htm
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -
http://www.rlmueller.net
--