Editing users UPN via script

TheMSsForum.com: The Microsoft Software Forum

I have a text file called C:\Temp\USERS.TXT (which the format can be changed
if needed), that has the following (UserLogonName, UPN format):

User1, @mydomain.com
User2, @mydomain.com
User3, @mydomain.com
User4, @mydomain.com
User5, @mydomain.com
User6, @mydomain.com

I want to be able to change the UPN listing (in some cases it's not present
at all for users) that appears next to the "User logon name" on the Account
properties for those users in a script. I can edit a script to change this
for a user but in this case I want to be able to read in the information from
a file, can this be done editing this script? Or do I have to do it manually?


Set objUser = GetObject _
("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")

objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
objUser.Put "sAMAccountName", "MyerKen01"
objUser.Put "userWorkstations","wks1,wks2,wks3"
objUser.SetInfo
Top

RE: Editing users UPN via script by CoreyThomasMCSEMCSAMCDBA

CoreyThomasMCSEMCSAMCDBA
Mon Mar 10 15:37:01 CDT 2008

Angela,

Yes, you can certainly open the file and parse through the contents. Here's
how:

strFile = "c:\myfile.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set inputList = objFSO.OpenTextFile(strFile)

Do While inputList.atendofstream <> True

strLine = inputList.ReadLine
'Tidy up the line by removing trailing whitespaces
strLine = Trim(strLine)
'Split the line by commas:
arrLine = Split(strLine,",")

'Now you have an array that looks like this:
' arrLine(0) = "User1"
' arrLine(1) = "@mydomain.com"
'Each time this loops through, the line changes and so does the arrLine
array

'So you just need to add your code to this section. :)


Loop

"Angela" wrote:

> I have a text file called C:\Temp\USERS.TXT (which the format can be changed
> if needed), that has the following (UserLogonName, UPN format):
>
> User1, @mydomain.com
> User2, @mydomain.com
> User3, @mydomain.com
> User4, @mydomain.com
> User5, @mydomain.com
> User6, @mydomain.com
>
> I want to be able to change the UPN listing (in some cases it's not present
> at all for users) that appears next to the "User logon name" on the Account
> properties for those users in a script. I can edit a script to change this
> for a user but in this case I want to be able to read in the information from
> a file, can this be done editing this script? Or do I have to do it manually?
>
>
> Set objUser = GetObject _
> ("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")
>
> objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
> objUser.Put "sAMAccountName", "MyerKen01"
> objUser.Put "userWorkstations","wks1,wks2,wks3"
> objUser.SetInfo
>
Top

Re: Editing users UPN via script by Anthony

Anthony
Mon Mar 10 15:41:49 CDT 2008

Hi,

What you ask should be divided into different parts:
1) Get information from a text file
This is very easy in vbscript.
Example:
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("C:\Temp\USERS.TXT",1)
Do Until objFile.AtEndOfStream
strLine = objFile.ReadLine 'this put the content
of the line into a variable
WScript.Echo strLine ' echoes the line
(User1, ...)
' do anything in relation with the line, like changing the
UPN, ...
Loop
objFile.Close

I suggest you to have a look at vbscript documentation (e.g.:
http://msdn2.microsoft.com/en-us/library/314cz14s.aspx) and (portable)
script center (e.g.:
http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true)

2) Now the tricky part. You have to bind to every user and change its UPN
suffix.
In order to bind to an object in Active Directory, you need to use its
distinguishedName (dn).
This is what you do here: Set objUser =
GetObject("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")
So in order to get its dn from the NT Name or the user principal name, you
will have to use NameTranslate
I suggest you to have a look at the explanation of Richard Mueller (MVP):
http://www.rlmueller.net/NameTranslateFAQ.htm

3) Once you have bind to the correct user account, you can then paste the
script sample you provided

Hope it helps!
Best Regards,
Anthony Houssa


"Angela" <Angela@discussions.microsoft.com> wrote in message
news:48284A92-3E26-4AA0-B8D1-7802C55E2F97@microsoft.com...
> I have a text file called C:\Temp\USERS.TXT (which the format can be
> changed
> if needed), that has the following (UserLogonName, UPN format):
>
> User1, @mydomain.com
> User2, @mydomain.com
> User3, @mydomain.com
> User4, @mydomain.com
> User5, @mydomain.com
> User6, @mydomain.com
>
> I want to be able to change the UPN listing (in some cases it's not
> present
> at all for users) that appears next to the "User logon name" on the
> Account
> properties for those users in a script. I can edit a script to change this
> for a user but in this case I want to be able to read in the information
> from
> a file, can this be done editing this script? Or do I have to do it
> manually?
>
>
> Set objUser = GetObject _
> ("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")
>
> objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
> objUser.Put "sAMAccountName", "MyerKen01"
> objUser.Put "userWorkstations","wks1,wks2,wks3"
> objUser.SetInfo
>
Top

Re: Editing users UPN via script by James

James
Mon Mar 10 18:10:57 CDT 2008

"Angela" <Angela@discussions.microsoft.com> wrote in message
news:48284A92-3E26-4AA0-B8D1-7802C55E2F97@microsoft.com...
>I have a text file called C:\Temp\USERS.TXT (which the format can be
>changed
> if needed), that has the following (UserLogonName, UPN format):
>
> User1, @mydomain.com
> User2, @mydomain.com
> User3, @mydomain.com
> User4, @mydomain.com
> User5, @mydomain.com
> User6, @mydomain.com
>
> I want to be able to change the UPN listing (in some cases it's not
> present
> at all for users) that appears next to the "User logon name" on the
> Account
> properties for those users in a script. I can edit a script to change this
> for a user but in this case I want to be able to read in the information
> from
> a file, can this be done editing this script? Or do I have to do it
> manually?
>
>
> Set objUser = GetObject _
> ("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")
>
> objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
> objUser.Put "sAMAccountName", "MyerKen01"
> objUser.Put "userWorkstations","wks1,wks2,wks3"
> objUser.SetInfo

Angela, see sample code below. It is untested, so you will want to try it
with only a couple of users in your text file first. I commented out the
line to write the 'samAccountName'. Are you rewriting this for a reason? I
am assuming in the above that 'User1', 'User2', etc are samAccountNames, but
the sample code you posted is searching on the common name (cn). Please
advise if my assumption is incorrect.

'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Option Explicit

'Dimension variables for objects and data
Dim oFSO, oADOcon, oRS, oFile, oUser
Dim aLine, sSamAccountName, sUserPrincipalName, sDomain

'Create ADO and file system objects
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oADOcon = CreateObject("ADODB.Connection")
Set oRS = CreateObject("ADODB.RecordSet")

'Connected to Active Directory
oADOcon.Open "Provider=ADsDSOObject"
oRS.ActiveConnection = oADOcon

'Open the 'users' text file for reading
Set oFile = oFSO.OpenTextFile("C:\Temp\USERS.TXT", 1)

'Get the current domain Distinguished Name
sDomain = "<LDAP://" & GetObject("LDAP://RootDSE"). _
Get("DefaultNamingContext") & ">;"

'Walk the 'users' text file
Do Until oFile.AtEndOfStream
If oRS.State Then oRS.Close
aLine = Split(oFile.ReadLine, ",")
If UBound(aLine) = 1 Then
sSamAccountName = Trim(aLine(0))
sUserPrincipalName = sSamAccountName & Trim(aLine(1))
'Find the user's account in Active Directory
oRS.Open sDomain & "(&(samAccountName=" & sSamAccountName & _
")(objectClass=user));adsPath"
If oRS.RecordCount = 1 Then
'Bind to the individual object, update & save it
Set oUser = GetObject(oRS.Fields("adsPath"))
oUser.userPrincipalName = sUserPrincipalName
'oUser.userPrincipalName = sSamAccountName
oUser.userWorkstations = "wks1,wks2,wks3"
oUser.SetInfo
End If
End If
Loop
oFile.Close
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Top

Re: Editing users UPN via script by Richard

Richard
Mon Mar 10 21:19:13 CDT 2008

Angela wrote:

>I have a text file called C:\Temp\USERS.TXT (which the format can be
>changed
> if needed), that has the following (UserLogonName, UPN format):
>
> User1, @mydomain.com
> User2, @mydomain.com
> User3, @mydomain.com
> User4, @mydomain.com
> User5, @mydomain.com
> User6, @mydomain.com
>
> I want to be able to change the UPN listing (in some cases it's not
> present
> at all for users) that appears next to the "User logon name" on the
> Account
> properties for those users in a script. I can edit a script to change this
> for a user but in this case I want to be able to read in the information
> from
> a file, can this be done editing this script? Or do I have to do it
> manually?
>
>
> Set objUser = GetObject _
> ("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")
>
> objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
> objUser.Put "sAMAccountName", "MyerKen01"
> objUser.Put "userWorkstations","wks1,wks2,wks3"
> objUser.SetInfo

Your text file has two values per line, delimited with a comma. If the first
value is the NT name of the user (the "pre-Windows 2000 logon name"), you
can use the NameTranslate object to convert to the Distinguished Name (as
indicated by Anthony Houssa). However, if the first value is the "User logon
name" shown on the "Profile" tab of the user properties dialog in ADUC, then
we have a problem. This attribute is not required to have a value, and you
indicate that some of your users do not have a value assigned. This is the
value of the userPrincipalName attribute of the user object. The
NameTranslate object can convert the userPrincipalName to the Distinguished
Name, but only if there is a value, and the value uniquely identifies the
object in AD.

If the first value in your text file is the "Common Name" of the user, this
is the value of the cn attribute. This does not uniquely identify the user
in AD. The Common Name must be unique in the container or OU, but there can
be several users in the domain with same Common Name. If you know that the
values of the cn attribute are unique, and you know that all users are in
the same container or OU, you can use code similar to your example. However,
note in your example that you assume the user is in the root of the domain,
not in any container or OU. Is this really true?

We need to know if the first value on each line of the file is the:

1. NT name of the user, also called the "pre-Windows 2000 logon name" (on
the "Profile" tab of ADUC), which is the value of the sAMAccountName
attribute.
2. The Common Name of the user, which is the value of the cn attribute.
3. The "User logon name" on the "Profile" tab of ADUC, which is the value of
the userPrincipalName (with the @mydomain.com appended).

If the value is 2 (Common Name), we need to either know where in AD all the
objects reside (perhaps in the "cn=Users" container), or we need to know
that the values uniquely identify the users, so we can use ADO to search AD
for the users. If the value is 2 (userPrincipalName), we can only modify
users that don't need modification because they already have the correct
value assigned. We need some way to identify (find) the user in Active
Directory.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


Top

Re: Editing users UPN via script by Angela

Angela
Mon Mar 10 21:56:01 CDT 2008

Thanks to all; the fuzzy image in my sight is gradually getting focused...
It's on the "Account" tab, "User login name" field, and yes all the objects
reside in the "cn=Users" container. Does that help you to help me?

"Richard Mueller [MVP]" wrote:

> Angela wrote:
>
> >I have a text file called C:\Temp\USERS.TXT (which the format can be
> >changed
> > if needed), that has the following (UserLogonName, UPN format):
> >
> > User1, @mydomain.com
> > User2, @mydomain.com
> > User3, @mydomain.com
> > User4, @mydomain.com
> > User5, @mydomain.com
> > User6, @mydomain.com
> >
> > I want to be able to change the UPN listing (in some cases it's not
> > present
> > at all for users) that appears next to the "User logon name" on the
> > Account
> > properties for those users in a script. I can edit a script to change this
> > for a user but in this case I want to be able to read in the information
> > from
> > a file, can this be done editing this script? Or do I have to do it
> > manually?
> >
> >
> > Set objUser = GetObject _
> > ("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")
> >
> > objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
> > objUser.Put "sAMAccountName", "MyerKen01"
> > objUser.Put "userWorkstations","wks1,wks2,wks3"
> > objUser.SetInfo
>
> Your text file has two values per line, delimited with a comma. If the first
> value is the NT name of the user (the "pre-Windows 2000 logon name"), you
> can use the NameTranslate object to convert to the Distinguished Name (as
> indicated by Anthony Houssa). However, if the first value is the "User logon
> name" shown on the "Profile" tab of the user properties dialog in ADUC, then
> we have a problem. This attribute is not required to have a value, and you
> indicate that some of your users do not have a value assigned. This is the
> value of the userPrincipalName attribute of the user object. The
> NameTranslate object can convert the userPrincipalName to the Distinguished
> Name, but only if there is a value, and the value uniquely identifies the
> object in AD.
>
> If the first value in your text file is the "Common Name" of the user, this
> is the value of the cn attribute. This does not uniquely identify the user
> in AD. The Common Name must be unique in the container or OU, but there can
> be several users in the domain with same Common Name. If you know that the
> values of the cn attribute are unique, and you know that all users are in
> the same container or OU, you can use code similar to your example. However,
> note in your example that you assume the user is in the root of the domain,
> not in any container or OU. Is this really true?
>
> We need to know if the first value on each line of the file is the:
>
> 1. NT name of the user, also called the "pre-Windows 2000 logon name" (on
> the "Profile" tab of ADUC), which is the value of the sAMAccountName
> attribute.
> 2. The Common Name of the user, which is the value of the cn attribute.
> 3. The "User logon name" on the "Profile" tab of ADUC, which is the value of
> the userPrincipalName (with the @mydomain.com appended).
>
> If the value is 2 (Common Name), we need to either know where in AD all the
> objects reside (perhaps in the "cn=Users" container), or we need to know
> that the values uniquely identify the users, so we can use ADO to search AD
> for the users. If the value is 2 (userPrincipalName), we can only modify
> users that don't need modification because they already have the correct
> value assigned. We need some way to identify (find) the user in Active
> Directory.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>
Top

Re: Editing users UPN via script by Wiseman82

Wiseman82
Wed Mar 12 03:34:25 CDT 2008

I wrote a generic script to update user attributes from a CSV file:

http://www.wisesoft.co.uk/Scripts/display_script.aspx?id=178

Let me know if you need any additional information on how to configure the
script.

Hope this helps,

David

"Angela" <Angela@discussions.microsoft.com> wrote in message
news:162C6A16-37C1-4507-9B99-EE6C3D87FD20@microsoft.com...
> Thanks to all; the fuzzy image in my sight is gradually getting focused...
> It's on the "Account" tab, "User login name" field, and yes all the
> objects
> reside in the "cn=Users" container. Does that help you to help me?
>
> "Richard Mueller [MVP]" wrote:
>
>> Angela wrote:
>>
>> >I have a text file called C:\Temp\USERS.TXT (which the format can be
>> >changed
>> > if needed), that has the following (UserLogonName, UPN format):
>> >
>> > User1, @mydomain.com
>> > User2, @mydomain.com
>> > User3, @mydomain.com
>> > User4, @mydomain.com
>> > User5, @mydomain.com
>> > User6, @mydomain.com
>> >
>> > I want to be able to change the UPN listing (in some cases it's not
>> > present
>> > at all for users) that appears next to the "User logon name" on the
>> > Account
>> > properties for those users in a script. I can edit a script to change
>> > this
>> > for a user but in this case I want to be able to read in the
>> > information
>> > from
>> > a file, can this be done editing this script? Or do I have to do it
>> > manually?
>> >
>> >
>> > Set objUser = GetObject _
>> > ("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com")
>> >
>> > objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
>> > objUser.Put "sAMAccountName", "MyerKen01"
>> > objUser.Put "userWorkstations","wks1,wks2,wks3"
>> > objUser.SetInfo
>>
>> Your text file has two values per line, delimited with a comma. If the
>> first
>> value is the NT name of the user (the "pre-Windows 2000 logon name"), you
>> can use the NameTranslate object to convert to the Distinguished Name (as
>> indicated by Anthony Houssa). However, if the first value is the "User
>> logon
>> name" shown on the "Profile" tab of the user properties dialog in ADUC,
>> then
>> we have a problem. This attribute is not required to have a value, and
>> you
>> indicate that some of your users do not have a value assigned. This is
>> the
>> value of the userPrincipalName attribute of the user object. The
>> NameTranslate object can convert the userPrincipalName to the
>> Distinguished
>> Name, but only if there is a value, and the value uniquely identifies the
>> object in AD.
>>
>> If the first value in your text file is the "Common Name" of the user,
>> this
>> is the value of the cn attribute. This does not uniquely identify the
>> user
>> in AD. The Common Name must be unique in the container or OU, but there
>> can
>> be several users in the domain with same Common Name. If you know that
>> the
>> values of the cn attribute are unique, and you know that all users are in
>> the same container or OU, you can use code similar to your example.
>> However,
>> note in your example that you assume the user is in the root of the
>> domain,
>> not in any container or OU. Is this really true?
>>
>> We need to know if the first value on each line of the file is the:
>>
>> 1. NT name of the user, also called the "pre-Windows 2000 logon name" (on
>> the "Profile" tab of ADUC), which is the value of the sAMAccountName
>> attribute.
>> 2. The Common Name of the user, which is the value of the cn attribute.
>> 3. The "User logon name" on the "Profile" tab of ADUC, which is the value
>> of
>> the userPrincipalName (with the @mydomain.com appended).
>>
>> If the value is 2 (Common Name), we need to either know where in AD all
>> the
>> objects reside (perhaps in the "cn=Users" container), or we need to know
>> that the values uniquely identify the users, so we can use ADO to search
>> AD
>> for the users. If the value is 2 (userPrincipalName), we can only modify
>> users that don't need modification because they already have the correct
>> value assigned. We need some way to identify (find) the user in Active
>> Directory.
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>
>>

Top