Running a script against an OU

TheMSsForum.com: The Microsoft Software Forum

In the following script, what do I have to put in place of "atl-ws-01" to
run the script against an OU called lab1? Can I use the distinguished name?
Or would it be easier to run it with a GPO?

strComputer = "atl-ws-01"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")
objUser.SetPassword "09iuy%4e"
objUser.SetInfo
Top

Re: Running a script against an OU by Richard

Richard
Thu Oct 12 22:09:23 CDT 2006

ComputerTeacher wrote:

> In the following script, what do I have to put in place of "atl-ws-01" to
> run the script against an OU called lab1? Can I use the distinguished
> name? Or would it be easier to run it with a GPO?
>
> strComputer = "atl-ws-01"
> Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")
> objUser.SetPassword "09iuy%4e"
> objUser.SetInfo

I assume you want to set the password for the local Administrator account on
all computers in an OU. This can be done using a Startup script in a GPO,
but it would run every time the machines start. There might be other ways as
well, but it can be done in bulk in one script. The trick is that you must
use the WinNT provider to bind to the computer to access local accounts (the
local SAM account database is not LDAP compliant). However, the WinNT
provider is blind to OU's, so you must use the LDAP provider to bind to the
OU. Also, you have to use the NT name of the computer, called the NetBIOS
name, with the WinNT provider. The trick here is to know that the
sAMAccountName attribute of the computer object exposed by the LDAP provider
is the NetBIOS name with "$" appended on the end. I would try something
similar to:
===========
' Bind to the OU with the Distinguished Name.
Set objOU = CreateObject("LDAP://ou=lab1,dc=MyDomain,dc=com")

' Filter on computer objects.
objOU.Filter = Array("computer")

' Enumerate the computer objects.
For Each objComputer In objOU
' Retrieve the NetBIOS name so we can bind with the WinNT provider.
' The NetBIOS name is the sAMAccountName with the trailing "$" removed.
strNTName = objComputer.sAMAccountName
' Remove the trailing "$".
strNTName = Left(strNTName, Len(strNTName) - 1)
' Bind to the local Administrator user on the computer.
Set objAdmin = GetObject("WinNT://" & strNTName & "/Administrator,user")
' Set the password.
objAdmin.SetPassword "09iuy%4e"
Next
===========
The SetPassword method is immediate, so you should not need to invoke the
SetInfo method.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net


Top

Re: Running a script against an OU by ComputerTeacher

ComputerTeacher
Thu Oct 12 22:17:25 CDT 2006

Thanks Richard. Once again you've been very helpful.
Our actual OU path inclues a space character (i.e. "LDAP://OU=Computer
Accounts,OU=lab1,dc=MyDomain,dc=Com")
Do I need to place a forward slash between Computer and Accounts?
Thanks,
Jeremy


"Richard Mueller" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in message
news:eRMR9Tn7GHA.4996@TK2MSFTNGP04.phx.gbl...
> ComputerTeacher wrote:
>
>> In the following script, what do I have to put in place of "atl-ws-01" to
>> run the script against an OU called lab1? Can I use the distinguished
>> name? Or would it be easier to run it with a GPO?
>>
>> strComputer = "atl-ws-01"
>> Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,
>> user")
>> objUser.SetPassword "09iuy%4e"
>> objUser.SetInfo
>
> I assume you want to set the password for the local Administrator account
> on all computers in an OU. This can be done using a Startup script in a
> GPO, but it would run every time the machines start. There might be other
> ways as well, but it can be done in bulk in one script. The trick is that
> you must use the WinNT provider to bind to the computer to access local
> accounts (the local SAM account database is not LDAP compliant). However,
> the WinNT provider is blind to OU's, so you must use the LDAP provider to
> bind to the OU. Also, you have to use the NT name of the computer, called
> the NetBIOS name, with the WinNT provider. The trick here is to know that
> the sAMAccountName attribute of the computer object exposed by the LDAP
> provider is the NetBIOS name with "$" appended on the end. I would try
> something similar to:
> ===========
> ' Bind to the OU with the Distinguished Name.
> Set objOU = CreateObject("LDAP://ou=lab1,dc=MyDomain,dc=com")
>
> ' Filter on computer objects.
> objOU.Filter = Array("computer")
>
> ' Enumerate the computer objects.
> For Each objComputer In objOU
> ' Retrieve the NetBIOS name so we can bind with the WinNT provider.
> ' The NetBIOS name is the sAMAccountName with the trailing "$" removed.
> strNTName = objComputer.sAMAccountName
> ' Remove the trailing "$".
> strNTName = Left(strNTName, Len(strNTName) - 1)
> ' Bind to the local Administrator user on the computer.
> Set objAdmin = GetObject("WinNT://" & strNTName &
> "/Administrator,user")
> ' Set the password.
> objAdmin.SetPassword "09iuy%4e"
> Next
> ===========
> The SetPassword method is immediate, so you should not need to invoke the
> SetInfo method.
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
>


Top

Re: Running a script against an OU by Richard

Richard
Thu Oct 12 23:17:35 CDT 2006

No, spaces don't need to be escaped. Commas, backslashes, and forward
slashes do.

Richard

"ComputerTeacher" <computerteacher-nospame@takemail.com> wrote in message
news:9zDXg.134051$R63.130332@pd7urf1no...
> Thanks Richard. Once again you've been very helpful.
> Our actual OU path inclues a space character (i.e. "LDAP://OU=Computer
> Accounts,OU=lab1,dc=MyDomain,dc=Com")
> Do I need to place a forward slash between Computer and Accounts?
> Thanks,
> Jeremy
>
>
> "Richard Mueller" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in message
> news:eRMR9Tn7GHA.4996@TK2MSFTNGP04.phx.gbl...
>> ComputerTeacher wrote:
>>
>>> In the following script, what do I have to put in place of "atl-ws-01"
>>> to run the script against an OU called lab1? Can I use the
>>> distinguished name? Or would it be easier to run it with a GPO?
>>>
>>> strComputer = "atl-ws-01"
>>> Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,
>>> user")
>>> objUser.SetPassword "09iuy%4e"
>>> objUser.SetInfo
>>
>> I assume you want to set the password for the local Administrator account
>> on all computers in an OU. This can be done using a Startup script in a
>> GPO, but it would run every time the machines start. There might be other
>> ways as well, but it can be done in bulk in one script. The trick is that
>> you must use the WinNT provider to bind to the computer to access local
>> accounts (the local SAM account database is not LDAP compliant). However,
>> the WinNT provider is blind to OU's, so you must use the LDAP provider to
>> bind to the OU. Also, you have to use the NT name of the computer, called
>> the NetBIOS name, with the WinNT provider. The trick here is to know that
>> the sAMAccountName attribute of the computer object exposed by the LDAP
>> provider is the NetBIOS name with "$" appended on the end. I would try
>> something similar to:
>> ===========
>> ' Bind to the OU with the Distinguished Name.
>> Set objOU = CreateObject("LDAP://ou=lab1,dc=MyDomain,dc=com")
>>
>> ' Filter on computer objects.
>> objOU.Filter = Array("computer")
>>
>> ' Enumerate the computer objects.
>> For Each objComputer In objOU
>> ' Retrieve the NetBIOS name so we can bind with the WinNT provider.
>> ' The NetBIOS name is the sAMAccountName with the trailing "$"
>> removed.
>> strNTName = objComputer.sAMAccountName
>> ' Remove the trailing "$".
>> strNTName = Left(strNTName, Len(strNTName) - 1)
>> ' Bind to the local Administrator user on the computer.
>> Set objAdmin = GetObject("WinNT://" & strNTName &
>> "/Administrator,user")
>> ' Set the password.
>> objAdmin.SetPassword "09iuy%4e"
>> Next
>> ===========
>> The SetPassword method is immediate, so you should not need to invoke the
>> SetInfo method.
>>
>> --
>> Richard
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>>
>
>


Top

Re: Running a script against an OU by ComputerTeacher

ComputerTeacher
Fri Oct 13 00:05:06 CDT 2006

Thanks again Richard. I actually found an hta called runomatic.hta at
http://groups.msn.com/windowsscript/runomatic.msnw
This hta basically does all the work for me. So now I have a choice of
using your method or this hta.
Jeremy


"Richard Mueller" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in message
news:%23JBPE6n7GHA.4568@TK2MSFTNGP02.phx.gbl...
> No, spaces don't need to be escaped. Commas, backslashes, and forward
> slashes do.
>
> Richard
>
> "ComputerTeacher" <computerteacher-nospame@takemail.com> wrote in message
> news:9zDXg.134051$R63.130332@pd7urf1no...
>> Thanks Richard. Once again you've been very helpful.
>> Our actual OU path inclues a space character (i.e. "LDAP://OU=Computer
>> Accounts,OU=lab1,dc=MyDomain,dc=Com")
>> Do I need to place a forward slash between Computer and Accounts?
>> Thanks,
>> Jeremy
>>
>>
>> "Richard Mueller" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in
>> message news:eRMR9Tn7GHA.4996@TK2MSFTNGP04.phx.gbl...
>>> ComputerTeacher wrote:
>>>
>>>> In the following script, what do I have to put in place of "atl-ws-01"
>>>> to run the script against an OU called lab1? Can I use the
>>>> distinguished name? Or would it be easier to run it with a GPO?
>>>>
>>>> strComputer = "atl-ws-01"
>>>> Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,
>>>> user")
>>>> objUser.SetPassword "09iuy%4e"
>>>> objUser.SetInfo
>>>
>>> I assume you want to set the password for the local Administrator
>>> account on all computers in an OU. This can be done using a Startup
>>> script in a GPO, but it would run every time the machines start. There
>>> might be other ways as well, but it can be done in bulk in one script.
>>> The trick is that you must use the WinNT provider to bind to the
>>> computer to access local accounts (the local SAM account database is not
>>> LDAP compliant). However, the WinNT provider is blind to OU's, so you
>>> must use the LDAP provider to bind to the OU. Also, you have to use the
>>> NT name of the computer, called the NetBIOS name, with the WinNT
>>> provider. The trick here is to know that the sAMAccountName attribute of
>>> the computer object exposed by the LDAP provider is the NetBIOS name
>>> with "$" appended on the end. I would try something similar to:
>>> ===========
>>> ' Bind to the OU with the Distinguished Name.
>>> Set objOU = CreateObject("LDAP://ou=lab1,dc=MyDomain,dc=com")
>>>
>>> ' Filter on computer objects.
>>> objOU.Filter = Array("computer")
>>>
>>> ' Enumerate the computer objects.
>>> For Each objComputer In objOU
>>> ' Retrieve the NetBIOS name so we can bind with the WinNT provider.
>>> ' The NetBIOS name is the sAMAccountName with the trailing "$"
>>> removed.
>>> strNTName = objComputer.sAMAccountName
>>> ' Remove the trailing "$".
>>> strNTName = Left(strNTName, Len(strNTName) - 1)
>>> ' Bind to the local Administrator user on the computer.
>>> Set objAdmin = GetObject("WinNT://" & strNTName &
>>> "/Administrator,user")
>>> ' Set the password.
>>> objAdmin.SetPassword "09iuy%4e"
>>> Next
>>> ===========
>>> The SetPassword method is immediate, so you should not need to invoke
>>> the SetInfo method.
>>>
>>> --
>>> Richard
>>> Microsoft MVP Scripting and ADSI
>>> Hilltop Lab - http://www.rlmueller.net
>>>
>>
>>
>
>


Top