Richard
Mon Sep 03 09:58:58 PDT 2007
"Unhappy MacbbokOwner" <noob@invalid.not> wrote in message
news:fbh8bb$g3l$1@news.net.uni-c.dk...
> Hi -
>
> I have made a user-creation script (by taking bits and pieces from various
> sources, which works nicely, except for one thing - this code creates the
> homefolders nicely, but doesn't apply the right security settings:
>
> objFSO.CreateFolder "\\SERVER\data$\" & strUserName
>
> strFolder = "\\SERVER\data$\" & strUserName
>
> strXcacls = "Xcacls " & strFolder & " /C /P system:f ""Domain Admins"":f
> " & strUserName & ":M /Y"
>
> WshShell.Run strXcacls, 0
>
>
> It doesn't give any errormessages when run. Can anybody see what I have
> missed?
>
> Additionally, I forgot to assign logon-script to some of the groups of
> accounts I created - anybody know of a way to assign a logon-script for
> accounts that doesn't have one?
>
> Kind regards
In addition, I have an example VBScript program that assigns values to the
userProfile attribute for users in bulk from the information in a
spreadsheet. The program is linked here:
http://www.rlmueller.net/UpdateUserProfile2.htm
This example can be easily modified to update any single-valued string
attribute of user objects, like the scriptPath attribute (which is the
attribute that corresponds to the logon script field on the "Profile" tab of
user properties in ADUC). Just replace all instances of "profilePath" in the
program with "scriptPath". The input spreadsheet should have user NT names
(sAMAccountNames) in the first column and logon script in the second column.
If instead you are assigning the same value for everyone for scriptPath, and
you want to search AD for all accounts that do not have a value assigned to
scriptPath, you could use ADO to retrieve the Distinguished Names of all
such users. See this link for details on using ADO in a VBScript program:
http://www.rlmueller.net/ADOSearchTips.htm
In this case, using the syntax from this link, your filter to retrieve users
would be:
strFilter = "(&(objectCategory=person)(objectClass=user)(!scriptPath=*))"
The "!" is the NOT operator, "&" is the AND operator, and "*" is a wild
card. This returns all users with no value assigned to scriptPath. Since ADO
cannot be used to modify objects in AD, you would retrieve Distinguished
Name for all such users so you can bind to each object and assign the
hardcoded value for scriptPath. You would use:
strAttributes = "distinguishedName"
then in the loop where you enumerate the recordset, you would bind to each
user and assign the scriptPath:
===============
strScript = "MyLogon.vbs"
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
' Bind to the user object.
Set objUser = GetObject("LDAP://" & strDN)
' Assign logon script.
objUser.scriptPath = strScript
' Save changes.
objUser.SetInfo
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -
http://www.rlmueller.net
--