Active Directory Cheat Sheet
This page contains my Active Directory Cheat Sheet. A list of collected one liners and vb scripts. Enjoy and feel free to add some yourself via comments!
Active Directory One Liners
This isn’t so much a script as an awesome way to reset an active directory user’s password.
How to Reset Active Directory User’s Password from Command Line
In this case you would need to be on the domain controller to run this:
|
1 |
DSQUERY USER -samid enter_username_here | dsmod user -pwd enter_new_pw_here -mustchpwd no |
Remotely Reset Active Directory User’s password from command line
Requirements
- You must have admin rights to domain controller
- psexec
|
1 |
psexec domain_controller_ip DSQUERY USER -samid enter_username_here | dsmod user -pwd enter_new_pw_here -mustchpwd no enter_new_pw_here |
Return the distinguished name for all users in an active directory domain
To return the distinguished name for all users in an active directory domain create a new file called getdn.bat
Content:
|
1 2 3 |
del c:\activeUsers.txt DSQUERY.exe * -limit 0 -filter "(&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=2))" >"c:\activeUsers.txt" C:\WINDOWS\NOTEPAD.EXE c:\activeUsers.txt |
List all users in security group
|
1 |
dsquery group -name "" | dsget group -members -expand | dsget user -fn -ln -disabled |
Export all usernames and email addresses
|
1 2 |
dsquery.exe * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)(mail=*))" -attr sAMAccountName name mail >"c:\PrimaryEmailAddresses.txt" notepad "c:\PrimaryEmailAddresses.txt" |
sync time domain controller
|
1 |
w32tm /resync |
FSMO Roles
|
1 2 3 4 |
netdom query fsmo netdom query trust netdom query dc ntdsutilroles Connections "Connect to server %logonserver%" Quit "selectOperation Target" "List roles for conn server" Quit Quit Quit |
Global Catalog
|
1 |
dsquery server -isgc |
Domain Controllers
|
1 2 |
netdom query dc Nltest /dclist:%userdnsdomain% |
Domain Controller IP Configuration
|
1 |
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do psexec \\%i ipconfig /all |
Stale computer accounts
|
1 |
dsquery computer domainroot -stalepwd 180 -limit 0 |
Stale user accounts
|
1 |
dsquery user domainroot -stalepwd 180 -limit 0 |
Disabled user accounts
|
1 |
dsquery user domainroot -disabled -limit 0 |
AD Database disk usage
|
1 |
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dir \\%i\admin$\ntds |
Global Catalog Servers from DNS
|
1 |
dnscmd %logonserver% /enumrecords %userdnsdomain% _tcp | find /i "3268" |
Global Catalog Servers from AD
|
1 |
dsquery * "CN=Configuration,DC=forestRootDomain" -filter "(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))" |
Users with no logon script
|
1 |
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(!scriptPath=*))"-limit 0 -attr sAMAccountName sn givenName pwdLastSet distinguishedName |
User accounts with no pwd required
|
1 |
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))" |
User accounts with no pwd expiry
|
1 |
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))" |
User accounts that are disabled
|
1 |
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2))" |
DNS Information
|
1 |
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dnscmd %i /info |
DNS Zone Detailed information
|
1 |
dnscmd /zoneinfo %userdnsdomain% |
Garbage Collection and tombstone
|
1 |
dsquery * "cn=Directory Service,cn=WindowsNT,cn=Services,cn=Configuration,DC=forestRootDomain" -attrgarbageCollPeriod tombstoneLifetime |
Netsh authorised DHCP Servers
|
1 |
netsh dhcp show server |
DSQuery authorised DHCP Servers
|
1 |
Dsquery * "cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain" -attr dhcpServers |
DHCP server information
|
1 |
netsh dhcp server \\DHCP_SERVER show all |
DHCP server dump
|
1 |
netsh dhcp server \\DHCP_SERVER dump |
WINS serer information
|
1 |
Netsh wins server \\WINS_SERVER dump |
Group Policy Verification Tool
|
1 |
gpotool.exe /checkacl /verbose |
AD OU membership
|
1 |
dsquery computer -limit 0 |
AD OU membership
|
1 |
dsquery user -limit 0 |
List Service Principal Names
|
1 |
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do setspn -L %i |
Compare DC Replica Object Count
|
1 |
dsastat ?s:DC1;DC2;… ?b:Domain ?gcattrs:objectclass ?p:999 |
Check AD ACLs
|
1 |
acldiag dc=domainTree |
NTFRS Replica Sets
|
1 |
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl sets %i |
NTFRS DS View
|
1 |
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl ds %i |
Domain Controllers per site
|
1 |
Dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -filter (objectCategory=Server) |
DNS Zones in AD
|
1 |
for /f %i in (‘dsquery server -o rdn’) do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone) |
Enumerate DNS Server Zones
|
1 |
for /f %i in (‘dsquery server -o rdn’) do dnscmd %i /enumzones |
Subnet information
|
1 |
Dsquery subnet ?limit 0 |
List Organisational Units
|
1 |
Dsquery OU |
ACL on all OUs
|
1 |
For /f "delims=|" %i in (‘dsquery OU’) do acldiag %i |
Domain Trusts
|
1 |
nltest /domain_trusts /v |
Print DNS Zones
|
1 |
dnscmd DNSServer /zoneprint DNSZone |
Active DHCP leases
|
1 |
For /f %i in (DHCPServers.txt) do for /f "delims=- " %j in (‘"netshdhcp server \\%i show scope | find /i "active""’) do netsh dhcp server\\%i scope %j show clientsv5 |
DHCP Server Active Scope Info
|
1 |
For /f %i in (DHCPServers.txt) do netsh dhcp server \\%i show scope | find /i "active" |
Resolve DHCP clients hostnames
|
1 |
for /f "tokens=1,2,3 delims=," %i in (Output from ‘Find Subnets fromDHCP clients’) do @for /f "tokens=2 delims=: " %m in (‘"nslookup %j |find /i "Name:""’) do echo %m,%j,%k,%i |
Find two online PCs per subnet
|
1 |
Echo. > TwoClientsPerSubnet.txt & for /f "tokens=1,2,3,4delims=, " %i in (‘"find /i "pc" ‘Output from Resolve DHCP clientshostnames’"’) do for /f "tokens=3 skip=1 delims=: " %m in (‘"Find /i /c"%l" TwoClientsPerSubnet.txt"’) do If %m LEQ 1 for /f %p in (‘"ping -n1 %i | find /i /c "(0% loss""’) do If %p==1 Echo %i,%j,%k,%l |
AD Subnet and Site Information
|
1 |
dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn siteObject description location |
AD Site Information
|
1 |
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn description location -filter (objectClass=site) |
Printer Queue Objects in AD
|
1 |
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0 |
Group Membership with user details
|
1 |
dsget group "groupDN" -members | dsget user -samid -fn -mi -ln -display -empid -desc -office -tel -email -title -dept -mgr |
Total DHCP Scopes
|
1 |
find /i "subnet" "Output from DHCP server information" | find /i "subnet" |
Site Links and Cost
|
1 |
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn costdescription replInterval siteList -filter (objectClass=siteLink) |
Time gpresult
|
1 |
timethis gpresult /v |
Check time against Domain
|
1 |
w32tm /monitor /computers:ForestRootPDC |
Domain Controller Diagnostics
|
1 |
dcdiag /s:%logonserver% /v /e /c |
Domain Replication Bridgeheads
|
1 |
repadmin /bridgeheads |
Replication Failures from KCC
|
1 |
repadmin /failcache |
Inter-site Topology servers per site
|
1 |
Repadmin /istg * /verbose |
Replication latency
|
1 |
repadmin /latency /verbose |
Queued replication requests
|
1 |
repadmin /queue * |
Show connections for a DC
|
1 |
repadmin /showconn * |
Replication summary
|
1 |
Repadmin /replsummary |
Show replication partners
|
1 |
repadmin /showrepl * /all |
All DCs in the forest
|
1 |
repadmin /viewlist * |
ISTG from AD attributes
|
1 |
dsquery * "CN=NTDS Site Settings,CN=siteName,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr interSiteTopologyGenerator |
Return the object if KCC Intra/Inter site is disabled for each site
|
1 |
Dsquery site | dsquery * -attr * -filter "(|(Options:1.2.840.113556.1.4.803:=1)(Options:1.2.840.113556.1.4.803:=16))" |
Find all connection objects
|
1 |
dsquery * forestRoot -filter (objectCategory=nTDSConnection) ?attr distinguishedName fromServer whenCreated displayName |
Find all connection schedules
|
1 |
adfind -b "cn=Configuration,dc=qraps,dc=com,dc=au" -f "objectcategory=ntdsConnection" cn Schedule -csv |
Software Information for each server
|
1 |
for /f %i in (Output from ‘Domain Controllers’) do psinfo \\%i &filever \\%i\admin$\explorer.exe \\%i\admin$\system32\vbscript.dll\\%i\admin$\system32\kernel32.dll \\%i\admin$\system32\wbem\winmgmt.exe\\%i\admin$\system32\oleaut32.dll |
Check Terminal Services Delete Temp on Exit flag
|
1 |
For /f %i in (Output from ‘Domain Controllers’) do Reg query"\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer" /v DeleteTempDirsOnExit |
For each XP workstation, query the current site and what Group Policy info
|
1 |
@dsquery * domainroot -filter"(&(objectCategory=Computer)(operatingSystem=Windows XPProfessional))" -limit 0 -attr cn > Workstations.txt & @For /f%i in (Workstations.txt) do @ping %i -n 1 >NUL & @if ErrorLevel0 If NOT ErrorLevel 1 @Echo %i & for /f "tokens=3" %k in (‘"regquery "\\%i\hklm\software\microsoft\windows\currentversion\grouppolicy\history" /v DCName | Find /i "DCName""’) do @for /f %m in(‘"nltest /server:%i /dsgetsite | find /i /v "completedsuccessfully""’) do @echo %i,%k,%m |
Information on existing GPOs
|
1 |
dsquery * "CN=Policies,CN=System,domainRoot" -filter"(objectCategory=groupPolicyContainer)" -attr displayName cnwhenCreated gPCFileSysPath |
Copy all Group Policy .pol files
|
1 |
for /f "tokens=1-8 delims=\" %i in (‘dir /b /s\\%userdnsdomain%\sysvol\%userdnsdomain%\policies\*.pol’) do @echo copy\\%i\%j\%k\%l\%m\%n\%o %m_%n.pol |
Domain Controller Netlogon entries
|
1 |
for /f %i in (‘dsquery server /o rdn’) do echo %i & reg query\\%i\hklm\system\currentcontrolset\services\netlogon\parameters |
WINS Statistics
|
1 |
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show statistics |
WINS Record counts per server
|
1 |
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show reccount %i |
WINS Server Information
|
1 |
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show info |
WINS Server Dump
|
1 |
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i dump |
WINS Static Records per Server
|
1 |
netsh wins server \\LocalWINSServer show database servers={} rectype=1 |
Find policy display name given the GUID
|
1 |
dsquery * "CN=Policies,CN=System,DC=domainRoot" -filter (objectCategory=groupPolicyContainer) -attr Name displayName |
Find empty groups
|
1 |
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0-attr whenCreated whenChanged groupType sAMAccountNamedistinguishedName memberOf |
Find remote NIC bandwidth
|
1 |
wmic /node:%server% path Win32_PerfRawData_Tcpip_NetworkInterface GET Name,CurrentBandwidth |
Find remote free physical memory
|
1 |
wmic /node:%Computer% path Win32_OperatingSystem GET FreePhysicalMemory |
Find remote system information
|
1 |
SystemInfo /s %Computer% |
Disk statistics, including the number of files on the filesystem
|
1 |
chkdsk /i /c |
Query IIS web sites
|
1 |
iisweb /s %Server% /query "Default Web Site" |
Check port state and connectivity
|
1 |
portqry -n %server% -e %endpoint% -v |
Forest/Domain Functional Levels
|
1 |
ldifde -d cn=partitions,cn=configuration,dc=%domain% -r"(|(systemFlags=3)(systemFlags=-2147483648))" -lmsds-behavior-version,dnsroot,ntmixeddomain,NetBIOSName -p subtree -fcon |
Forest/Domain Functional Levels
|
1 |
dsquery * cn=partitions,cn=configuration,dc=%domain% -filter"(|(systemFlags=3)(systemFlags=-2147483648))" -attrmsDS-Behavior-Version Name dnsroot ntmixeddomain NetBIOSName |
Find the parent of a process
|
1 |
wmic path Win32_Process WHERE Name=’notepad.exe’ GET Name,ParentProcessId |
Lookup SRV records from DNS
|
1 |
nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot} |
Find when the AD was installed
|
1 |
dsquery * cn=configuration,DC=forestRootDomain -attr whencreated -scope base |
Enumerate the trusts from the specified domain
|
1 |
dsquery * "CN=System,DC=domainRoot" -filter "(objectClass=trustedDomain)" -attr trustPartner flatName |
Find a DC for each trusted domain
|
1 |
for /f "skip=1" %i in (‘"dsquery * CN=System,DC=domainRoot -filter(objectClass=trustedDomain) -attr trustPartner"’) do nltest /dsgetdc:%i |
Check the notification packages installed on all DCs
|
1 |
for /f %i in (‘dsquery server /o rdn’) do @for /f "tokens=4" %m in(‘"reg query\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v"Notification Packages" | find /i "Notification""’) do @echo %i,%m |
List ACLs in SDDL format
|
1 |
setacl -on %filepath% -ot file -actn list -lst f:sddl |
Find out if a user account is currently enabled or disabled
|
1 |
dsquery user DC=%userdnsdomain:.=,DC=% -name %username% | dsget user -disabled -dn |
Find servers in the domain
|
1 |
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0 |
Open DS query window
|
1 |
rundll32 dsquery,OpenQueryWindow |
VBScripts to manage Active Directory Users
Export All users from OU
Appending a Multi-Valued Attribute
Appending a Phone Number
Adding a Route to the Dial-In Properties of a User Account
Adding a User to Two Security Groups
Appending Address Page Information for a User Account
Appending a Home Phone Number to a User Account
Assigning a Published Certificate to a User Account
Changing User Account Attributes
Changing a User Password
Clearing Address Page Information for a User Account
Clearing All Published Certificates from a User Account
Clearing Department and Direct Report Information from a User Account
Clearing Telephone Attributes
Clearing Telephone Properties for a User Account
Clearing User Account Address Attributes
Clearing User Account Attributes
Configuring Account Page Information for a User Account
Configuring Address Page Information for a User Account
Configuring COM+ Information for a User Account
Configuring Dial-In Properties for a User Account
Configuring the Expiration Date for a User Account
Configuring Organization Properties for a User Account
Copying a Published Certificate to a User Account
Configuring the UPN Suffixes Defined in the Forest
Configuring User Account Telephone Numbers
Configuring User Profile Properties
Configuring User Profile Properties for a User Account
Configuring User Telephone Properties
Copying Allowed Logon Hours from One Account to Another
Creating 1,000 User Accounts
Creating an Active Directory User Account
Creating a Contact in Active Directory
Creating a User, a Group, and an OU
Deleting a Calling Station ID from a User Account
Deleting One Telephone Number from a User Account
Deleting a Phone Number
Deleting a Post Office Box from a User Account
Deleting Published Certificates from a User Account
Deleting Single- and Multi-Valued Attributes
Deleting a User Account from Active Directory
Determining When an Account Expires
Determining the Owner of a User Account
Determining When a Password Expires
Determining When a Password was Last Set
Determining User Account Status
Determining When a User Account Expires
Determining User Logon Hours
Disabling a Password Flag
Disabling the Smartcard Required Attribute for a User Account
Disabling a User Account
Disabling the User Cannot Change Password Option
Displaying Allowed Logon Hours for a User Account
Displaying Domain Password Attributes
Displaying Password Property Attributes
Displaying User Account Password Attributes
Enabling a User Account
Ensuring that an Account will not Expire
Modifying User Profile Paths
Moving a User Account
Moving a User Account to a New Domain
Preventing a User From Changing His or Her Password
Requiring a Password Change
Requiring a User to Logon on Using a Smartcard
Retrieving Organization Information
Retrieving User Account Account Properties
Retrieving User Profile Properties
Setting an Account Expiration Date
Setting a Password So It Never Expires
Setting the Primary Group for a User
Setting a Users Password
Unlocking an Active Directory User Account
Writing User Account Properties
Export all users from OU
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
Dim ObjWb Dim zz Set objRoot = GetObject("LDAP://RootDSE") strDNC = objRoot.Get("DefaultNamingContext") Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE Set objFSO = CreateObject("Scripting.FileSystemObject") set Fso = objFSO.OpenTextFile("output.txt", 2, True) Fso.WriteLine("SamAccountName,CN,FirstName,LastName,Initials,Descrip,Office,Telephone,Email,WebPage,Addr1,City,State,ZipCode,Title,Department,Company,Manager,Profile,LoginScript,HomeDirectory,HomeDrive,Adspath,LastLogin,Primary SMTP") Call enummembers(objDomain) Sub enumMembers(objDomain) On Error Resume Next For Each objMember In objDomain ' go through the collection If ObjMember.Class = "user" Then ' if not User object, move on. ClassName = objMember.Class SamAccountName = ObjMember.samAccountName Cn = ObjMember.CN FirstName = objMember.GivenName LastName = objMember.sn initials = objMember.initials Descrip = objMember.description Office = objMember.physicalDeliveryOfficeName Telephone = objMember.telephonenumber EmailAddr = objMember.mail WebPage = objMember.wwwHomePage Addr1 = objMember.streetAddress City = objMember.l State = objMember.st ZipCode = objMember.postalCode Title = ObjMember.Title Department = objMember.Department Company = objMember.Company Manager = ObjMember.Manager Profile = objMember.profilePath LoginScript = objMember.scriptpath HomeDirectory = ObjMember.HomeDirectory HomeDrive = ObjMember.homeDrive AdsPath = Objmember.Adspath LastLogin = objMember.LastLogin Fso.WriteLine(ClassName & "," & SamAccountName & "," & CN & "," & FirstName & "," & LastName & "," & Initials & "," & Descrip & "," & Office & "," & Telephone & "," & EmailAddr & "," & WebPage & "," & Addr1 & "," & City & "," & State & "," & ZipCode & "," & Title & "," & Department & "," & Company & "," & Manager & "," & Profile & "," & LoginScript & "," & HomeDirectory & "," & HomeDrive & "," & Adspath & "," & LastLogin & "," & Primary) ' Blank out Variables in case the next object doesn't have a value for the property SamAccountName = "-" Cn = "-" FirstName = "-" LastName = "-" initials = "-" Descrip = "-" Office = "-" Telephone = "-" EmailAddr = "-" WebPage = "-" Addr1 = "-" City = "-" State = "-" ZipCode = "-" Title = "-" Department = "-" Company = "-" Manager = "-" Profile = "-" LoginScript = "-" HomeDirectory = "-" HomeDrive = "-" Primary = "-" For ll = 1 To 20 Secondary(ll) = "" Next End If ' If the AD enumeration runs into an OU object, call the Sub again to itinerate If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then enumMembers (objMember) End If Next End Sub MsgBox "Done" ' show that script is complete |
Appending a Multi-Valued Attribute
Adds an additional URL to a user account. Demonstrates how to append a new value to a multi-valued attribute.
|
1 2 3 4 5 6 7 8 9 |
Const ADS_PROPERTY_APPEND = 3 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_APPEND, _ "url", Array("http://www.fabrikam.com/policy") objUser.SetInfo |
Appending a Phone Number
Appends an additional home phone number for a user.
|
1 2 3 4 5 6 7 8 9 |
Const ADS_PROPERTY_APPEND = 3 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_APPEND, _ "otherHomePhone", Array("(425) 555-1113") objUser.SetInfo |
Adding a Route to the Dial-In Properties of a User Account
Appends a new route to the Dial-In properties of a user account in Active Directory. This operation adds the new route without deleting any existing routes.
|
1 2 3 4 5 6 7 8 9 10 11 |
Const ADS_PROPERTY_APPEND = 3 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_APPEND, _ "msRASSavedFramedRoute", _ Array("128.168.0.0/15 0.0.0.0 5") objUser.PutEx ADS_PROPERTY_APPEND, _ "msRADIUSFramedRoute", _ Array("128.168.0.0/15 0.0.0.0 5") objUser.SetInfo |
Adding a User to Two Security Groups
Adds a user (MyerKen) to two different Active Directory security groups: Atl-Users and NA-Employees.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Const ADS_PROPERTY_APPEND = 3 Set objGroup = GetObject _ ("LDAP://cn=Atl-Users,cn=Users,dc=NA,dc=fabrikam,dc=com") objGroup.PutEx ADS_PROPERTY_APPEND, _ "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objGroup.SetInfo Set objGroup = GetObject _ ("LDAP://cn=NA-Employees,cn=Users,dc=NA,dc=fabrikam,dc=com") objGroup.PutEx ADS_PROPERTY_APPEND, _ "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objGroup.SetInfo |
Appending Address Page Information for a User Account
Appends new entries to the postOfficeBox attribute of an Active Directory user account. This operation adds the new post office boxes without deleting any existing entries.
|
1 2 3 4 5 6 |
Const ADS_PROPERTY_APPEND = 3 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_APPEND, "postOfficeBox", Array("2225","2226") objUser.SetInfo |
Appending a Home Phone Number to a User Account
Appends a new phone number to the otherHomePhone attribute of an Active Directory user account. This operation adds the phone number to the attribute without deleting ant existing phone numbers.
|
1 2 3 4 5 6 |
Const ADS_PROPERTY_APPEND = 3 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_APPEND, "otherHomePhone", Array("(425) 555-0116") objUser.SetInfo |
Assigning a Published Certificate to a User Account
Copies a published certificate from a template account (userTemplate) and assigns it to the MyerKen Active Directory user account. This operation replaces any existing published certificates for the MyerKen account.
|
1 2 3 4 5 6 7 8 9 10 11 |
On Error Resume Next Const ADS_PROPERTY_UPDATE = 2 Set objUserTemplate = _ GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com") arrUserCertificates = objUserTemplate.GetEx("userCertificate") Set objUser = _ GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_UPDATE, "userCertificate", arrUserCertificates objUser.SetInfo |
Changing User Account Attributes
Configures user account attributes found on the General Properties page of the user account object in Active Directory users and Computers.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
Const ADS_PROPERTY_UPDATE = 2 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.Put "givenName", "Ken" objUser.Put "initials", "E." objUser.Put "sn", "Myer" objUser.Put "displayName", "Myer, Ken" objUser.Put "physicalDeliveryOfficeName", "Room 4358" objUser.Put "telephoneNumber", "(425) 555-1211" objUser.Put "wWWHomePage", "http://www.fabrikam.com" objUser.PutEx ADS_PROPERTY_UPDATE, _ "description", Array("Management staff") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherTelephone", Array("(800) 555-1212", "(425) 555-1213") objUser.PutEx ADS_PROPERTY_UPDATE, _ "url", Array("http://www.fabrikam.com/management") objUser.SetInfo |
Changing a User Password
Changes the password for a user. Requires you to know the user’s previous password.
|
1 2 3 |
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.ChangePassword "i5A2sj*!", "jl3R86df" |
Clearing Address Page Information for a User Account
Removes all information for the c (country) and postOfficeBox attributes of the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 |
Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "c", 0 objUser.PutEx ADS_PROPERTY_CLEAR, "postOfficeBox", 0 objUser.SetInfo |
Clearing All Published Certificates from a User Account
Removes all published certificates for the MyerKen Active Directory user account.
|
1 2 3 4 5 |
Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "userCertificate", 0 objUser.SetInfo |
Clearing Department and Direct Report Information from a User Account
Removes all information from the deparment, directReports, and manager attributes of the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
On Error Resume Next Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "department", 0 objUser.SetInfo arrDirectReports = objUser.GetEx("directReports") If err.number = E_ADS_PROPERTY_NOT_FOUND Then WScript.Quit Else For Each strValue in arrDirectReports Set objUserSource = GetObject("LDAP://" & strValue) objUserSource.PutEx ADS_PROPERTY_CLEAR, "manager", 0 objUserSource.SetInfo Next End If |
Clearing Telephone Attributes
Clears selected telephone-related attributes for a user account.
|
1 2 3 4 5 6 7 8 9 |
Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "info", 0 objUser.PutEx ADS_PROPERTY_CLEAR, "otherPager", 0 objUser.SetInfo |
Clearing Telephone Properties for a User Account
Removes all information from the info and otherPager attributes of the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 |
Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "info", 0 objUser.PutEx ADS_PROPERTY_CLEAR, "otherPager", 0 objUser.SetInfo |
Clearing User Account Address Attributes
Clears selected address-related attributes for a user account.
|
1 2 3 4 5 6 7 8 |
Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "streetAddress", 0 objUser.PutEx ADS_PROPERTY_CLEAR, "c", 0 objUser.SetInfo |
Clearing User Account Attributes
Clears selected attributes for a user account.
|
1 2 3 4 5 6 7 8 9 |
Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "initials", 0 objUser.PutEx ADS_PROPERTY_CLEAR, "otherTelephone", 0 objUser.SetInfo |
Configuring Account Page Information for a User Account
Configures basic account information for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 |
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "sAMAccountName", "MyerKen01" objUser.Put "userWorkstations","wks1,wks2,wks3" objUser.SetInfo |
Configuring Address Page Information for a User Account
Configures address-related information for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Const ADS_PROPERTY_UPDATE = 2 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "streetAddress", "Building 43" & vbCrLf & "One Microsoft Way" objUser.Put "l", "Redmond" objUser.Put "st", "Washington" objUser.Put "postalCode", "98053" objUser.Put "c", "US" objUser.PutEx ADS_PROPERTY_UPDATE, _ "postOfficeBox", Array("2222", "2223", "2224") objUser.SetInfo |
Configuring COM+ Information for a User Account
Sets COM+ information for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 |
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "msCOM-UserPartitionSetLink", _ "cn=PartitionSet1,cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com" objUser.SetInfo |
Configuring Dial-In Properties for a User Account
Configures Dial-In attribute values for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
Const ADS_PROPERTY_UPDATE = 2 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "msNPAllowDialin", TRUE objUser.PutEx ADS_PROPERTY_UPDATE, _ "msNPSavedCallingStationID", Array("555-0100", "555-0111") objUser.PutEx ADS_PROPERTY_UPDATE, _ "msNPCallingStationID", Array("555-0100", "555-0111") objUser.Put "msRADIUSServiceType", 4 objUser.Put "msRADIUSCallbackNumber", "555-0112" objUser.Put "msRASSavedFramedIPAddress", 167903442 objUser.Put "msRADIUSFramedIPAddress", 167903442 'value of 10.2.0.210 objUser.PutEx ADS_PROPERTY_UPDATE, _ "msRASSavedFramedRoute", _ Array("10.1.0.0/16 0.0.0.0 1", "192.168.1.0/24 0.0.0.0 3") objUser.PutEx ADS_PROPERTY_UPDATE, _ "msRADIUSFramedRoute", _ Array("10.1.0.0/16 0.0.0.0 1", "192.168.1.0/24 0.0.0.0 3") objUser.SetInfo |
Configuring the Expiration Date for a User Account
Configures the MyerKen Active Directory user account to expire on March 30, 2003.
|
1 2 3 4 |
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.AccountExpirationDate = "03/30/2003" objUser.SetInfo |
Configuring Organization Properties for a User Account
Configures organization information for the MyerKen Active Directory user account. The script also assigns MyerKen as the manager for LewJudy and AkersKim.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Set objUser = GetObject _ ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "title", "Manager" objUser.Put "department", "Executive Management Team" objUser.Put "company", "Fabrikam" objUser.Put "manager", _ "cn=AckermanPilar,OU=Management,dc=NA,dc=fabrikam,dc=com" objUser.SetInfo Set objUser01 = GetObject _ ("LDAP://cn=LewJudy,OU=Sales,dc=NA,dc=fabrikam,dc=com") Set objUser02 = GetObject _ ("LDAP://cn=AckersKim,OU=Sales,dc=NA,dc=fabrikam,dc=com") objUser01.Put "manager", objUser.Get("distinguishedName") objUser02.Put "manager", objUser.Get("distinguishedName") objUser01.SetInfo objUser02.SetInfo |
Copying a Published Certificate to a User Account
Copies a published certificate from a template account (userTemplate) to the MyerKen Active Directory user account. This operation appends the new certificate without deleting any existing certificates.
|
1 2 3 4 5 6 7 8 9 10 11 |
On Error Resume Next Const ADS_PROPERTY_APPEND = 3 Set objUserTemplate = _ GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com") arrUserCertificates = objUserTemplate.GetEx("userCertificate") Set objUser = _ GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_APPEND, "userCertificate", arrUserCertificates objUser.SetInfo |
Configuring the UPN Suffixes Defined in the Forest
Configures the upnSuffixes attribute of the Partitions container and displays the new values to the operator.
|
1 2 3 4 5 6 7 8 9 10 11 |
Const ADS_PROPERTY_APPEND = 3 Set objPartitions = GetObject _ ("LDAP://cn=Partitions,cn=Configuration,dc=fabrikam,dc=com") objPartitions.PutEx ADS_PROPERTY_APPEND, _ "upnSuffixes", Array("sa.fabrikam.com","corp.fabrikam.com") objPartitions.SetInfo For Each Suffix in objPartitions.GetEx("upnSuffixes") WScript.Echo Suffix Next |
Configuring User Account Telephone Numbers
Configures telephone numbers and calling information for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
Const ADS_PROPERTY_UPDATE = 2 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "homePhone", "(425) 555-0100" objUser.Put "pager", "(425) 555-0101" objUser.Put "mobile", "(425) 555-0102" objUser.Put "facsimileTelephoneNumber", "(425) 555-0103" objUser.Put "ipPhone", "5555" objUser.Put "info", "Please do not call this user account" & _ " at home unless there is a work-related emergency. Call" & _ " this user's mobile phone before calling the pager number." objUser.PutEx ADS_PROPERTY_UPDATE, "otherHomePhone", Array("(425) 555-0110") objUser.PutEx ADS_PROPERTY_UPDATE, "otherPager", Array("(425) 555-0111") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherMobile", Array("(425) 555-0112", "(425) 555-0113") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherFacsimileTelephoneNumber", Array("(425) 555-0114") objUser.PutEx ADS_PROPERTY_UPDATE, "otherIpPhone", Array("5556") objUser.SetInfo |
Configuring User Profile Properties
Configures user profile settings for a user account.
|
1 2 3 4 5 6 7 8 9 |
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.Put "profilePath", "\\sea-dc-01\Profiles\myerken" objUser.Put "scriptPath", "logon.bat" objUser.Put "homeDirectory", "\\sea-dc-01\HomeFolders\myerken" objUser.Put "homeDrive", "H" objUser.SetInfo |
Configuring User Profile Properties for a User Account
Configures user profile properties for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 |
Set objUser = GetObject _ ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "profilePath", "\\sea-dc-01\Profiles\myerken" objUser.Put "scriptPath", "logon.bat" objUser.Put "homeDirectory", "\\sea-dc-01\HomeFolders\myerken" objUser.Put "homeDrive", "H" objUser.SetInfo |
Configuring User Telephone Properties
Configures telephone numbers and telephone-related attributes for a user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
Const ADS_PROPERTY_UPDATE = 2 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.Put "homePhone", "(425) 555-1111" objUser.Put "pager", "(425) 555-2222" objUser.Put "mobile", "(425) 555-3333" objUser.Put "facsimileTelephoneNumber", "(425) 555-4444" objUser.Put "ipPhone", "5555" objUser.Put "info", "Please do not call this user account" & _ " at home unless there is a work-related emergency. Call" & _ " this user's mobile phone before calling the pager number" objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherHomePhone", Array("(425) 555-1112") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherPager", Array("(425) 555-2223") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherMobile", Array("(425) 555-3334", "(425) 555-3335") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherFacsimileTelephoneNumber", Array("(425) 555-4445") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherIpPhone", Array("6666") objUser.SetInfo |
Copying Allowed Logon Hours from One Account to Another
Copies the allowed logon hours from a template account (userTemplate) and assigns them to the MyerKen Active Directory user account. The MyerKen account will thus have the same logon hour restrictions as those assigned to the userTemplate account.
|
1 2 3 4 5 6 7 8 9 |
On Error Resume Next Set objUserTemplate = _ GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com") arrLogonHours = objUserTemplate.Get("logonHours") Set objUser = _ GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "logonHours", arrLogonHours objUser.SetInfo |
Creating 1,000 User Accounts
Demonstration script that creates 1,000 user accounts (named UserNo1, UserNo2, UserNo3, etc.) in the Users container in Active Directory. The script is useful for test scenarios that require multiple user accounts.
|
1 2 3 4 5 6 7 8 9 10 11 |
Set objRootDSE = GetObject("LDAP://rootDSE") Set objContainer = GetObject("LDAP://cn=Users," & _ objRootDSE.Get("defaultNamingContext")) For i = 1 To 1000 Set objLeaf = objContainer.Create("User", "cn=UserNo" & i) objLeaf.Put "sAMAccountName", "UserNo" & i objLeaf.SetInfo Next WScript.Echo "1000 Users created." |
Creating an Active Directory User Account
Creates a user account in Active Directory. This script only creates the account, it does not enable it.
|
1 2 3 4 |
Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com") Set objUser = objOU.Create("User", "cn=MyerKen") objUser.Put "sAMAccountName", "myerken" objUser.SetInfo |
Creating a Contact in Active Directory
Creates a contact account named MyerKen in the Management organizational unit in a hypothetical domain named fabrikam.com.
|
1 |
Creating a Contact in Active Directory |
Creating a User, a Group, and an OU
Demonstration script that: 1) creates a new Active Directory organizational unit; 2) creates a new user account and new security group; and, 3) adds the new user as a member of that security group.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") Set objOU = objDomain.Create("organizationalUnit", "ou=Management") objOU.SetInfo Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com") Set objUser = objOU.Create("User", "cn= AckermanPilar") objUser.Put "sAMAccountName", "AckermanPila" objUser.SetInfo Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com") Set objGroup = objOU.Create("Group", "cn=atl-users") objGroup.Put "sAMAccountName", "atl-users" objGroup.SetInfo objGroup.Add objUser.ADSPath |
Deleting a Calling Station ID from a User Account
Removes a specific calling station ID from the MyerKen Active Directory user account. This operation only removes the specified calling station ID; no other IDs are deleted.
|
1 2 3 4 5 6 7 8 9 10 |
Const ADS_PROPERTY_DELETE = 4 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_DELETE, _ "msNPSavedCallingStationID", Array("555-0111") objUser.PutEx ADS_PROPERTY_DELETE, _ "msNPCallingStationID", Array("555-0111") objUser.SetInfo |
Deleting One Telephone Number from a User Account
Deletes a phone number from the otherMobile attribute of the MyerKen Active Directory user account. This operation removes only one phone number (425-555-0113) without affecting any other phone numbers.
|
1 2 3 4 5 6 7 |
Set objUser = GetObject _ ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_DELETE, "otherMobile", Array("(425) 555-0113") objUser.SetInfo objComptCopy.SetInfo |
Deleting a Phone Number
Deletes a phone number from a user account with multiple mobile phone numbers.
|
1 2 3 4 5 6 7 8 9 |
Const ADS_PROPERTY_DELETE = 4 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_DELETE, _ "otherMobile", Array("(425) 555-3334") objUser.SetInfo |
Deleting a Post Office Box from a User Account
Removes a specified value (2224) from the postOfficeBox attribute of the MyerKen Active Directory user account. This operation removes only the specified post office box; other entries will not be deleted.
|
1 2 3 4 5 6 7 8 |
Const ADS_PROPERTY_DELETE = 4 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_DELETE, "postOfficeBox", Array("2224") objUser.SetInfo |
Deleting Published Certificates from a User Account
Retrieves a set of published certificates from a template account (userTemplate), and then deletes each of those certificates from the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 10 11 |
On Error Resume Next Const ADS_PROPERTY_DELETE = 4 Set objUserTemplate = _ GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com") arrUserCertificates = objUserTemplate.GetEx("userCertificate") Set objUser = _ GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_DELETE, "userCertificate", arrUserCertificates objUser.SetInfo |
Deleting Single- and Multi-Valued Attributes
Deletes selected attributes from a user account. Demonstrates how to delete single-valued attributes as well as how to delete a single entry from a multi-valued attribute.
|
1 2 3 4 5 6 7 8 9 10 11 |
Const ADS_PROPERTY_DELETE = 4 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_DELETE, _ "otherTelephone", Array("(425) 555-1213") objUser.PutEx ADS_PROPERTY_DELETE, _ "initials", Array("E.") objUser.SetInfo |
Deleting a User Account from Active Directory
Deletes the user account for MyerKen from the HR organizational unit in a hypothetical domain named fabrikam.com.
|
1 2 |
Set objOU = GetObject("LDAP://ou=hr,dc=fabrikam,dc=com") objOU.Delete "user", "cn=MyerKen" |
Determining When an Account Expires
Returns the expiration date for a user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") dtmAccountExpiration = objUser.AccountExpirationDate If err.number = -2147467259 Or _ dtmAccountExpiration = "1/1/1970" Then WScript.echo "No account expiration specified" Else WScript.echo "Account expiration:" & _ objUser.AccountExpirationDate End If |
Determining the Owner of a User Account
Reports the owner of the MyerKen Active Directory user account.
|
1 2 3 4 5 6 |
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor") WScript.Echo "Owner Tab" WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner |
Determining When a Password Expires
Determines the date when a user password will expire.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
Const SEC_IN_DAY = 86400 Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 Set objUserLDAP = GetObject _ ("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com") intCurrentValue = objUserLDAP.Get("userAccountControl") If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then wscript.echo "The password does not expire." Else dtmValue = objUserLDAP.PasswordLastChanged Wscript.echo "The password was last changed on " & _ DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _ "The difference between when the password was last set" & VbCrLf & _ "and today is " & int(now - dtmValue) & " days" intTimeInterval = int(now - dtmValue) Set objDomainNT = GetObject("WinNT://fabrikam") intMaxPwdAge = objDomainNT.Get("MaxPasswordAge") If intMaxPwdAge < 0 Then WScript.Echo "The Maximum Password Age is set to 0 in the " & _ "domain. Therefore, the password does not expire." Else intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY) Wscript.echo "The maximum password age is " & intMaxPwdAge & " days" If intTimeInterval >= intMaxPwdAge Then Wscript.echo "The password has expired." Else Wscript.echo "The password will expire on " & _ DateValue(dtmValue + intMaxPwdAge) & " (" & _ int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")." End If End If End If |
Determining When a Password was Last Set
Identifies the last time a user password was set.
|
1 2 3 4 |
Set objUser = GetObject _ ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") dtmValue = objUser.PasswordLastChanged WScript.echo "pwdLastSet is: " & dtmValue |
Determining User Account Status
Identifies whether a user account is enabled or disabled.
|
1 2 3 4 5 6 7 8 |
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") If objUser.AccountDisabled = FALSE Then WScript.Echo "The account is enabled." Else WScript.Echo "The account is disabled." End If |
Determining When a User Account Expires
Reports the date that the MyerKen Active Directory user account expires.
|
1 2 3 4 5 6 7 8 9 10 |
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") dtmAccountExpiration = objUser.AccountExpirationDate If Err.Number = -2147467259 Or dtmAccountExpiration = "1/1/1970" Then WScript.Echo "No account expiration specified" Else WScript.Echo "Account expiration: " & objUser.AccountExpirationDate End If |
Determining User Logon Hours
Retrieves the allowed logon hours for a user.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
Dim arrLogonHoursBytes(20) Dim arrLogonHoursBits(167) arrDayOfWeek = Array _ ("Sun", "Mon", "Tue", "Wed", _ "Thu", "Fri", "Sat") Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfoEx Array("logonHours"), 0 arrLogonHours = objUser.Get("logonHours") For i = 1 To LenB(arrLogonHours) arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1)) Next intCounter = 0 intLoopCounter = 0 WScript.Echo "Day Byte 1 Byte 2 Byte 3" For Each LogonHourByte In arrLogonHoursBytes arrLogonHourBits = GetLogonHourBits(LogonHourByte) If intCounter = 0 Then WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2) intLoopCounter = intLoopCounter + 1 End If For Each LogonHourBit In arrLogonHourBits WScript.STDOUT.Write LogonHourBit intCounter = 1 + intCounter If intCounter = 8 or intCounter = 16 Then WScript.STDOUT.Write Space(1) End If If intCounter = 24 Then WScript.echo VbCr intCounter = 0 End If Next Next Function GetLogonHourBits(x) Dim arrBits(7) For i = 7 to 0 Step -1 If x And 2^i Then arrBits(i) = 1 Else arrBits(i) = 0 End If Next GetLogonHourBits = arrBits End Function |
Disabling a Password Flag
Disables the option allowing a password to be stored using reversible encrypted text.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") intUAC = objUser.Get("userAccountControl") If intUAC AND _ ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED Then objUser.Put "userAccountControl", intUAC XOR _ ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED objUser.SetInfo End If |
Disabling the Smartcard Required Attribute for a User Account
Disables the setting that required MyerKen to use a smartcard when logging on to Active Directory.
|
1 2 3 4 5 6 7 8 9 10 |
Const ADS_UF_SMARTCARD_REQUIRED = &h40000 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") intUAC = objUser.Get("userAccountControl") If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) <> 0 Then objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED objUser.SetInfo End If |
Disabling a User Account
Disables a user account.
|
1 2 3 4 5 6 7 8 |
Const ADS_UF_ACCOUNTDISABLE = 2 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") intUAC = objUser.Get("userAccountControl") objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE objUser.SetInfo |
Disabling the User Cannot Change Password Option
Disables the User Cannot Change Password option, allowing the user to change their password.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const CHANGE_PASSWORD_GUID = _ "{ab721a53-1e2f-11d0-9819-00aa0040529b}" Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") Set objSD = objUser.Get("nTSecurityDescriptor") Set objDACL = objSD.DiscretionaryAcl arrTrustees = Array("nt authority\self", "everyone") For Each strTrustee In arrTrustees For Each ace In objDACL If(LCase(ace.Trustee) = strTrustee) Then If((ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _ (LCase(ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then objDACL.RemoveAce ace End If End If Next Next objUser.Put "nTSecurityDescriptor", objSD objUser.SetInfo |
Displaying Allowed Logon Hours for a User Account
Returns the allowed logon hours for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
On Error Resume Next Dim arrLogonHoursBytes(20) Dim arrLogonHoursBits(167) arrDayOfWeek = Array _ ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat") Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") arrLogonHours = objUser.Get("logonHours") For i = 1 To LenB(arrLogonHours) arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1)) WScript.Echo "MidB returns: " & MidB(arrLogonHours, i, 1) WScript.Echo "arrLogonHoursBytes: " & arrLogonHoursBytes(i-1) wscript.echo vbcrlf Next intCounter = 0 intLoopCounter = 0 WScript.echo "Day Byte 1 Byte 2 Byte 3" For Each LogonHourByte In arrLogonHoursBytes arrLogonHourBits = GetLogonHourBits(LogonHourByte) If intCounter = 0 Then WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2) intLoopCounter = intLoopCounter + 1 End If For Each LogonHourBit In arrLogonHourBits WScript.STDOUT.Write LogonHourBit intCounter = 1 + intCounter If intCounter = 8 or intCounter = 16 Then Wscript.STDOUT.Write Space(1) End If If intCounter = 24 Then WScript.echo vbCr intCounter = 0 End If Next Next Function GetLogonHourBits(x) Dim arrBits(7) For i = 7 to 0 Step -1 If x And 2^i Then arrBits(i) = 1 Else arrBits(i) = 0 End If Next GetLogonHourBits = arrBits End Function |
Displaying Domain Password Attributes
Displays password policy settings for the domain.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
Const MIN_IN_DAY = 1440, SEC_IN_MIN = 60 Set objDomain = GetObject("WinNT://fabrikam") Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com") intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge") intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge") intLockOutObservationWindowSeconds = objDomain.Get("LockoutObservationInterval") intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval") intMinPwdLength = objAds.Get("minPwdLength") intPwdHistoryLength = objAds.Get("pwdHistoryLength") intPwdProperties = objAds.Get("pwdProperties") intLockoutThreshold = objAds.Get("lockoutThreshold") intMaxPwdAgeDays = _ ((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days" intMinPwdAgeDays = _ ((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days" intLockOutObservationWindowMinutes = _ (intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes" If intLockoutDurationSeconds <> -1 Then intLockoutDurationMinutes = _ (intLockOutDurationSeconds/SEC_IN_MIN) & " minutes" Else intLockoutDurationMinutes = _ "Administrator must manually unlock locked accounts" End If WScript.Echo "maxPwdAge = " & intMaxPwdAgeDays WScript.Echo "minPwdAge = " & intMinPwdAgeDays WScript.Echo "minPwdLength = " & intMinPwdLength WScript.Echo "pwdHistoryLength = " & intPwdHistoryLength WScript.Echo "pwdProperties = " & intPwdProperties WScript.Echo "lockOutThreshold = " & intLockoutThreshold WScript.Echo "lockOutObservationWindow = " & intLockOutObservationWindowMinutes WScript.Echo "lockOutDuration = " & intLockoutDurationMinutes |
Displaying Password Property Attributes
Displays password settings for the domain.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
Set objHash = CreateObject("Scripting.Dictionary") objHash.Add "DOMAIN_PASSWORD_COMPLEX", &h1 objHash.Add "DOMAIN_PASSWORD_NO_ANON_CHANGE", &h2 objHash.Add "DOMAIN_PASSWORD_NO_CLEAR_CHANGE", &h4 objHash.Add "DOMAIN_LOCKOUT_ADMINS", &h8 objHash.Add "DOMAIN_PASSWORD_STORE_CLEARTEXT", &h16 objHash.Add "DOMAIN_REFUSE_PASSWORD_CHANGE", &h32 Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") intPwdProperties = objDomain.Get("PwdProperties") WScript.Echo "pwdProperties = " & intPwdProperties For Each Key In objHash.Keys If objHash(Key) And intPwdProperties Then WScript.Echo Key & " is enabled" Else WScript.Echo Key & " is disabled" End If Next |
Displaying User Account Password Attributes
Displays password-related attributes for an individual user account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
Const ADS_UF_PASSWORD_EXPIRED = &h800000 Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}" Set objHash = CreateObject("Scripting.Dictionary") objHash.Add "ADS_UF_PASSWD_NOTREQD", &h00020 objHash.Add "ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED", &h0080 objHash.Add "ADS_UF_DONT_EXPIRE_PASSWD", &h10000 Set objUser = GetObject _ ("LDAP://CN=MyerKen,OU=management,DC=Fabrikam,DC=com") intUserAccountControl = objUser.Get("userAccountControl") Set objUserNT = GetObject("WinNT://fabrikam/myerken") intUserFlags = objUserNT.Get("userFlags") If ADS_UF_PASSWORD_EXPIRED And intUserFlags Then blnExpiredFlag = True Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is enabled" Else Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is disabled" End If For Each Key In objHash.Keys If objHash(Key) And intUserAccountControl Then WScript.Echo Key & " is enabled" Else WScript.Echo Key & " is disabled" End If Next Set objSD = objUser.Get("nTSecurityDescriptor") Set objDACL = objSD.DiscretionaryAcl For Each Ace In objDACL If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _ (LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then blnACEPresent = True End If Next If blnACEPresent Then Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is enabled" Else Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is disabled" End If If blnExpiredFlag = True Then Wscript.echo "pwdLastSet is null" Else Wscript.echo "pwdLastSet is " & objUser.PasswordLastChanged End If |
Enabling a User Account
Enables a user account.
|
1 2 3 4 |
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.AccountDisabled = FALSE objUser.SetInfo |
Ensuring that an Account will not Expire
Configures a user account so that it will not expire. This is done by setting the expiration date to 1/1/1970.
|
1 2 3 4 |
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.AccountExpirationDate = "01/01/1970" objUser.SetInfo |
Modifying User Profile Paths
Changes the server name portion of the user profile path to \\fabrikam for the MyerKen Active Directory user account.
|
1 2 3 4 5 6 7 8 9 10 |
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") strCurrentProfilePath = objUser.Get("profilePath") intStringLen = Len(strCurrentProfilePath) intStringRemains = intStringLen - 11 strRemains = Mid(strCurrentProfilePath, 12, intStringRemains) strNewProfilePath = "\\fabrikam" & strRemains objUser.Put "profilePath", strNewProfilePath objUser.SetInfo |
Moving a User Account
Moves a user account from one OU to another.
|
1 2 3 |
Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com") objOU.MoveHere _ "LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullString |
Moving a User Account to a New Domain
Uses the MoveHere method of IADsContainer to move a user account to another domain. Note that there are a number of restrictions associated with performing this type of move operation. For details, see the Directory Services Platform SDK.
|
1 2 3 |
Set objOU = GetObject("LDAP://ou=management,dc=na,dc=fabrikam,dc=com") objOU.MoveHere _ "LDAP://cn=AckermanPilar,OU=management,dc=fabrikam,dc=com", vbNullString |
Preventing a User From Changing His or Her Password
Enables the User Cannot Change Password option, which prevents the user from changing their password.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const ADS_ACEFLAG_OBJECT_TYPE_PRESENT = &H1 Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}" Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") Set objSD = objUser.Get("ntSecurityDescriptor") Set objDACL = objSD.DiscretionaryAcl arrTrustees = array("nt authority\self", "EVERYONE") For Each strTrustee in arrTrustees Set objACE = CreateObject("AccessControlEntry") objACE.Trustee = strTrustee objACE.AceFlags = 0 objACE.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT objACE.Flags = ADS_ACEFLAG_OBJECT_TYPE_PRESENT objACE.ObjectType = CHANGE_PASSWORD_GUID objACE.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS objDACL.AddAce objACE Next objSD.DiscretionaryAcl = objDACL objUser.Put "nTSecurityDescriptor", objSD objUser. SetInfo |
Requiring a Password Change
Forces a user to change their password the next time they logon.
|
1 2 3 4 |
Set objUser = GetObject _ ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") objUser.Put "pwdLastSet", 0 objUser.SetInfo |
Requiring a User to Logon on Using a Smartcard
Configures the MyerKen user account so that the user must use a smartcard in order to logon to Active Directory.
|
1 2 3 4 5 6 7 8 9 10 |
Const ADS_UF_SMARTCARD_REQUIRED = &h40000 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") intUAC = objUser.Get("userAccountControl") If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED objUser.SetInfo End If |
Retrieving Organization Information
Retrieves user account attributes found on the Organization page of the user account object in Active Directory Users and Computers.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfo strTitle = objUser.Get("title") strDepartment = objUser.Get("department") strCompany = objUser.Get("company") strManager = objUser.Get("manager") strDirectReports = _ objUser.GetEx("directReports") WScript.echo "title: " & strTitle WScript.echo "department: " & strDepartment WScript.echo "company: " & strCompany WScript.echo "manager: " & strManager For Each strValue in strDirectReports WScript.echo "directReports: " & strValue Next |
Retrieving User Account Account Properties
Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfo strUserPrincipalName = objUser.Get("userPrincipalName") strSAMAccountName = objUser.Get("sAMAccountName") strUserWorkstations = objUser.Get("userWorkstations") Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") objDomain.GetInfoEx Array("dc"), 0 strDC = objDomain.Get("dc") WScript.echo "userPrincipalName: " & strUserPrincipalName WScript.echo "sAMAccountName: " & strSAMAccountName WScript.echo "UserWorkstations: " & strUserWorkstations WScript.echo "dc: " & strDC |
Retrieving User Profile Properties
Retrieves user account attributes found on the Profile page of the user account object in Active Directory users and Computers.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfo strProfilePath = objUser.Get("profilePath") strScriptPath = objUser.Get("scriptPath") strHomeDirectory = objUser.Get("homeDirectory") strHomeDrive = objUser.Get("homeDrive") WScript.echo "profilePath: " & strProfilePath WScript.echo "scriptPath: " & strScriptPath WScript.echo "homeDirectory: " & strHomeDirectory WScript.echo "homeDrive: " & strHomeDrive |
Setting an Account Expiration Date
Configures a user account to expire on 3/30/2003.
|
1 2 3 4 |
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.AccountExpirationDate = "03/30/2003" objUser.SetInfo |
Setting a Password So It Never Expires
Configures the domain password for a user account to ensure that the password will never expire.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") intUAC = objUser.Get("userAccountControl") If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then Wscript.Echo "Already enabled" Else objUser.Put "userAccountControl", intUAC XOR _ ADS_UF_DONT_EXPIRE_PASSWD objUser.SetInfo WScript.Echo "Password never expires is now enabled" End If |
Setting the Primary Group for a User
Sets the primary group for the MyerKen Active Directory user account to MgmtUniversal.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
Const ADS_PROPERTY_APPEND = 3 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") Set objGroup = GetObject _ ("LDAP://cn=MgmtUniversal,ou=Management,dc=NA,dc=fabrikam,dc=com") objGroup.GetInfoEx Array("primaryGroupToken"), 0 intPrimaryGroupToken = objGroup.Get("primaryGroupToken") objGroup.PutEx ADS_PROPERTY_APPEND, _ "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objGroup.SetInfo objUser.Put "primaryGroupID", intPrimaryGroupToken objUser.SetInfo |
Setting a Users Password
Configures a new password for a user.
|
1 2 3 |
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com") objUser.SetPassword "i5A2sj*!" |
Unlocking an Active Directory User Account
Unlocks the MyerKen Active Directory user account.
|
1 2 3 4 |
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.IsAccountLocked = False objUser.SetInfo |
Writing User Account Properties
Configures general attributes for a user account.
|
1 2 3 4 5 6 |
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.Put "sAMAccountName", "MyerKen01" objUser.Put "userWorkstations", "wks1,wks2,wks3" |