Actual Admins

Actual Admins

combined IT ramblings

  • Home
  • Apparel
  • Home
  • Apparel
Actual Admins > Operating Systems > Windows > Clearing an Active Directory user field with VBScript

Clearing an Active Directory user field with VBScript

Jeroen Hensing    November 29, 2012 November 29, 2012    Comments Off on Clearing an Active Directory user field with VBScript

This week I needed to clear the ‘logon script’ field of all AD users (who had one set). While working on the code, I noticed you couldn’t just do ‘ objUser.scriptPath=”” ‘ as this would result in an error. So this was done with PutEx.

The following will search for each user (as specified in objRootDSE, the LDAP root path) who has scriptPath set to the same as strOldScript, so to get rid of the old kix script we once used.

As the code is mostly self explanatory, I’ll just give you the code.

Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset
Dim strDN, objUser, strOldScript
  
' Specify old logon script.
strOldScript = "kix32 staff.kix"
  
Const ADS_PROPERTY_CLEAR = 1 
  
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
  
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
  
' Filter on users with old logon script.
strFilter = "(&(objectCategory=person)(objectClass=user)" & "(scriptPath=" & strOldScript & "))"
  
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
  
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
wscript.echo strQuery
  
' Run the query.
Set adoRecordset = adoCommand.Execute
  
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
  
    ' Retrieve values.
    strDN = adoRecordset.Fields("distinguishedName").Value
    ' Bind to the user object.
    Set objUser = GetObject("LDAP://" & strDN)
 
    ' Clear the scriptPath attribute.
    objUser.PutEx ADS_PROPERTY_CLEAR, "scriptPath", 0
 
    ' Save change to AD.
    objUser.SetInfo
    ' Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop
 
' Clean up.
adoRecordset.Close
adoConnection.Close

Source: old site

Scripting, Windows     Active Directory, Login Script, VBS

About Jeroen Hensing

A dutch nerd who likes to mess around with computers.

View all posts by Jeroen Hensing →

Post navigation

Speed up folders with many similar named files
CMD.EXE: About Variables

Recent Posts

  • Apply WhatIf to an entire script
  • Recovering NTFS inheritance
  • Zabbix monitoring
  • Managing Windows features using RSAT
  • Enable server 2012R2 disk performance counters

Recent Comments

    Archives

    • November 2018
    • October 2017
    • July 2017
    • March 2017
    • December 2016
    • October 2016
    • June 2016
    • March 2016
    • February 2016
    • March 2014
    • May 2013
    • April 2013
    • March 2013
    • February 2013
    • December 2012
    • November 2012

    Categories

    • Linux
    • Operating Systems
    • PowerShell
    • Raspberry PI
    • Scripting
    • Security
    • Windows

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Copyright Actual Admins ©2020
    All rights reserved.