This week I needed to clear the ‘logon script’ field of all AD users (who had one set). While working on the code, I noticed you couldn’t just do ‘ objUser.scriptPath=”” ‘ as this would result in an error. So this was done with PutEx.
The following will search for each user (as specified in objRootDSE, the LDAP root path) who has scriptPath set to the same as strOldScript, so to get rid of the old kix script we once used.
As the code is mostly self explanatory, I’ll just give you the code.
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset
Dim strDN, objUser, strOldScript
' Specify old logon script.
strOldScript = "kix32 staff.kix"
Const ADS_PROPERTY_CLEAR = 1
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on users with old logon script.
strFilter = "(&(objectCategory=person)(objectClass=user)" & "(scriptPath=" & strOldScript & "))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
wscript.echo strQuery
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
' Bind to the user object.
Set objUser = GetObject("LDAP://" & strDN)
' Clear the scriptPath attribute.
objUser.PutEx ADS_PROPERTY_CLEAR, "scriptPath", 0
' Save change to AD.
objUser.SetInfo
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.CloseSource: old site