Announcement

Collapse
No announcement yet.

Program to enable list of users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Program to enable list of users

    Hi there

    Anyone got an app / know of of an app that will enable a user from the command line?

    Thanks

    Chris
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

  • #2
    Re: Program to enable list of users

    You could use dsmod user <UserDN ...> -disabled {yes | no}

    Check out the following:

    http://www.robvanderwoude.com/adshelp/dsmod_user.txt

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Program to enable list of users

      Thanks for that but i was looking for something that didn't need to OU location of the user. Just the NT logon.
      Server 2000 MCP
      Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Program to enable list of users

        Code:
        C:\WINDOWS\system32>dsquery user -samid guy | dsmod user -disabled no
        dsmod succeeded:CN=Guy Test,OU=Dev,DC=domain,DC=local
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Program to enable list of users

          Thanks for that Guy but I ended up scripting it in the end. Cheers
          Server 2000 MCP
          Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: Program to enable list of users

            I ended up scripting it in the end.
            just being curious, did you use the UPN, Nt-name or DN? Or did you search first for all disabled accounts?


            For who is interested, something about using accountnames in a script :
            Using the NT-name of the user can make it more easy to get to that object in the Active Directory, no need to type the OU. Simply by using this line:
            ADsPath = "WinNT://" & replace(wscript.arguments(0), "\", "/")
            Set objUser = GetObject(ADsPath)
            (Where "WScript.arguments(0)" will automatically read the command-line parameter => the netbiosDomain\NT-name of the user).

            Unfortunelately most of the time you can't to use the WinNT-provider because of its 'NT-only'-limitations (http://www.rlmueller.net/WinNT_LDAP.htm), then you have to use "LDAP://".
            The ADsPath of the LDAP-provider deals with the AD-structure and not de domain structure. So you need a distinguishedName (DN) to get to the user object.
            The "WinNT://" can not give you the DN. To translate the NT-name to a DN, for the use of LDAP, you must create a 'name translator' in the script.

            Example of Name translation
            Code:
            'name: EnableUser.vbs
            
            ' Constants for the NameTranslate object.
            ' http://www.rlmueller.net/NameTranslateFAQ.htm#How%20do%20I%20convert%20an%20NT%20name%20to%20a%20Distinguished%20Name
            Const ADS_NAME_INITTYPE_GC = 3  '<--(needs clear access to the Global Catalog!)
            Const ADS_NAME_TYPE_NT4    = 3
            Const ADS_NAME_TYPE_1779   = 1
            
            ' Constants for the user account control
            ' http://www.computerperformance.co.uk/ezine/ezine23.htm
            Const USER_ENABLED = 512, USER_DISABLED =  514
            
            
            Do until Instr(UCASE(sNTUser), "\")
             sNTUser = InputBox("Enter the pre-Windows 2000 accountname" & VBNewLine & VBNewLine _
                     & "notation: NetBios-Domainname\NT-Username (use backslash as separator)", _
                     "Enable user account","NbDomain\NTUser")
             If sNTUser = Cancel  Then  WScript.Quit
            Loop
            
            strNTName = split(sNTUser,"\")(1)
            strNetBIOSDomain = split(sNTUser,"\")(0)
            
            
            Set objTrans = CreateObject("NameTranslate")
            objTrans.Init ADS_NAME_INITTYPE_GC, ""
            objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
            
            ' distinguishedname:
            strUserDN = Replace(objTrans.Get(ADS_NAME_TYPE_1779), "/", "\/")
            
            
            ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' now you can use the LDAP provider to Get to the userobject
            ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            Set objUser = GetObject("LDAP://" & strUserDN)
            
            If CBool(objUser.IsAccountLocked) Then _
            attention = vbNewLine & "Attention: Account is still Locked-out"
            
            If Not CBool(objUser.AccountDisabled) Then 
              wscript.echo "Account was already Enabled", attention
            Else
              If objUser.class="user" then
                objUser.Put "userAccountControl", USER_ENABLED
                objUser.SetInfo
                Wscript.echo "Account is now Enabled", attention
              End If
            End If
            
            wscript.quit
            Note:
            The user NT-name is the 'pre-Windows 2000 accountname' (for the ldap-provider the attribute: "sAMAccountName") that accountname does not always have to be exactly like the AD Domain accountname (attribute "userPrincipalName", stored w/ the domain suffix)! If you want a script looking for that accountname, then you have to use a LDP-query to search the directory on the attributes you want and the nesseray property(s) to get just the one user.


            \Rems


            Using a LDAP-query in a script (as mensioned in the note above) follows in this case more or less the same process as when using a command-line with dsquery.exe to pipe the results to a dsget.exe command (see guyt's answer here). You can read more about dsquery in the 'sticky' thread 'Export Active Directory data' in this AD forum)
            Last edited by Rems; 9th September 2007, 18:38.

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment

            Working...
            X