Announcement

Collapse
No announcement yet.

VBScript to change Profile Attributes in AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VBScript to change Profile Attributes in AD

    Hey Guys,
    1st post here, don't know if this is the right place to put this, but I'm trying to write a VBScript to change User Profile attributes in AD. I'm trying to do this so I don't have to add profile attributes to every single member of our AD.

    Code:
     	Set objUser = GetObject _
      ("LDAP://cn=testing,ou=Testing,ou=Technology,dc=miamips,dc=net")
    
    objUser.Put "homeDirectory", "\\mpsnas\users\%username%"
    objUser.Put "homeDrive", "U"
    
    wscript.echo "Done"
    So what I'm trying to do is set the User Home drive on multiple users.

    It runs and says "Done" like it finished, but it didn't do anything to the group

    Any help with the code? Is this code just for doing individual users? If so, What is one to help with what I'm trying to do?

  • #2
    Re: VBScript to change Profile Attributes in AD

    You need to create a loop.
    Something like (not tested though since I don't have an environment nearby)

    Code:
    Set objUser = GetObject _
      ("LDAP://cn=testing,ou=Testing,ou=Technology,dc=miamips,dc=net")
    Foreach user in objuser do
    objUser.Put "homeDirectory", "\\mpsnas\users\%username%"
    objUser.Put "homeDrive", "U"
    Loop
    wscript.echo "Done"
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: VBScript to change Profile Attributes in AD

      Originally posted by Dumber View Post
      You need to create a loop.
      Something like (not tested though since I don't have an environment nearby)

      Code:
      Set objUser = GetObject _
        ("LDAP://cn=testing,ou=Testing,ou=Technology,dc=miamips,dc=net")
      Foreach user in objuser do
      objUser.Put "homeDirectory", "\\mpsnas\users\%username%"
      objUser.Put "homeDrive", "U"
      Loop
      wscript.echo "Done"

      I don't see how the loop helps. Can you explain? I want it to go for a whole group and not an individual user. Do I need to change something if I want that?

      Comment


      • #4
        Re: VBScript to change Profile Attributes in AD

        Thats what the loop does

        FOREACH user
        ...
        ...
        LOOP

        will go through users one by one and do the same thing to each user account it finds
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: VBScript to change Profile Attributes in AD

          Originally posted by centbuntu View Post
          I don't see how the loop helps. Can you explain? I want it to go for a whole group and not an individual user. Do I need to change something if I want that?
          If "cn=testing" is a group object, then the name objUser that you gave to the reference to the object is mostlikely making the confusion here. The object IS a group therefor it is better if you'd name it something like objGroup.

          Your script connects to the "cn=testing" group object in Active Directory,
          then it directly tries to edit attributes of that object which are not typically attributes beloning to a group object.

          The script should first enumerate the members of the group - then it have to connect to each of the user objects to be able to edit attributes of that object. You use a For-Each loop to get each of the members.

          Add objMember.SetInfo to the script to save the new values for the object.


          Code:
          '  create an outstanding binding to Active Directory
          Set objRootDSE = GetObject("LDAP://RootDSE")
          strDNSDomain = objRootDSE.Get("DefaultNamingContext")
          
          ' create a reference to the group object
          Set objGroup = GetObject _
            ("LDAP://cn=testing,ou=Testing,ou=Technology," & strDNSDomain)
          
          objGroup.GetInfoEx Array("member"), 0
          
          If Not IsEmpty(objGroup.member) then
             ' connect to each object which is member of the group,
             ' Determine if the member is a user (since you're editing
             ' attributes typically for user objects).
             For Each strMember in objGroup.GetEx("member")
               Set objMember = GetObject("LDAP://" & strMember)
               If InStr(1, objMember.Class, "user",1) Then
                 objMember.Put "homeDirectory", "\\mpsnas\users\" & objMember.sAMAccountName
                 objMember.Put "homeDrive", "U:"
                 objMember.SetInfo
               End If
             Next
          End If
          \Rems

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: VBScript to change Profile Attributes in AD

            Originally posted by Rems View Post
            If "cn=testing" is a group object, then the name objUser that you gave to the reference to the object is mostlikely making the confusion here. The object IS a group therefor it is better if you'd name it something like objGroup.

            Your script connects to the "cn=testing" group object in Active Directory,
            then it directly tries to edit attributes of that object which are not typically attributes beloning to a group object.

            The script should first enumerate the members of the group - then it have to connect to each of the user objects to be able to edit attributes of that object. You use a For-Each loop to get each of the members.

            Add objMember.SetInfo to the script to save the new values for the object.


            Code:
            '  create an outstanding binding to Active Directory
            Set objRootDSE = GetObject("LDAP://RootDSE")
            strDNSDomain = objRootDSE.Get("DefaultNamingContext")
            
            ' create a reference to the group object
            Set objGroup = GetObject _
              ("LDAP://cn=testing,ou=Testing,ou=Technology," & strDNSDomain)
            
            objGroup.GetInfoEx Array("member"), 0
            
            If Not IsEmpty(objGroup.member) then
               ' connect to each object which is member of the group,
               ' Determine if the member is a user (since you're editing
               ' attributes typically for user objects).
               For Each strMember in objGroup.GetEx("member")
                 Set objMember = GetObject("LDAP://" & strMember)
                 If InStr(1, objMember.Class, "user",1) Then
                   objMember.Put "homeDirectory", "\\mpsnas\users\" & objMember.sAMAccountName
                   objMember.Put "homeDrive", "U:"
                   objMember.SetInfo
                 End If
               Next
            End If
            \Rems
            Hey, Thanks for that script! It works great! Only one problem, it seem to put it in the user home area, but it doesn't seem to be applying it. If that makes any sense. It seems to me that it is putting the information in but not making it applicable to anything. It's not actually creating a user home, it's just putting text in the box. Any help on making it applicable?

            Comment


            • #7
              Re: VBScript to change Profile Attributes in AD

              Originally posted by centbuntu View Post
              it seem to put it in the user home area, but < ... >
              It's not actually creating a user home, it's just putting text in the box. Any help on making it applicable?
              Code:
              Const ADS_NAME_INITTYPE_GC = 3
              Const ADS_NAME_TYPE_NT4 = 3
              Const ADS_NAME_TYPE_1779 = 1
              
              '  create an outstanding binding to Active Directory
              Set objRootDSE = GetObject("LDAP://RootDSE")
              strDNSDomain = objRootDSE.Get("DefaultNamingContext")
              
              Set objTrans = CreateObject("NameTranslate")
              objTrans.Init ADS_NAME_INITTYPE_GC, ""
              objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
              strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
              strNetBIOSdomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
              
              Set objFSO = CreateObject("Scripting.FileSystemObject")
              Set objShell = CreateObject("Wscript.Shell")
              
              ' create a reference to the group object
              Set objGroup = GetObject _
                ("LDAP://cn=testing,ou=Testing,ou=Technology," & strDNSDomain)
              
              objGroup.GetInfoEx Array("member"), 0
              
              If Not IsEmpty(objGroup.member) then
                 ' connect to each object which is member of the group,
                 ' Determine if the member is a user (since you're editing
                 ' attributes typically for user objects).
                 For Each strMember in objGroup.GetEx("member")
                   Set objMember = GetObject("LDAP://" & strMember)
                   If InStr(1, objMember.Class, "user",1) Then
                     strNTName = objMember.sAMAccountName
                     strHomeFolder = "\\mpsnas\users\" & strNTName
              
                     objMember.Put "homeDirectory", strHomeFolder
                     objMember.Put "homeDrive", "U:"
                     objMember.SetInfo
              
                     ' http://www.rlmueller.net/CreateUsers.htm
                     If (objFSO.FolderExists(strHomeFolder) = False) Then
                       On Error Resume Next
                       objFSO.CreateFolder strHomeFolder
                       If (Err.Number <> 0) Then
                         err.clear
                         script.Echo "Unable to create home folder: " & strHomeFolder
                       End If
                       On Error Goto 0
                     End If
              
                     If (objFSO.FolderExists(strHomeFolder) = True) Then
                       ' Assign user Full permission to home folder.
                       intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " _
                         & strHomeFolder & " /T /E /C /G " & strNetBIOSDomain _
                         & "\" & strNTName & ":F", 2, True)
                       If (intRunError <> 0) Then
                         Wscript.Echo "Error assigning permissions for user " _
                           & strNTName & " to home folder " & strHomeFolder
                       End If
                     End If
              
                   End If
              
                 Next
              End If
              \Rems

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment

              Working...
              X