VBScript - AD - Monitoring
Contents Under Construction


Contents:
------------------------------------------------------------------------------------------------------------------------------------------

Add Data to a Spreadsheet Cell
Add Formatted Data to a Spreadsheet
Create User Accounts Based on Information in a Spreadsheet
Format a Range of Cells
List Active Directory Data in a Spreadsheet
List Excel Color Values
List Service Data in a Spreadsheet
Open an Excel Spreadsheet


------------------------------------------------------------------------------------------------------------------------------------------

Assign a New Group Policy Link to an OU


Assigns the Group Policy link Sales Policy to the Sales OU in Active Directory. 
On Error Resume Next

Set objContainer = GetObject _
    ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") 
 
strExistingGPLink = objContainer.Get("gPLink")
 
strGPODisplayName = "Sales Policy"
strGPOLinkOptions = 2
strNewGPLink = "[" & GetGPOADsPath & ";" & strGPOLinkOptions & "]"
 
objContainer.Put "gPLink", strExistingGPLink & strNewGPLink
objContainer.Put "gPOptions", "0"
 
objContainer.SetInfo
 
Function GetGPOADsPath
    Set objConnection = CreateObject("ADODB.Connection")  
    objConnection.Open "Provider=ADsDSOObject;"   
 
    Set objCommand = CreateObject("ADODB.Command")
    objCommand.ActiveConnection = objConnection
 
    objCommand.CommandText = _
      ";;" & _
          "distinguishedName,displayName;onelevel"
    Set objRecordSet = objCommand.Execute
 
    Do Until objRecordSet.EOF
        If objRecordSet.Fields("displayName") = strGPODisplayName Then
          GetGPOADsPath = "LDAP://" & objRecordSet.Fields("distinguishedName")
          objConnection.Close
          Exit Function
        End If
        objRecordSet.MoveNext
    Loop
    objConnection.Close
End Function

Assign a New Manager to an OU


Assigns the user account AkersKim as manager of the Sales OU in Active Directory.
 
Set objContainer = GetObject _
  ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
 
objContainer.Put "managedBy", "cn=AkersKim,ou=Sales,dc=NA,dc=fabrikam,dc=com"
objContainer.SetInfo

Clear COM+ Attributes from a User Account


Removes all information from the msCOM-UserPartitionSetLink attribute of the MyerKen user account in Active Directory.
 
Const ADS_PROPERTY_CLEAR = 1 
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")

objUser.PutEx ADS_PROPERTY_CLEAR, "msCOM-UserPartitionSetLink", 0
objUser.SetInfo

Clear the COM+ Partition Link Set of an OU


Removes the COM+ partition link set assigned to the Sales OU in Active Directory.
 
Const ADS_PROPERTY_CLEAR = 1 

Set objContainer = GetObject _
  ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
 
objContainer.PutEx ADS_PROPERTY_CLEAR, "msCOM-UserPartitionSetLink", 0
objContainer.SetInfo

Clear the General Properties of an OU


Modifies the attribute values found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
 
Const ADS_PROPERTY_CLEAR = 1 

Set objContainer = GetObject _
  ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
 
objContainer.PutEx ADS_PROPERTY_CLEAR, "description", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "street", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "l", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "st", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "postalCode", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "c", 0
objContainer.SetInfo

Clear the Group Policy Links Assigned to an OU


Removes all the Group Policy links assigned to the Sales OU in Active Directory. 
Const ADS_PROPERTY_CLEAR = 1 
 
Set objContainer = GetObject _
    ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")

objContainer.PutEx ADS_PROPERTY_CLEAR, "gPLink", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "gPOptions", 0
objContainer.SetInfo

Create an OU


Creates a new organizational unit within Active Directory.
 
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")

Set objOU = objDomain.Create("organizationalUnit", "ou=Management")
objOU.SetInfo

Create an OU in an Existing OU


Creates a new organizational unit (OU2) in an existing organizational unit (OU1).
 
Set objOU1 = GetObject("LDAP://ou=OU1,dc=na,dc=fabrikam,dc=com")

Set objOU2 = objOU1.Create("organizationalUnit", "ou=OU2")
objOU2.SetInfo

Delete an OU


Deletes an organizational unit named HR from the domain fabrikam.com. 
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")

objDomain.Delete "organizationalUnit", "ou=hr"

List the System Access Control List of an OU


Returns information found on the System Access Control List (SACL) for the Sales OU in Active Directory.
 
Const SE_SACL_PROTECTED = &H2000 
Const ADS_SECURITY_INFO_OWNER = &H1 
Const ADS_SECURITY_INFO_GROUP = &H2
Const ADS_OPTION_SECURITY_MASK =&H3
Const ADS_SECURITY_INFO_DACL = &H4 
Const ADS_SECURITY_INFO_SACL = &H8
 
Set objContainer = GetObject _
    ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
 
objContainer.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_OWNER _
    Or ADS_SECURITY_INFO_GROUP Or ADS_SECURITY_INFO_DACL _
    Or ADS_SECURITY_INFO_SACL
  
Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor")
 
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
 
WScript.Echo "Auditing Tab"
strMessage = "Allow inheritable auditing entries from" & _ 
    "the parent to propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_SACL_PROTECTED) Then
    Wscript.Echo strMessage & "is disabled."
Else
    WScript.Echo strMessage & "is enabled."
End If
WScript.Echo 
 
Set objSacl = objNtSecurityDescriptor.SystemAcl
DisplayAceInformation objSacl, "SACL"
 
Sub DisplayAceInformation(SecurityStructure, strType)
    Const ADS_ACETYPE_SYSTEM_AUDIT = &H2 
    Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7 
  
    intAceCount = 0
    For Each objAce In SecurityStructure
        strTrustee = Mid(objAce.Trustee,1,12)
        If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
            intAceCount = intAceCount + 1
            WScript.Echo strType & " permission entry: " & intAceCount
            WScript.Echo "Name: " & objAce.Trustee
 
            intAceType = objAce.AceType
            WScript.Echo "ACETYPE IS: " & intAceType
            If (intAceType = ADS_ACETYPE_SYSTEM_AUDIT or _
                intAceType = ADS_ACETYPE_SYSTEM_AUDIT_OBJECT) Then
                WScript.StdOut.Write "Type: Success or Failure Audit"
            Else
                WScript.StdOut.Write "Audit Type Unknown."
            End If
            ReadBitsInAccessMask(objAce.AccessMask)
            WScript.Echo 
        End If
    Next
End Sub
 
Sub ReadBitsInAccessMask(AccessMask)
    Const ADS_RIGHT_DELETE = &H10000
    Const ADS_RIGHT_READ_CONTROL = &H20000
    Const ADS_RIGHT_WRITE_DAC = &H40000
    Const ADS_RIGHT_WRITE_OWNER = &H80000
    Const ADS_RIGHT_DS_CREATE_CHILD = &H1
    Const ADS_RIGHT_DS_DELETE_CHILD = &H2
    Const ADS_RIGHT_ACTRL_DS_LIST = &H4
    Const ADS_RIGHT_DS_SELF = &H8
    Const ADS_RIGHT_DS_READ_PROP = &H10
    Const ADS_RIGHT_DS_WRITE_PROP = &H20
    Const ADS_RIGHT_DS_DELETE_TREE = &H40
    Const ADS_RIGHT_DS_LIST_OBJECT = &H80
    Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
 
    WScript.Echo VbCrLf & "Standard Access Rights"
    If (AccessMask And ADS_RIGHT_DELETE) Then _
        WScript.Echo vbTab & "-Delete an object."
    If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
        WScript.Echo vbTab & "-Read permissions."
    If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
        WScript.Echo vbTab & "-Write permissions."
    If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
        WScript.Echo vbTab & "-Modify owner."
  
    WScript.Echo VbCrLf & "Directory Service Specific Access Rights"
    If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
        WScript.Echo vbTab & "-Create child objects."
    If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
        WScript.Echo vbTab & "-Delete child objects."
    If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
        WScript.Echo vbTab & "-Enumerate an object."
    If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
        WScript.Echo vbTab & "-Read the properties of an object."
    If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
        WScript.Echo vbTab & "-Write the properties of an object."
    If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
        WScript.Echo vbTab & "-Delete a tree of objects"
    If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
        WScript.Echo vbTab & "-List a tree of objects."
 
    WScript.Echo VbCrLf & "Control Access Rights"
    If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
        (AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
            WScript.Echo "-None"
    Else 
        If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
            WScript.Echo vbTab & "-Extended access rights."
        If (AccessMask And ADS_RIGHT_DS_SELF) Then
            WScript.Echo vbTab & "-Active Directory must validate a property "
            WScript.Echo vbTab & " write operation beyond the schema " & _
                "definition "
            WScript.Echo vbTab & " for the attribute."
        End If
    End If
End Sub

List the Attributes of the organizationalUnit Class


Returns both the mandatory and optional attributes for the organizationalUnit class (as found in the Active Directory schema).
 
Set objOrganizationalUnitClass = _
    GetObject("LDAP://schema/organizationalUnit")

Set objSchemaClass = GetObject(objOrganizationalUnitClass.Parent)
 
i = 0
WScript.Echo "Mandatory attributes:"

For Each strAttribute in objOrganizationalUnitClass.MandatoryProperties
    i= i + 1
    WScript.Echo i & vbTab & strAttribute
    Set objAttribute = objSchemaClass.GetObject("Property",  strAttribute)
    WScript.Echo " (Syntax: " & objAttribute.Syntax & ")"
    If objAttribute.MultiValued Then
        WScript.Echo " Multivalued"
    Else
        WScript.Echo " Single-valued"
    End If
Next
 
WScript.Echo VbCrLf & "Optional attributes:"
For Each strAttribute in objOrganizationalUnitClass.OptionalProperties
    i= i + 1
    WScript.StdOut.Write i & vbTab & strAttribute
    Set objAttribute = objSchemaClass.GetObject("Property",  strAttribute)
    Wscript.Echo " [Syntax: " & objAttribute.Syntax & "]"
    If objAttribute.MultiValued Then
        WScript.Echo " Multivalued"
    Else
        WScript.Echo " Single-valued"
    End If
Next

List COM+ Partition Sets


Returns a list of Active Directory COM+ partition sets.
 
Set objCOMPartitionSets = GetObject _
    ("LDAP://cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com")
 
For Each objPartitionSet in objCOMPartitionSets
    WScript.Echo "Name: " & objPartitionSet.Name
Next

List the General Properties of an OU


Returns information found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
 
On Error Resume Next

Set objContainer = GetObject _
  ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
 
For Each strValue in objContainer.description
  WScript.Echo "Description: " & strValue
Next
 
Wscript.Echo "Street Address: " & strStreetAddress
Wscript.Echo "Locality: " & 
Wscript.Echo "State/porvince: " & objContainer.st
Wscript.Echo "Postal Code: " & objContainer.postalCode
Wscript.Echo "Country: " & objContainer.c

List Group Policy Information for an OU


Returns the values found on the Group Policy page in Active Directory Users and Computers for the Sales OU.
 
On Error Resume Next

Set objContainer = GetObject _
    ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
 
strGpLink = objContainer.Get("gPLink")
intGpOptions = objContainer.Get("gPOptions")
 
If strGpLink <> " " Then
    arrGpLinkItems = Split(strGpLink,"]")
    For i = UBound(arrGPLinkItems) to LBound(arrGpLinkItems) + 1 Step -1
        arrGPLink = Split(arrGpLinkItems(i-1),";")
        strDNGPLink = Mid(arrGPLink(0),9)
        WScript.Echo GetGPOName
        Select Case arrGPLink(1)
        Case 0
            WScript.Echo "No Override is cleared and the GPO is enabled."
        Case 1
            WScript.Echo "No Override is cleared and the GPO is disabled."
        Case 2
            WScript.Echo "No Override is checked and the GPO is enabled."
        Case 3
            WScript.Echo "No Override is checked and the GPO is disabled."
      End Select
    Next
    WScript.Echo VbCrLf
End If
 
If intGpOptions = 1 Then
    WScript.Echo "Block Policy Inheritance is checked."
Else
    WScript.Echo "Block Policy Inheritance is not checked."
End If
    
Function GetGPOName
    Set objConnection = CreateObject("ADODB.Connection")  
    objConnection.Open "Provider=ADsDSOObject;"   
 
    Set objCommand = CreateObject("ADODB.Command")
    objCommand.ActiveConnection = objConnection
 
    objCommand.CommandText = _
        ";;" & _
            "distinguishedName,displayName;onelevel"
    Set objRecordSet = objCommand.Execute
 
    Do Until objRecordSet.EOF
        If objRecordSet.Fields("distinguishedName") = strDNGPLink Then
            GetGPOName = objRecordSet.Fields("displayName")
            objConnection.Close
            Exit Function
      End If
      objRecordSet.MoveNext
    Loop
    objConnection.Close
End Function

Modify the General Properties of an OU


Modifies the attribute values found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
 
Const ADS_PROPERTY_UPDATE = 2

Set objContainer = GetObject _
    ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
 
objContainer.Put "street", "Building 43" & vbCrLf & "One Microsoft Way"
objContainer.Put "l", "Redmond"
objContainer.Put "st", "Washington"
objContainer.Put "postalCode", "98053"
objContainer.Put "c", "US"
objContainer.PutEx ADS_PROPERTY_UPDATE, _
    "description", Array("Sales staff")
objContainer.SetInfo

Remove an OU Manager


Removes the manager entry for the Active Directory OU named Sales. When this group is run, the OU will no longer have an assigned manager.
 
Const ADS_PROPERTY_CLEAR = 1 
 
Set objContainer = GetObject _
  ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")

objContainer.PutEx ADS_PROPERTY_CLEAR, "managedBy", 0
objContainer.SetInfo

 

 


..About

..I'm a Computer  
..Systems Engineer

..Living and loving life
........................................


..Author
....