VBScript - Active Directory
** work in progress
◄.Contents.►
Create Shortcut File Link Create Shortcut Folder Link iTunes Silent
Uninstall iTunes Silent Installation Offline Search Engine In HTA |
............
|
Δ Active
Directory
![bar1](http://eddiejackson.22web.net/web_images/lightgraybar.bmp)
*
Δ
Copy an Active Directory Computer Account
'Description 'Retrieves the attributes of an existing computer object and
copies the attributes to a new computer object created by the script.
'Script Code Set objCompt = _
GetObject("LDAP://cn=Computers,dc=NA,dc=fabrikam,dc=com") Set objComptCopy =
objCompt.Create("computer", "cn=SEA-SQL-01") objComptCopy.Put
"sAMAccountName", "sea-sql-01" objComptCopy.SetInfo Set objComptTemplate =
GetObject _ ("LDAP://cn=SEA-PM-01,cn=Computers,dc=NA,dc=fabrikam,dc=com")
arrAttributes = Array("description", "location") For Each strAttrib in
arrAttributes strValue = objComptTemplate.Get(strAttrib) objComptCopy.Put
strAttrib, strValue Next objComptCopy.SetInfo
Δ
Create a Computer Account For a Specific User
'Description 'Creates and enables a computer account in Active
Directory. A specific, authenticated user can then use this account to add his
or her workstation to the domain.
'Script Code strComputer =
"atl-pro-002" strComputerUser = "fabrikam\lewjudy" Const
ADS_UF_PASSWD_NOTREQD = &h0020 Const ADS_UF_WORKSTATION_TRUST_ACCOUNT =
&h1000 Const ADS_ACETYPE_ACCESS_ALLOWED = &h0 Const
ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &h5 Const ADS_FLAG_OBJECT_TYPE_PRESENT =
&h1 Const ADS_RIGHT_GENERIC_READ = &h80000000 Const ADS_RIGHT_DS_SELF =
&h8 Const ADS_RIGHT_DS_WRITE_PROP = &h20 Const ADS_RIGHT_DS_CONTROL_ACCESS
= &h100 Const ALLOWED_TO_AUTHENTICATE = _
"{68B1D179-0D15-4d4f-AB71-46152E79A7BC}" Const RECEIVE_AS =
"{AB721A56-1E2f-11D0-9819-00AA0040529B}" Const SEND_AS =
"{AB721A54-1E2f-11D0-9819-00AA0040529B}" Const USER_CHANGE_PASSWORD = _
"{AB721A53-1E2f-11D0-9819-00AA0040529b}" Const USER_FORCE_CHANGE_PASSWORD = _
"{00299570-246D-11D0-A768-00AA006E0529}" Const USER_ACCOUNT_RESTRICTIONS = _
"{4C164200-20C0-11D0-A768-00AA006E0529}" Const VALIDATED_DNS_HOST_NAME = _
"{72E39547-7B18-11D1-ADEF-00C04FD8D5CD}" Const VALIDATED_SPN =
"{F3A64788-5306-11D1-A9C5-0000F80367C1}" Set objRootDSE =
GetObject("LDAP://rootDSE") Set objContainer =
GetObject("LDAP://cn=Computers," & _ objRootDSE.Get("defaultNamingContext"))
Set objComputer = objContainer.Create _ ("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$" objComputer.Put
"userAccountControl", _ ADS_UF_PASSWD_NOTREQD Or
ADS_UF_WORKSTATION_TRUST_ACCOUNT objComputer.SetInfo Set
objSecurityDescriptor = objComputer.Get("ntSecurityDescriptor") Set objDACL =
objSecurityDescriptor.DiscretionaryAcl Set objACE1 =
CreateObject("AccessControlEntry") objACE1.Trustee = strComputerUser
objACE1.AccessMask = ADS_RIGHT_GENERIC_READ objACE1.AceFlags = 0
objACE1.AceType = ADS_ACETYPE_ACCESS_ALLOWED Set objACE2 =
CreateObject("AccessControlEntry") objACE2.Trustee = strComputerUser
objACE2.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS objACE2.AceFlags = 0
objACE2.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT objACE2.Flags =
ADS_FLAG_OBJECT_TYPE_PRESENT objACE2.ObjectType = ALLOWED_TO_AUTHENTICATE
Set objACE3 = CreateObject("AccessControlEntry") objACE3.Trustee =
strComputerUser objACE3.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE3.AceFlags = 0 objACE3.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE3.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT objACE3.ObjectType = RECEIVE_AS
Set objACE4 = CreateObject("AccessControlEntry") objACE4.Trustee =
strComputerUser objACE4.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE4.AceFlags = 0 objACE4.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE4.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT objACE4.ObjectType = SEND_AS
Set objACE5 = CreateObject("AccessControlEntry") objACE5.Trustee =
strComputerUser objACE5.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objACE5.AceFlags = 0 objACE5.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE5.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT objACE5.ObjectType =
USER_CHANGE_PASSWORD Set objACE6 = CreateObject("AccessControlEntry")
objACE6.Trustee = strComputerUser objACE6.AccessMask =
ADS_RIGHT_DS_CONTROL_ACCESS objACE6.AceFlags = 0 objACE6.AceType =
ADS_ACETYPE_ACCESS_ALLOWED_OBJECT objACE6.Flags =
ADS_FLAG_OBJECT_TYPE_PRESENT objACE6.ObjectType = USER_FORCE_CHANGE_PASSWORD
Set objACE7 = CreateObject("AccessControlEntry") objACE7.Trustee =
strComputerUser objACE7.AccessMask = ADS_RIGHT_DS_WRITE_PROP
objACE7.AceFlags = 0 objACE7.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE7.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT objACE7.ObjectType =
USER_ACCOUNT_RESTRICTIONS Set objACE8 = CreateObject("AccessControlEntry")
objACE8.Trustee = strComputerUser objACE8.AccessMask = ADS_RIGHT_DS_SELF
objACE8.AceFlags = 0 objACE8.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE8.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT objACE8.ObjectType =
VALIDATED_DNS_HOST_NAME Set objACE9 = CreateObject("AccessControlEntry")
objACE9.Trustee = strComputerUser objACE9.AccessMask = ADS_RIGHT_DS_SELF
objACE9.AceFlags = 0 objACE9.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE9.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT objACE9.ObjectType =
VALIDATED_SPN objDACL.AddAce objACE1 objDACL.AddAce objACE2
objDACL.AddAce objACE3 objDACL.AddAce objACE4 objDACL.AddAce objACE5
objDACL.AddAce objACE6 objDACL.AddAce objACE7 objDACL.AddAce objACE8
objDACL.AddAce objACE9 objSecurityDescriptor.DiscretionaryAcl = objDACL
objComputer.Put "ntSecurityDescriptor", objSecurityDescriptor
objComputer.SetInfo
Δ
Delete a Computer Account
'Description 'Deletes an individual computer account in Active Directory.
'Script Code strComputer = "atl-pro-040" set objComputer =
GetObject("LDAP://CN=" & strComputer & _ ",CN=Computers,DC=fabrikam,DC=com")
objComputer.DeleteObject (0)
Δ
Disable a Global Catalog Server
'Description 'Disables the global catalog service on the domain
controller atl-dc-01.
'Script Code strComputer = "atl-dc-01" Const
NTDSDSA_OPT_IS_GC = 1 Set objRootDSE = GetObject("LDAP://" & strComputer &
"/rootDSE") strDsServiceDN = objRootDSE.Get("dsServiceName") Set objDsRoot
= GetObject _ ("LDAP://" & strComputer & "/" & strDsServiceDN) intOptions
= objDsRoot.Get("options") If intOptions And NTDSDSA_OPT_IS_GC Then
objDsRoot.Put "options", intOptions Xor NTDSDSA_OPT_IS_GC objDsRoot.Setinfo
End If
Δ
Enable a Global Catalog Server
'Description 'Enables the global catalog service on the domain controller
atl-dc-01.
'Script Code strComputer = "atl-dc-01" Const
NTDSDSA_OPT_IS_GC = 1 Set objRootDSE = GetObject("LDAP://" & strComputer &
"/RootDSE") strDsServiceDN = objRootDSE.Get("dsServiceName") Set objDsRoot
= GetObject _ ("LDAP://" & strComputer & "/" & strDsServiceDN) intOptions
= objDsRoot.Get("options") If (intOptions And NTDSDSA_OPT_IS_GC) = FALSE Then
objDsRoot.Put "options" , intOptions Or NTDSDSA_OPT_IS_GC objDsRoot.Setinfo
End If
Δ Join a Computer to a Domain
'Description 'Joins the local computer to a domain and creates the
computer's account in Active Directory.
'Script Code Const JOIN_DOMAIN
= 1 Const ACCT_CREATE = 2 Const ACCT_DELETE = 4 Const WIN9X_UPGRADE =
16 Const DOMAIN_JOIN_IF_JOINED = 32 Const JOIN_UNSECURE = 64 Const
MACHINE_PASSWORD_PASSED = 128 Const DEFERRED_SPN_SET = 256 Const
INSTALL_INVOCATION = 262144 strDomain = "FABRIKAM" strPassword =
"ls4k5ywA" strUser = "shenalan" Set objNetwork =
CreateObject("WScript.Network") strComputer = objNetwork.ComputerName Set
objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _ strComputer &
"'") ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, strDomain & "\" & strUser, NULL, _ JOIN_DOMAIN + ACCT_CREATE)
Δ
List All Computer Accounts in Active Directory
'Description 'Returns the name and location for all the computer
accounts in Active Directory. 'Script Code Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection") Set objCommand =
CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider" Set
objCOmmand.ActiveConnection = objConnection objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=fabrikam,DC=com' " _ & "Where
objectClass='computer'" objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE Set objRecordSet =
objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF
Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value
Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value
objRecordSet.MoveNext Loop
*
![bar1](http://eddiejackson.22web.net/web_images/lightgraybar.bmp)
|
|
..About
..I'm a Computer ..Systems Engineer
..Living and loving life ........................................
..Author ...
|