This week I needed to clear the ‘logon script’ field of all AD users (who had one set). While working on the code, I noticed you couldn’t just do ‘ objUser.scriptPath=”” ‘ as this would result in an error. So this was done with PutEx.
The following will search for each user (as specified in objRootDSE, the LDAP root path) who has scriptPath set to the same as strOldScript, so to get rid of the old kix script we once used.
As the code is mostly self explanatory, I’ll just give you the code.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
Option Explicit Dim adoCommand, adoConnection, strBase, strFilter, strAttributes Dim objRootDSE, strDNSDomain, strQuery, adoRecordset Dim strDN, objUser, strOldScript ' Specify old logon script. strOldScript = "kix32 staff.kix" Const ADS_PROPERTY_CLEAR = 1 ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" Set adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") strBase = "<LDAP://" & strDNSDomain & ">" ' Filter on users with old logon script. strFilter = "(&(objectCategory=person)(objectClass=user)" & "(scriptPath=" & strOldScript & "))" ' Comma delimited list of attribute values to retrieve. strAttributes = "distinguishedName" ' Construct the LDAP syntax query. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 100 adoCommand.Properties("Timeout") = 30 adoCommand.Properties("Cache Results") = False wscript.echo strQuery ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values. strDN = adoRecordset.Fields("distinguishedName").Value ' Bind to the user object. Set objUser = GetObject("LDAP://" & strDN) ' Clear the scriptPath attribute. objUser.PutEx ADS_PROPERTY_CLEAR, "scriptPath", 0 ' Save change to AD. objUser.SetInfo ' Move to the next record in the recordset. adoRecordset.MoveNext Loop ' Clean up. adoRecordset.Close adoConnection.Close |
Source: old site
Share
