Actual Admins

Actual Admins

combined IT ramblings

  • Home
  • Apparel
  • KB
  • Home
  • Apparel
  • KB
> Operating Systems > Windows > Clearing an Active Directory user field with VBScript

Clearing an Active Directory user field with VBScript

Jeroen Hensing    November 29, 2012 January 18, 2016    No Comments on Clearing an Active Directory user field with VBScript

This week I needed to clear the ‘logon script’ field of all AD users (who had one set). While working on the code, I noticed you couldn’t just do ‘ objUser.scriptPath=”” ‘ as this would result in an error. So this was done with PutEx.

The following will search for each user (as specified in objRootDSE, the LDAP root path) who has scriptPath set to the same as strOldScript, so to get rid of the old kix script we once used.

As the code is mostly self explanatory, I’ll just give you the code.

Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset
Dim strDN, objUser, strOldScript
  
' Specify old logon script.
strOldScript = "kix32 staff.kix"
  
Const ADS_PROPERTY_CLEAR = 1 
  
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
  
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
  
' Filter on users with old logon script.
strFilter = "(&(objectCategory=person)(objectClass=user)" & "(scriptPath=" & strOldScript & "))"
  
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
  
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
wscript.echo strQuery
  
' Run the query.
Set adoRecordset = adoCommand.Execute
  
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
  
    ' Retrieve values.
    strDN = adoRecordset.Fields("distinguishedName").Value
    ' Bind to the user object.
    Set objUser = GetObject("LDAP://" & strDN)
 
    ' Clear the scriptPath attribute.
    objUser.PutEx ADS_PROPERTY_CLEAR, "scriptPath", 0
 
    ' Save change to AD.
    objUser.SetInfo
    ' Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop
 
' Clean up.
adoRecordset.Close
adoConnection.Close

Source: old site

Share
  • Tweet
Scripting, Windows     Active Directory, Login Script, VBS

About Jeroen Hensing

A dutch nerd who likes to mess around with computers.

View all posts by Jeroen Hensing →

Post navigation

Speed up folders with many similar named files
CMD.EXE: About Variables

Recent Posts

  • Hardening your PI: SSHD protection
  • Apply WhatIf to an entire script
  • Recovering NTFS inheritance
  • Zabbix monitoring
  • Managing Windows features using RSAT

Tags

Active Directory balloon tips batch CentOS clementine cmd.exe diskperf dns doshere driver empathy explorer firewall folders for command gmail login Login Script lvm mencoder merge performance postfix PowerShell printer Process Process Tree python recursion registry rsat runas search server 2012R2 shares ssh strict name checking ubuntu ufw variables VBS videos windows windows 7 windows features

Categories

  • Linux
  • Operating Systems
  • PowerShell
  • Raspberry PI
  • Scripting
  • Security
  • Windows

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Copyright Actual Admins ©2019
All rights reserved.