Just be careful, remember in AD administrators can set permissions
right down to the attribute Level.
It is a good idea to have a common set of attributes that users are
allowed to change check that with you sys admin first as GPO's and
other policies might overright security contexts.
On Sun, 30 Mar 2003 20:15:51 +1200, "david"
>Great, thanks Richard
>> Users typically have permissions to update attributes of
>> their own user object. You might consider a separate app
>> they run at any time, rather than forcing them to update
>> fields during logon.
>> Binding to the user object during logon is easy if all
>> clients are W2k or above:
>> Set objSysInfo = CreateObject("ADSystemInfo")
>> strUserAdsPath = objSysInfo.UserName
>> Set objUser = GetObject("LDAP://" & strUserAdsPath)
>> If some clients are Win9x or NT, they need DSClient
>> installed and ADSystemInfo is not available. They must use
>> WshNetwork to retrieve the NT logon name and then use the
>> NameTranslate object to convert this to distinguishedName.
>> Also, you need to use NameTranslate to convert the DNS
>> domain name to the NetBIOS domain (unless you hard code
>> the NetBIOS domain name). The code below will work on all
>> Set objNetwork = CreateObject("Wscript.Network")
>> ' Loop required for Win9x clients during logon.
>> strNTName = ""
>> On Error Resume Next
>> Do While strNTName = ""
>> strNTName = objNetwork.UserName
>> If Wscript.Version > 5 Then
>> Wscript.Sleep 100
>> End If
>> On Error GoTo 0
>> ' Determine DNS domain name from RootDSE object.
>> Set objRootDSE = GetObject("LDAP://RootDSE")
>> strDNSDomain = objRootDSE.Get("DefaultNamingContext")
>> ' Use NameTranslate to find NetBIOS domain name from the
>> ' DNS domain name.
>> Set objTrans = CreateObject("NameTranslate")
>> objTrans.Init 3, strDNSDomain
>> objTrans.Set 1, strDNSDomain
>> strNetBIOSDomain = objTrans.Get(3)
>> strNetBIOSDomain = Left(strNetBIOSDomain, _
>> Len(strNetBIOSDomain) - 1)
>> ' Use NameTranslate to convert the NT user name to the
>> ' Distinguished Name required for the LDAP provider.
>> objTrans.Init 1, strNetBIOSDomain
>> objTrans.Set 3, strNetBIOSDomain & "\" & strNTName
>> strUserDN = objTrans.Get(1)
>> ' Bind to the user object in Active Directory.
>> Set objUser = GetObject("LDAP://" & strUserDN)
>> >-----Original Message-----
>> >I've got a couple of questions around having a user
>> update a couple of
>> >fields in there own user object as part of a logon script
>> >Q1: How can I bind to the user running the wscript? Is
>> there some sort of
>> >"use me" notation? (like in WMI queries where you can use
>> a "." to specifiy
>> >the local device)
>> >Q2: Does a user typically have rights to update their
>> user object? (fields
>> >like phone number etc)
Professional ADSI/DirectoryServices Help and answers?
Professional WMI Programming Help and answers?