need help Set objUser = GetObject _ syntax

need help Set objUser = GetObject _ syntax

Post by Jaso » Tue, 18 Mar 2003 12:03:35



I'm trying to create a query for account status (locked or unlocked).
My problem is that I have multiple OU's and I'd like to check accounts
in multiple OU's without changing the OU section of this script:

Set objUser = GetObject _
("LDAP://cn=joe blow,ou=,ou=ou1,ou=ou2,dc=whatever,dc=com")

If objUser.AccountDisabled = FALSE Then
WScript.echo "The account is enabled."
Else
WScript.echo "The account is disabled."
End If

Is there a way to do a wildcard on the OU's so I dont have to change
the OU names when I change the user name?  If not, what's the best way
to go about doing this?  I'd love to put together a web page so people
could just plug in the CN name and get a result.

Thanks, Jason.

 
 
 

need help Set objUser = GetObject _ syntax

Post by Richard Muelle » Tue, 18 Mar 2003 15:06:36



>I'm trying to create a query for account status (locked
or unlocked).
>My problem is that I have multiple OU's and I'd like to
check accounts
>in multiple OU's without changing the OU section of this
script:

>Set objUser = GetObject _
>("LDAP://cn=joe

blow,ou=,ou=ou1,ou=ou2,dc=whatever,dc=com")
Quote:

>If objUser.AccountDisabled = FALSE Then
>WScript.echo "The account is enabled."
>Else
>WScript.echo "The account is disabled."
>End If

>Is there a way to do a wildcard on the OU's so I dont
have to change
>the OU names when I change the user name?  If not, what's
the best way
>to go about doing this?  I'd love to put together a web
page so people
>could just plug in the CN name and get a result.

>Thanks, Jason.
>.

Hi,

The best way to search AD is to use ADO. ADO can find a
user where you know the cn, but not where in AD the object
is located. There is no wildcard syntax for GetObject.

You mention locked out accounts, but I think you mean
disabled, since you use the AccountDisabled method in your
code example. ADO can filter on and retrieve attributes.
However, AccountDisabled is a method, not an attribute.
Instead, you have to filter or retrieve the
userAccountControl attribute, one bit of which indicates
if the account is disabled. The following uses ADO to
retrieve all users in the domain, then outputs the DN of
those that are disabled:

Option Explicit
Dim objConnection, objCommand, objRootDSE
Dim strDNSDomain, strFilter, strQuery, objRecordSet
Dim strDN, intFlag

Const ADS_UF_ACCOUNTDISABLE = &H02

' Use ADO to search Active Directory.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

strFilter = "(&(objectCategory=person)(objectClass=user))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
  & ";distinguishedName,userAccountControl;subtree"

objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False

' Enumerate all users. Check if accounts disabled.
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
  strDN = objRecordSet.Fields("distinguishedName")
  intFlag = objRecordSet.Fields("userAccountControl")
  If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then
    Wscript.Echo "Account disabled: " & strDN
  End If
  objRecordSet.MoveNext
Loop

This VBScript is meant to be run at a command prompt with
the cscript host. The output could be redirected to a text
file. You would have to modify for a web page.

If you only want to check one user, you would replace the
statement assigning strFilter above as follows, if you
know the cn (common name):

strCN = "Test User"
strFilter = "(&(objectCategory=person)" _
  & "(objectClass=user)(cn=" & strCN & "))"

I hope this helps.

Richard
http://www.RLMueller.net

 
 
 

1. GetObject and LDAP:// with Objuser & ObjMailbox

Hi,

I would like to know how to use GetObject and LDAP:// to filter and search
all the users in the Active Directory and use Objuser & ObjMailbox.
Because with GetObject and Winnt://, i can found all te users from the AD,
but i cannot use Objuser & Objmailbox with the Winnt:\\ connection.

Actually i m using :

Set objContainer = GetObject
("LDAP://OU=User_Exchange,DC=Cif75bis,DC=Local")
objContainer.Filter = Array("User")

For Each objUser In objContainer
   name = objUser.name

 Set objMailbox = objUser
       If objMailbox.HomeMDB = "" Then
          Wscript.Echo name + "   (no mailbox)"
       Else
          'Wscript.Echo name + "   (no mailbox)"
          objMailbox.DeleteMailbox
          objUser.SetInfo
       End If

ETC ETC ETC.....

But with this, i have to specifie the OU or CN names to search in to.
How can i found any users and bind them with Objuser and ObjMailbox from the
the AD with LDAP:\\ interfaces.

Thanks
Jean-Christophe QUIRIN

2. OpenVMS EXE Files

3. Setting Timeouts on GetObject Queries

4. Changing the system date for different sessions.

5. SMS&_ / SMS account deletion and Default Domain Controller GPO - help, please!

6. indy VINO

7. Need help setting up XP laptops to access SBS 4.5 Server

8. Zyxel 944s Cable Modem - Is anybody familiar ?

9. Need help setting up a simple fax server

10. $$Need help setting up POP3 internet mail

11. Changed ISP Need help in setting exchange

12. Need to find a consultant to help set-up VPN

13. Need help setting up router