Change user object attribute on all users in AD domain

Change user object attribute on all users in AD domain

Post by Dan » Fri, 28 Mar 2003 13:33:22



i'm on the lookout for a script that will change the info
attribute on every user in the domain.  I'm new to ADSI
and from my reading thus far seem to have broken the task
into the following three operations. 1) enumerate all
user objects in the domain, 2) identify some way to find
the full LDAP context of the object and 3) finally update
the attribute and .SetInfo.  Does anyone have any
suggestions or examples of how this can be done?

I was working with ADO initially but discovered that it
does not have any update facilities for AD.  Using the
following script i am able to enumerate all users, but
that is about as far as I have gotten.  Thanks in advance.

Dan

Dim oDomain
        Dim strDomainName
        Dim User
        strDomainName = "shastalink"
        Set oDomain = GetObject("WinNT://microsoft")
        oDomain.Filter = Array("User")
        For Each User in oDomain
                 Wscript.Echo User.Name
                 'User.GetInfo
                 'User.Info = Null
                 'User.SetInfo
        Next
Set oDomain = Nothing

 
 
 

Change user object attribute on all users in AD domain

Post by Marc Scheuner [MVP » Fri, 28 Mar 2003 16:38:50


On Wed, 26 Mar 2003 20:33:22 -0800, "Dan"


>i'm on the lookout for a script that will change the info
>attribute on every user in the domain.  I'm new to ADSI
>and from my reading thus far seem to have broken the task
>into the following three operations. 1) enumerate all
>user objects in the domain, 2) identify some way to find
>the full LDAP context of the object and 3) finally update
>the attribute and .SetInfo.  Does anyone have any
>suggestions or examples of how this can be done?

>I was working with ADO initially

I'd recommend doing this:

1) Enumerate your domain users using ADO and LDAP paths
2) Include the "distinguishedName" attribute in your search results
3) For each user found, bind to the user (using the DN)
4) Update your user attributes

AD was designed for fast queries, not for bulk inserts or updates, so
it is a bit more involved than bulk updating a SQL table or something
like that.

Using the LDAP paths from the get go will allow you to skip the
(costly) step of having to convert WinNT based names into LDAP
equivalents - forget WinNT, it's obsolete, it should be avoided
whereever possible.

Marc

================================================================
Marc Scheuner                        May The Source Be With You!
Bern, Switzerland                         m.scheuner(at)inova.ch

 
 
 

Change user object attribute on all users in AD domain

Post by Dan » Sat, 29 Mar 2003 02:29:45


Marc,

Thanks for the information.  I'm looking for more
information on the DistinguishedName property.  When I
execute my script it says that it doesn't exist in the
recordset.  I'm searching MSDN but not finding what I had
hoped for.  Do you have any references?

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select *
from 'LDAP://DC=microsoft,DC=com' where
objectClass='user'"  
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRS = objCommand.Execute
objRS.MoveFirst
Do Until objRS.EOF
    If Not IsNull(objRS.Fields("Info").Value) Then
                Wscript.Echo "DN: " & objRS.Fields
("distinguishedname").Value
                Wscript.Echo VbCrLf
    End If
    objRS.MoveNext
Loop

>-----Original Message-----
>On Wed, 26 Mar 2003 20:33:22 -0800, "Dan"

>>i'm on the lookout for a script that will change the
info
>>attribute on every user in the domain.  I'm new to ADSI
>>and from my reading thus far seem to have broken the
task
>>into the following three operations. 1) enumerate all
>>user objects in the domain, 2) identify some way to
find
>>the full LDAP context of the object and 3) finally
update
>>the attribute and .SetInfo.  Does anyone have any
>>suggestions or examples of how this can be done?

>>I was working with ADO initially

>I'd recommend doing this:

>1) Enumerate your domain users using ADO and LDAP paths
>2) Include the "distinguishedName" attribute in your
search results
>3) For each user found, bind to the user (using the DN)
>4) Update your user attributes

>AD was designed for fast queries, not for bulk inserts
or updates, so
>it is a bit more involved than bulk updating a SQL table
or something
>like that.

>Using the LDAP paths from the get go will allow you to
skip the
>(costly) step of having to convert WinNT based names
into LDAP
>equivalents - forget WinNT, it's obsolete, it should be
avoided
>whereever possible.

>Marc

>=========================================================
=======
>Marc Scheuner                        May The Source Be
With You!
>Bern, Switzerland                         m.scheuner(at)
inova.ch
>.

 
 
 

Change user object attribute on all users in AD domain

Post by Dan » Sat, 29 Mar 2003 03:18:34


I was outsmarting myself with the code I posted last.  
This one works.  I'll post my final code when I get
finished.

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select DistinguishedName
from 'LDAP://DC=microsoft,DC=com' where
objectClass='user'"  
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRS = objCommand.Execute
objRS.MoveFirst
Do Until objRS.EOF
    If Not IsNull(objRS.Fields
("DistinguishedName").Value) Then
                Wscript.Echo "DN: " & objRS.Fields
("DistinguishedName").Value
                Wscript.Echo VbCrLf
    End If
    objRS.MoveNext
Loop

 
 
 

Change user object attribute on all users in AD domain

Post by Dan » Sat, 29 Mar 2003 04:12:03


Here is what i'm working with now.  I am receiving the
follwing error when I try to update the .Info property.  
Any suggestions?

C:\temp\adsi>cscript first.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights
reserved.

C:\temp\adsi\first.vbs(22, 3) Microsoft VBScript runtime
error: Object required:
 'objUser.Info'

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select DistinguishedName
from 'LDAP://DC=shastalink,DC=k12,DC=ca,DC=us' where
objectClass='user'"  
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRS = objCommand.Execute
objRS.MoveFirst
Do Until objRS.EOF
    If Not IsNull(objRS.Fields
("DistinguishedName").Value) Then
                i = i + 1
                Set objUser = GetObject("LDAP://" &
objRS.Fields("DistinguishedName"))
                Set objUser.Info = Null
                objUser.SetInfo
                objUser = Nothing
    End If
    objRS.MoveNext
Loop
Wscript.Echo i & " records updated"

>-----Original Message-----
>Marc,

>Thanks for the information.  I'm looking for more
>information on the DistinguishedName property.  When I
>execute my script it says that it doesn't exist in the
>recordset.  I'm searching MSDN but not finding what I
had
>hoped for.  Do you have any references?

>Const ADS_SCOPE_SUBTREE = 2
>Set objConnection = CreateObject("ADODB.Connection")
>Set objCommand =   CreateObject("ADODB.Command")
>objConnection.Provider = "ADsDSOObject"
>objConnection.Open "Active Directory Provider"
>Set objCommand.ActiveConnection = objConnection
>objCommand.CommandText = "Select *
>from 'LDAP://DC=microsoft,DC=com' where
>objectClass='user'"  
>objCommand.Properties("Page Size") = 100
>objCommand.Properties("Timeout") = 30
>objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>objCommand.Properties("Cache Results") = False
>Set objRS = objCommand.Execute
>objRS.MoveFirst
>Do Until objRS.EOF
>    If Not IsNull(objRS.Fields("Info").Value) Then
>            Wscript.Echo "DN: " & objRS.Fields
>("distinguishedname").Value
>            Wscript.Echo VbCrLf
>    End If
>    objRS.MoveNext
>Loop

>>-----Original Message-----
>>On Wed, 26 Mar 2003 20:33:22 -0800, "Dan"

>>>i'm on the lookout for a script that will change the
>info
>>>attribute on every user in the domain.  I'm new to
ADSI
>>>and from my reading thus far seem to have broken the
>task
>>>into the following three operations. 1) enumerate all
>>>user objects in the domain, 2) identify some way to
>find
>>>the full LDAP context of the object and 3) finally
>update
>>>the attribute and .SetInfo.  Does anyone have any
>>>suggestions or examples of how this can be done?

>>>I was working with ADO initially

>>I'd recommend doing this:

>>1) Enumerate your domain users using ADO and LDAP paths
>>2) Include the "distinguishedName" attribute in your
>search results
>>3) For each user found, bind to the user (using the DN)
>>4) Update your user attributes

>>AD was designed for fast queries, not for bulk inserts
>or updates, so
>>it is a bit more involved than bulk updating a SQL
table
>or something
>>like that.

>>Using the LDAP paths from the get go will allow you to
>skip the
>>(costly) step of having to convert WinNT based names
>into LDAP
>>equivalents - forget WinNT, it's obsolete, it should be
>avoided
>>whereever possible.

>>Marc

>>========================================================
=
>=======
>>Marc Scheuner                        May The Source Be
>With You!
>>Bern, Switzerland                         m.scheuner(at)
>inova.ch
>>.

>.

 
 
 

Change user object attribute on all users in AD domain

Post by Dan » Sat, 29 Mar 2003 04:41:32


I'm now receiving the following error:

C:\temp\adsi>cscript first.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights
reserved.

C:\temp\adsi\first.vbs(20, 3) (null): The attribute
syntax specified to the directory service is invalid.

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select DistinguishedName
from 'LDAP://DC=shastalink,DC=k12,DC=ca,DC=us' where
objectClass='user'"  
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRS = objCommand.Execute
objRS.MoveFirst
Do Until objRS.EOF
    If Not IsNull(objRS.Fields
("DistinguishedName").Value) Then
                i = i + 1
                Set objUser = GetObject("LDAP://" &
objRS.Fields("DistinguishedName"))
                objUser.Info = ""
                objUser.SetInfo
                objUser = Nothing
    End If
    objRS.MoveNext
Loop
Wscript.Echo i & " records updated"

>-----Original Message-----
>Here is what i'm working with now.  I am receiving the
>follwing error when I try to update the .Info property.  
>Any suggestions?

>C:\temp\adsi>cscript first.vbs
>Microsoft (R) Windows Script Host Version 5.6
>Copyright (C) Microsoft Corporation 1996-2001. All
rights
>reserved.

>C:\temp\adsi\first.vbs(22, 3) Microsoft VBScript runtime
>error: Object required:
> 'objUser.Info'

>Const ADS_SCOPE_SUBTREE = 2

>Set objConnection = CreateObject("ADODB.Connection")
>Set objCommand =   CreateObject("ADODB.Command")
>objConnection.Provider = "ADsDSOObject"
>objConnection.Open "Active Directory Provider"
>Set objCommand.ActiveConnection = objConnection
>objCommand.CommandText = "Select DistinguishedName
>from 'LDAP://DC=shastalink,DC=k12,DC=ca,DC=us' where
>objectClass='user'"  
>objCommand.Properties("Page Size") = 100
>objCommand.Properties("Timeout") = 30
>objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>objCommand.Properties("Cache Results") = False
>Set objRS = objCommand.Execute
>objRS.MoveFirst
>Do Until objRS.EOF
>    If Not IsNull(objRS.Fields
>("DistinguishedName").Value) Then
>            i = i + 1
>            Set objUser = GetObject("LDAP://" &
>objRS.Fields("DistinguishedName"))
>            Set objUser.Info = Null
>            objUser.SetInfo
>            objUser = Nothing
>    End If
>    objRS.MoveNext
>Loop
>Wscript.Echo i & " records updated"

>>-----Original Message-----
>>Marc,

>>Thanks for the information.  I'm looking for more
>>information on the DistinguishedName property.  When I
>>execute my script it says that it doesn't exist in the
>>recordset.  I'm searching MSDN but not finding what I
>had
>>hoped for.  Do you have any references?

>>Const ADS_SCOPE_SUBTREE = 2
>>Set objConnection = CreateObject("ADODB.Connection")
>>Set objCommand =   CreateObject("ADODB.Command")
>>objConnection.Provider = "ADsDSOObject"
>>objConnection.Open "Active Directory Provider"
>>Set objCommand.ActiveConnection = objConnection
>>objCommand.CommandText = "Select *
>>from 'LDAP://DC=microsoft,DC=com' where
>>objectClass='user'"  
>>objCommand.Properties("Page Size") = 100
>>objCommand.Properties("Timeout") = 30
>>objCommand.Properties("Searchscope") =
ADS_SCOPE_SUBTREE
>>objCommand.Properties("Cache Results") = False
>>Set objRS = objCommand.Execute
>>objRS.MoveFirst
>>Do Until objRS.EOF
>>    If Not IsNull(objRS.Fields("Info").Value) Then
>>                Wscript.Echo "DN: " & objRS.Fields
>>("distinguishedname").Value
>>                Wscript.Echo VbCrLf
>>    End If
>>    objRS.MoveNext
>>Loop

>>>-----Original Message-----
>>>On Wed, 26 Mar 2003 20:33:22 -0800, "Dan"

>>>>i'm on the lookout for a script that will change the
>>info
>>>>attribute on every user in the domain.  I'm new to
>ADSI
>>>>and from my reading thus far seem to have broken the
>>task
>>>>into the following three operations. 1) enumerate all
>>>>user objects in the domain, 2) identify some way to
>>find
>>>>the full LDAP context of the object and 3) finally
>>update
>>>>the attribute and .SetInfo.  Does anyone have any
>>>>suggestions or examples of how this can be done?

>>>>I was working with ADO initially

>>>I'd recommend doing this:

>>>1) Enumerate your domain users using ADO and LDAP paths
>>>2) Include the "distinguishedName" attribute in your
>>search results
>>>3) For each user found, bind to the user (using the DN)
>>>4) Update your user attributes

>>>AD was designed for fast queries, not for bulk inserts
>>or updates, so
>>>it is a bit more involved than bulk updating a SQL
>table
>>or something
>>>like that.

>>>Using the LDAP paths from the get go will allow you to
>>skip the
>>>(costly) step of having to convert WinNT based names
>>into LDAP
>>>equivalents - forget WinNT, it's obsolete, it should
be
>>avoided
>>>whereever possible.

>>>Marc

>>>=======================================================
=
>=
>>=======
>>>Marc Scheuner                        May The Source Be
>>With You!
>>>Bern, Switzerland                         m.scheuner
(at)
>>inova.ch
>>>.

>>.

>.

 
 
 

Change user object attribute on all users in AD domain

Post by Joe Kapla » Sat, 29 Mar 2003 04:53:07


What is the Info property?  Is that supposed to be a property on the
IADsUser interface?  I don't see that in the documentation...

Joe K.


Quote:> I'm now receiving the following error:

> C:\temp\adsi>cscript first.vbs
> Microsoft (R) Windows Script Host Version 5.6
> Copyright (C) Microsoft Corporation 1996-2001. All rights
> reserved.

> C:\temp\adsi\first.vbs(20, 3) (null): The attribute
> syntax specified to the directory service is invalid.

> Const ADS_SCOPE_SUBTREE = 2

> Set objConnection = CreateObject("ADODB.Connection")
> Set objCommand =   CreateObject("ADODB.Command")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open "Active Directory Provider"
> Set objCommand.ActiveConnection = objConnection
> objCommand.CommandText = "Select DistinguishedName
> from 'LDAP://DC=shastalink,DC=k12,DC=ca,DC=us' where
> objectClass='user'"
> objCommand.Properties("Page Size") = 100
> objCommand.Properties("Timeout") = 30
> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
> objCommand.Properties("Cache Results") = False
> Set objRS = objCommand.Execute
> objRS.MoveFirst
> Do Until objRS.EOF
>     If Not IsNull(objRS.Fields
> ("DistinguishedName").Value) Then
> i = i + 1
> Set objUser = GetObject("LDAP://" &
> objRS.Fields("DistinguishedName"))
> objUser.Info = ""
> objUser.SetInfo
> objUser = Nothing
>     End If
>     objRS.MoveNext
> Loop
> Wscript.Echo i & " records updated"

 
 
 

Change user object attribute on all users in AD domain

Post by Dan » Sat, 29 Mar 2003 07:18:21


The .Info property is the "Notes" area of the Telephones
Property page.  Here is the final script i got to work.  
I did have a few errors when running the script on about
6 users out of 3500.  I added On Error Resume Next to
just bypass those accounts.  Another thing that I found
is that when you are setting the property for .Info
or .Description you can not use = Null or = "".  As you
will see in the script I had to use = " " for it to
work.  Otherwise it says that I am trying to pass an
invalid parameter to AD.  Email me if anyone has any
questions and I will try to impart my basic knowledge to
you.  Thanks for Marc for getting me on the right track!

Dan

Const ADS_SCOPE_SUBTREE = 2

On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select DistinguishedName, Name
from 'LDAP://DC=microsoft,DC=com' where
objectClass='user' order by name"  
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 90
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRS = objCommand.Execute
objRS.MoveFirst
Do Until objRS.EOF
    If Not IsNull(objRS.Fields
("DistinguishedName").Value) Then
                i = i + 1
                WScript.Echo i & "  " & objRS.Fields
("Name").Value
                Set objUser = GetObject("LDAP://" &
objRS.Fields("DistinguishedName"))
                objUser.Info = " "
                objUser.SetInfo
    End If
    objRS.MoveNext
Loop
Wscript.Echo i & " records updated"

>-----Original Message-----
>What is the Info property?  Is that supposed to be a
property on the
>IADsUser interface?  I don't see that in the
documentation...

>Joe K.



>> I'm now receiving the following error:

>> C:\temp\adsi>cscript first.vbs
>> Microsoft (R) Windows Script Host Version 5.6
>> Copyright (C) Microsoft Corporation 1996-2001. All
rights
>> reserved.

>> C:\temp\adsi\first.vbs(20, 3) (null): The attribute
>> syntax specified to the directory service is invalid.

>> Const ADS_SCOPE_SUBTREE = 2

>> Set objConnection = CreateObject("ADODB.Connection")
>> Set objCommand =   CreateObject("ADODB.Command")
>> objConnection.Provider = "ADsDSOObject"
>> objConnection.Open "Active Directory Provider"
>> Set objCommand.ActiveConnection = objConnection
>> objCommand.CommandText = "Select DistinguishedName
>> from 'LDAP://DC=shastalink,DC=k12,DC=ca,DC=us' where
>> objectClass='user'"
>> objCommand.Properties("Page Size") = 100
>> objCommand.Properties("Timeout") = 30
>> objCommand.Properties("Searchscope") =
ADS_SCOPE_SUBTREE
>> objCommand.Properties("Cache Results") = False
>> Set objRS = objCommand.Execute
>> objRS.MoveFirst
>> Do Until objRS.EOF
>>     If Not IsNull(objRS.Fields
>> ("DistinguishedName").Value) Then
>> i = i + 1
>> Set objUser = GetObject("LDAP://" &
>> objRS.Fields("DistinguishedName"))
>> objUser.Info = ""
>> objUser.SetInfo
>> objUser = Nothing
>>     End If
>>     objRS.MoveNext
>> Loop
>> Wscript.Echo i & " records updated"

>.

 
 
 

1. Change the default group (Domain Users) of a user object, when creating.

Hi, when I create a user object, the system by default includes the user in
the Security group "Domain Users", The current system account that I use to
create users does not have rights to change this to otherwise. I don't want
to enable any more privillages for this system account.

Is there away of stopping a user object from being included in the default
group or temporary changing the default group for the period of creation so
that the user object is included in a different group?

I have been looking for the soloution on google, and in the SDK, but being a
newbie my searches aren't all that efficient.

Thanks
Aaron

2. saving data into a file without overwriting

3. Changing "memberOf" attribute of an ADS object

4. Vuescan 7.5.59 & Scan Dual III

5. how to obtain user domain from a user object?

6. Font Chameleon

7. Using ADS SID of individual users to authenticate ADS users

8. Sybase connection LD_LIBRARY_PATH problem

9. Change User Password / Create NT Domain User

10. Help With User Object - Getting Attributes

11. Custom Object Class and User attribute

12. modify user objects Country\Region attribute?

13. Setting "memberOf" attribute of the User Object with LDAP