Noah382
asked on
Run VBScript on Active Directory Users which names begin with certain defined letters.
Hello All,
I am stuck on this vbscript with the requirments that I have been directed to provide. Here is the situation, we have multiple users that need to have "Smart Card Required for interactive Logon" enabled on their Active Directory account. We are running a windows 2003 domain. When I say multiple users, i'm talking in the range of 5,000 - 10,000 users.
Currently, I have the code that looks at a defined OU in active directory, and automatically enables the smart card required option for all the users in that OU. Here is the VBScript code:
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Set objOU = GetObject _
("LDAP://ou=TestUsers,dc=T
For Each objUser In objOU
intUAC = objUser.Get("userAccountCo
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED)
objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
objUser.SetInfo
End If
Next
This works perfectly on all users in the defined OU. However, I just been informed that we do not want to run this script on all users, since we don't want to have a mass problem. SO... what we are looking for is a script the runs only on usernames that start with defined letters. For example, we want to run the script on all users that begin with the letter "A". We will run that on day one to ensure no problems occur. Then the next day we will change it to all users that begin with the letter "B"... and so on...
Any help on this would be very much appreciated.
Thanks,
Noah
I am stuck on this vbscript with the requirments that I have been directed to provide. Here is the situation, we have multiple users that need to have "Smart Card Required for interactive Logon" enabled on their Active Directory account. We are running a windows 2003 domain. When I say multiple users, i'm talking in the range of 5,000 - 10,000 users.
Currently, I have the code that looks at a defined OU in active directory, and automatically enables the smart card required option for all the users in that OU. Here is the VBScript code:
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Set objOU = GetObject _
("LDAP://ou=TestUsers,dc=T
For Each objUser In objOU
intUAC = objUser.Get("userAccountCo
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED)
objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
objUser.SetInfo
End If
Next
This works perfectly on all users in the defined OU. However, I just been informed that we do not want to run this script on all users, since we don't want to have a mass problem. SO... what we are looking for is a script the runs only on usernames that start with defined letters. For example, we want to run the script on all users that begin with the letter "A". We will run that on day one to ensure no problems occur. Then the next day we will change it to all users that begin with the letter "B"... and so on...
Any help on this would be very much appreciated.
Thanks,
Noah
ASKER
S.Mani,
Thanks for the quick reply. I am trying the script and it says "Wrong number of arguments or invalid property assignment" at the "strUName=objUser" line 11 Char 7. Any ideas?
Thanks for the quick reply. I am trying the script and it says "Wrong number of arguments or invalid property assignment" at the "strUName=objUser" line 11 Char 7. Any ideas?
ASKER
I'm looking at the "instr" command that you included in your script. I'm not sure if this command will work with what i'm trying to do. That command searches through the strings to see if one string matches the other string at any point. Therefore, if we are searching for the letter "m" for example, it's going to see if it matches in the username, therefore it might run on accounts that shouldn't be ran on.
Any other ideas?
Thanks,
Noah
Any other ideas?
Thanks,
Noah
ASKER
I got it figured out using the "Left" function.
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Dim strFirstLetter ,strUName, intDo
'Change the first letter here
strFirstLetter = "M"
'Change the Domain name and OU here
Set objOU = GetObject _
("LDAP://ou=TestUsers,dc=T
For Each objUser In objOU
strUName = objUser.Get("sn")
intDo = 0
intDo = Left(strUName,1)
If intDo = strFirstLetter then
intUAC = objUser.Get("userAccountCo
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED)
objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
objUser.SetInfo
End If
End If
Next
Thanks anyways.
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Dim strFirstLetter ,strUName, intDo
'Change the first letter here
strFirstLetter = "M"
'Change the Domain name and OU here
Set objOU = GetObject _
("LDAP://ou=TestUsers,dc=T
For Each objUser In objOU
strUName = objUser.Get("sn")
intDo = 0
intDo = Left(strUName,1)
If intDo = strFirstLetter then
intUAC = objUser.Get("userAccountCo
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED)
objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
objUser.SetInfo
End If
End If
Next
Thanks anyways.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please find the modified script given below. As I am not having any domain to test this, I was not able to test it before giving it to you. Still I have taken care and I believe you shouldn't have any issues.. Let me know if you have any issues
'*************************
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Dim strFirstLetter ,strUName, intDo
'Change the first letter here
strFirstLetter = "A"
strFirstLetter = UCase(strFirstLetter )
Set objOU = GetObject _
("LDAP://ou=TestUsers,dc=T
For Each objUser In objOU
strUName = objUser
strUName = UCase(strUName)
intDo = 0
intDo = instr(strUName,strFirstLet
If intDo = 1 then
intUAC = objUser.Get("userAccountCo
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED)
objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
objUser.SetInfo
End If
End If
Next
'*************************
thanks
S.Mani