[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

10/15/2009 at 02:30PM PDT, ID: 24816470
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.2

VBscript - Need to Change a Small Item

Asked by itsmevic in VB Script, Active Directory

Hi,

  I have a script below that basically goes out and searches for accounts that have locked out 3 times within an 8 hour period.  I'd like to change the script now to within a 24 hour period.  Any help would be greatly appreciated.
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
If LCase(Right(Wscript.FullName, 11)) = "wscript.exe" Then
    strPath = Wscript.ScriptFullName
    strCommand = "%comspec% /k cscript  """ & strPath & """"
    objShell.Run(strCommand), 1, True
    Wscript.Quit
End If
 
strLogFolder = "\\server-abc\logs\ActLockout\Logs\"
'strLogFolder = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
 
' Set this to the maximum lockouts at which to trigger, inclusive
Const ActLockoutThreshold = 3
 
' Email variables:
strServer = "mailhost.abc.com"
strTo = "janedoe@abc.com"
strFrom = "johndoe@abc.com"
strSubject = "Account Lockout Status"
strBody = "Please see the account lockout status below:" & VbCrLf
 
Const ForReading = 1
Const adVarChar = 200
Const MaxCharacters = 255
Const adDouble = 5
 
boolThresholdReached = False
 
strShortDate = objShell.RegRead("HKCU\Control Panel\International\sShortDate")
If InStr(LCase(strShortDate), "d") < InStr(LCase(strShortDate), "m") Then
	strDateFormat = "dd/mm/yyyy"
Else
	strDateFormat = "mm/dd/yyyy"
End If
 
strDate = InputBox("Please enter the date of the files that you want to search" & VbCrLf & _
	"in " & strDateFormat & " format:", "Date to Search", strDateFormat)
 
If strDate <> "" And strDate <> strDateFormat Then
	
	dteDateFrom = CDate(strDate & " 00:00:00 AM")
	dteDateTo = CDate(strDate & " 11:59:59 PM")
	
	WScript.Echo "Parsing log folder " & strLogFolder & " for files created on " & strDate & VbCrLf & VbCrLf
 
	' Create the recordset to hold the entire data from each file parsed
	Set objData = CreateObject("ADOR.Recordset")
	objData.Fields.Append "Username", adVarChar, MaxCharacters
	objData.Fields.Append "DateTime", adVarChar, MaxCharacters
	objData.Fields.Append "DC", adVarChar, MaxCharacters
	objData.Fields.Append "PC", adVarChar, MaxCharacters
	objData.Open
	
	' Create the recordset to hold the information for each user once all of the files have been parsed
	Set objUsers = CreateObject("ADOR.Recordset")
	objUsers.Fields.Append "Username", adVarChar, MaxCharacters
	objUsers.Fields.Append "DistinguishedName", adVarChar, MaxCharacters
	objUsers.Fields.Append "ComputerName", adVarChar, MaxCharacters
	objUsers.Fields.Append "LockoutCount", adDouble
	objUsers.Open
 
	For Each objFile In objFSO.GetFolder(strLogFolder).Files
		If CDate(objFile.DateLastModified) > dteDateFrom And CDate(objFile.DateLastModified) < dteDateTo Then
			WScript.Echo "Parsing file " & objFile.Name & VbCrLf & VbCrLf
			 
			Set objFile = objFSO.OpenTextFile(objFile.Path, ForReading, False)
 
			strUsers = ";"
			 
			While Not objFile.AtEndOfStream
			    strLine = objFile.ReadLine
			    If strLine <> "" Then
				    arrLine = Split(LCase(strLine), ",")
				    objData.AddNew
				    objData("Username") = Trim(arrLine(0))
				    objData("DateTime") = Trim(arrLine(1)) & " " & Trim(arrLine(2))
				    objData("DC") = Trim(arrLine(3))
				    objData("PC") = Trim(arrLine(4))
				    objData.Update
				    If strUsers = "" Then
				    	strUsers = arrLine(0) & ";"
				    Else
				    	If InStr(strUsers, ";" & arrLine(0) & ";") = 0 Then strUsers = strUsers & arrLine(0) & ";"
				    End If
				End If
			Wend
			 
			objFile.Close
			 
			If Left(strUsers, 1) = ";" Then strUsers = Mid(strUsers, 2)
			If Right(strUsers, 1) = ";" Then strUsers = Left(strUsers, Len(strUsers) - 1)
 
		End If
	Next
	For Each strUser In Split(strUsers, ";")
		strUserDN = Get_LDAP_User_Properties("user", "samAccountName", strUser, "distinguishedName")
		objData.Filter = "Username='" & strUser & "'"
		objData.MoveFirst
		While Not objData.EOF
			objUsers.Filter = ""
			If Not objUsers.EOF Then objUsers.MoveFirst
		    objUsers.Filter = "Username='" & strUser & "' AND DistinguishedName='" & strUserDN & "' AND ComputerName='" & objData("PC") & "'"
		    If objUsers.EOF Then
			    objUsers.AddNew
			    objUsers("Username") = strUser
			    objUsers("DistinguishedName") = strUserDN
			    objUsers("ComputerName") = objData("PC")
			    objUsers("LockoutCount") = 1
			    objUsers.Update
			Else
				objUsers("LockoutCount") = objUsers("LockoutCount") + 1
			End If
			objData.MoveNext
		Wend
	Next
	objUsers.Filter = ""
	If Not objUsers.EOF Then objUsers.MoveFirst
	While Not objUsers.EOF
		If objUsers("LockoutCount") >= ActLockoutThreshold Then
			boolThresholdReached = True
			strBody = strBody & VbCrLf & "WARNING: " & objUsers("Username") & " (" & objUsers("DistinguishedName") & ") has been locked out of " & objUsers("ComputerName") & " " & objUsers("LockoutCount") & " times."
			WScript.Echo "WARNING: " & objUsers("Username") & " (" & objUsers("DistinguishedName") & ") has been locked out of " & objUsers("ComputerName") & " " & objUsers("LockoutCount") & " times."
		Else
			WScript.Echo objUsers("Username") & " (" & objUsers("DistinguishedName") & ") has been locked out of " & objUsers("ComputerName") & " " & objUsers("LockoutCount") & " times."
		End If
		objUsers.MoveNext
	Wend
Else
	WScript.Echo VbCrLf & VbCrLf & "Invalid date entered. Exiting script."
End If
 
' Now send the file
If boolThresholdReached = True Then
	SendEmail strServer, strTo, strFrom, strSubject, strBody
	WScript.Echo VbCrLf & VbCrLf & strBody & VbCrLf & VbCrLf
	WScript.Echo "Email has been sent."
Else
	WScript.Echo "No account changes have been made."
End If
 
WScript.Echo VbCrLf & VbCrLf & "Done"
 
Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
      
      ' This is a custom function that connects to the Active Directory, and returns the specific
      ' Active Directory attribute value, of a specific Object.
      ' strObjectType: usually "User" or "Computer"
      ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.
      '				It filters the results by the value of strObjectToGet
      ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.
      '				For example, if you are searching based on the user account name, strSearchField
      '				would be "samAccountName", and strObjectToGet would be that speicific account name,
      '				such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"
      '	strCommaDelimProps: the field from the object to actually return.  For example, if you wanted
      '				the home folder path, as defined by the AD, for a specific user, this would be
      '				"homeDirectory".  If you want to return the ADsPath so that you can bind to that
      '				user and get your own parameters from them, then use "ADsPath" as a return string,
      '		jData("PC") & "'"
		    If objUsers.EOF Then
			    objUsers.AddNew
			    objUsers("Username") = strUser
			    objUsers("DistinguishedName") = strUserDN
			    objUsers("ComputerName") = objData("PC")
			    objUsers("LockoutCount") = 1
			    objUsers.Update
			Else
				objUsers("LockoutCount") = objUsers("LockoutCount") + 1
			End If
			objData.MoveNext
		Wend
	Next
	objUsers.Filter = ""
	If Not objUsers.EOF Then objUsers.MoveFirst
	While Not objUsers.EOF
		If objUsers("LockoutCount") >= ActLockoutThreshold Then
			boolThresholdReached = True
			strBody = strBody & VbCrLf & "WARNING: " & objUsers("Username") & " (" & objUsers("DistinguishedName") & ") has been locked out of " & objUsers("ComputerName") & " " & objUsers("LockoutCount") & " times."
			WScript.Echo "WARNING: " & objUsers("Username") & " (" & objUsers("DistinguishedName") & ") has been locked out of " & objUsers("ComputerName") & " " & objUsers("LockoutCount") & " times."
		Else
			WScript.Echo objUsers("Username") & " (" & objUsers("DistinguishedName") & ") has been locked out of " & objUsers("ComputerName") & " " & objUsers("LockoutCount") & " times."
		End If
		objUsers.MoveNext
	Wend
Else
	WScript.Echo VbCrLf & VbCrLf & "Invalid date entered. Exiting script."
End If
 
' Now send the file
If boolThresholdReached = True Then
	SendEmail strServer, strTo, strFrom, strSubject, strBody
	WScript.Echo VbCrLf & VbCrLf & strBody & VbCrLf & VbCrLf
	WScript.Echo "Email has been sent."
Else
	WScript.Echo "No account changes have been made."
End If
 
WScript.Echo VbCrLf & VbCrLf & "Done"
 
Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
      
      ' This is a custom function that connects to the Active Directory, and returns the specific
      ' Active Directory attribute value, of a specific Object.
      ' strObjectType: usually "User" or "Computer"
      ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.
      '				It filters the results by the value of strObjectToGet
      ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.
      '				For example, if you are searching based on the user account name, strSearchField
      '				would be "samAccountName", and strObjectToGet would be that speicific account name,
      '				such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"
      '	strCommaDelimProps: the field from the object to actually return.  For example, if you wanted
      '				the home folder path, as defined by the AD, for a specific user, this would be
      '				"homeDirectory".  If you want to return the ADsPath so that you can bind to that
      '				user and get your own parameters from them, then use "ADsPath" as a return string,
      '				then bind to the user: Set objUser = GetObject("LDAP://" & strReturnADsPath)
      
      ' Now we're checking if the user account passed may have a domain already specified,
      ' in which case we connect to that domain in AD, instead of the default one.
      If InStr(strObjectToGet, "\") > 0 Then
            arrGroupBits = Split(strObjectToGet, "\")
            strDC = arrGroupBits(0)
            strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
            strObjectToGet = arrGroupBits(1)
      Else
      ' Otherwise we just connect to the default domain
            Set objRootDSE = GetObject("LDAP://RootDSE")
            strDNSDomain = objRootDSE.Get("defaultNamingContext")
      End If
 
Keywords: VBscript - Need to Change a Small Item
 
Loading Advertisement...
 
[+][-]10/15/09 03:29 PM, ID: 25585541

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/15/09 11:19 PM, ID: 25587345

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/16/09 04:13 AM, ID: 25588392

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: VB Script, Active Directory
Sign Up Now!
Solution Provided By: RobSampson
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20091111-EE-VQP-91 - Hierarchy / EE_QW_3_20080625