Disable OWA (Outlook web access) for all users in the file.

Hi,

Disable OWA (Outlook web access) for all users in the file.
I have a txt file in which i have the Nt logins of users.I just want to remove (Disable) the OWA that they have.Is there a way a script can do this for these specific users.

Regards
Sharath
LVL 11
bsharathAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobSampsonCommented:
Sharath, if you use the code posted here against one user, does it do what you need?

http://support.microsoft.com/kb/830188

Regards,

Rob.
0
bsharathAuthor Commented:
Rob this is for OMA (Outlook Mobile access) but i need for Outlook Web Access. (OWA)
0
RobSampsonCommented:
Sharath, see if this works for one particular test user, defined by the Set objUser line....

'==================
Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4

Set objRootDSE = GetObject("LDAP://RootDSE")
Set objUser = GetObject("LDAP://CN=TestUser,OU=Users,OU=TestOU," & objRootDSE.Get("defaultNamingContext"))
For Each protocolSettings in ObjUser.GetEx("protocolSettings")
      If Left(protocolSettings, 4) = "HTTP" Then
            objUser.PutEx ADS_PROPERTY_DELETE, "protocolSettings", Array(protocolSettings)
            objUser.SetInfo
      End If
Next
objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array("HTTP§0§1§§§§§§")
objUser.SetInfo

MsgBox "Done"
'==================

Regards,

Rob.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

bsharathAuthor Commented:
I get this...
---------------------------
Windows Script Host
---------------------------
Script:      C:\OWA access deny.vbs
Line:      8
Char:      1
Error:      0x80005000
Code:      80005000
Source:       (null)

---------------------------
OK  
---------------------------
0
RobSampsonCommented:
Please make sure your objUser path is correct.  You must have the comma after the last OU, and the CN should be the display name (usually).

Regards,

Rob.
0
bsharathAuthor Commented:
Yes Rob i left the , off..Now it looks like below

Set objUser = GetObject("LDAP://CN=Sharath Remi,OU=Named,OU=User Accounts,OU=Countries," & objRootDSE.Get("defaultNamingContext"))

Still get this error..

---------------------------
Windows Script Host
---------------------------
Script:      C:\OWA access deny.vbs
Line:      9
Char:      1
Error:      The directory property cannot be found in the cache.

Code:      8000500D
Source:       Active Directory

---------------------------
OK  
---------------------------
0
RobSampsonCommented:
Is your test user enabled for any protocols in the Exchange Features tab (apparently Web Access is enabled by the settings for HTTP and NNTP)?

Regards,

Rob.
0
bsharathAuthor Commented:
Yes Rob for "Sharath Remi," the OWA is enabled with the default protocols.
0
RobSampsonCommented:
What about this:

'==================
Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4

Set objRootDSE = GetObject("LDAP://RootDSE")
Set objUser = GetObject("LDAP://CN=TestUser,OU=Users,OU=TestOU," & objRootDSE.Get("defaultNamingContext"))
objSettings = objUser.GetEx("protocolSettings")
If IsArray(objSettings) = True Then
      For Each protocolSettings In objSettings
            If Left(protocolSettings, 4) = "HTTP" Then
                  objUser.PutEx ADS_PROPERTY_DELETE, "protocolSettings", Array(protocolSettings)
                  objUser.SetInfo
            End If
      Next
Else
      MsgBox "Cannot retrieve protocolSettings"
End If
objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array("HTTP§0§1§§§§§§")
objUser.SetInfo

MsgBox "Done"
'==================

Regards,

Rob.
0
bsharathAuthor Commented:
Yes Rob this works great.Need to expand this for many users...
0
RobSampsonCommented:
Wait, are you sure that works? I've just read that protocolSettings is only available on Exchange 2000?

Rob.
0
bsharathAuthor Commented:
Yes i am sure it works...
0
RobSampsonCommented:
This is untested, but try this:

'==================
strInputFile = "Users_To_Disable_OWA.txt"
Const intForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")

Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4

Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
While Not objInputFile.AtEndOfStream
      strLogin = objInputFile.ReadLine
      strNTName = objNetwork.UserDomain & "\" & strLogin
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "NTLoginName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strNTName, strObjectType, strIntputFormat)

      If strUserDN <> "ERROR" Then
            'MsgBox "adsPath of " & strNTName & ":" & VbCrLf & "LDAP://" & strUserDN
            Set objUser = GetObject("LDAP://" & strUserDN)
            objSettings = objUser.GetEx("protocolSettings")
            If IsArray(objSettings) = True Then
                  For Each protocolSettings In objSettings
                        If Left(protocolSettings, 4) = "HTTP" Then
                              objUser.PutEx ADS_PROPERTY_DELETE, "protocolSettings", Array(protocolSettings)
                              objUser.SetInfo
                        End If
                  Next
            Else
                  'MsgBox "Cannot retrieve protocolSettings"
            End If
            objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array("HTTP§0§1§§§§§§")
            objUser.SetInfo
      Else
            MsgBox "There was an error returning the DistinguishedName attribute of " & strNTName
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

MsgBox "Done"

Function Get_DistinguishedName_From_AD(strName, strObjectType, strInputFormat)
      ' Source: http://www.rlmueller.net/NameTranslateFAQ.htm#What%20is%20NameTranslate
      ' Constants for the NameTranslate object.
      ' INIT Method Parameters
      ' To search a specific domain that is not the local one
      Const ADS_NAME_INITTYPE_DOMAIN = 1 ' Use objTrans.Init ADS_NAME_INITTYPE_DOMAIN, "MyDomain.com"
      ' To search a specific domain controller in the local domain
      Const ADS_NAME_INITTYPE_SERVER = 2 ' Use objTrans.Init ADS_NAME_INITTYPE_SERVER, "MyServer"
      ' To search through local domain - should be mainly used
      Const ADS_NAME_INITTYPE_GC = 3 ' Use objTrans.Init ADS_NAME_INIITTYPE_GC, ""
      
      If LCase(strObjectType) = "computer" Then
            If Right(strName, 1) <> "$" Then strName = strName & "$"
      End If
      
      ' SET and GET Method Parameters
      Const ADS_NAME_TYPE_1779 = 1
      Const ADS_NAME_TYPE_CANONICAL = 2
      Const ADS_NAME_TYPE_NT4 = 3
      Const ADS_NAME_TYPE_DISPLAY = 4
      Const ADS_NAME_TYPE_DOMAIN_SIMPLE = 5
      Const ADS_NAME_TYPE_ENTERPRISE_SIMPLE = 6
      Const ADS_NAME_TYPE_GUID = 7
      Const ADS_NAME_TYPE_UNKNOWN = 8
      Const ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9
      Const ADS_NAME_TYPE_CANONICAL_EX = 10
      Const ADS_NAME_TYPE_SERVICE_PRINCIPAL_NAME = 11
      Const ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME = 12
      
      ' Use the NameTranslate object to convert the NT user name to the
      ' Distinguished Name required for the LDAP provider.
      Set objTrans = CreateObject("NameTranslate")
      
      ' Initialize NameTranslate by locating the Global Catalog.
      objTrans.Init ADS_NAME_INITTYPE_GC, ""

      boolError = False
      If LCase(strInputFormat) = "displayname" Then
            ' Use the Set method to specify the Display Name of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_DISPLAY, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      Else ' assume it is the NTName
            ' Use the Set method to specify the NT format of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_NT4, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      End If
      
      If boolError = False Then
            ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
            strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      Else
            strUserDN = "ERROR"
      End If
      
      ' Escape any "/" characters with backslash escape character.
      ' All other characters that need to be escaped will be escaped.
      strUserDN = Replace(strUserDN, "/", "\/")
      
      Get_DistinguishedName_From_AD = strUserDN
End Function
'==================

Regards,

Rob.
0
bsharathAuthor Commented:
I get this...
---------------------------

---------------------------
There was an error returning the DistinguishedName attribute of Dev\john
---------------------------
OK  
---------------------------
0
RobSampsonCommented:
Is john a valid LoginName on the Dev domain?
0
bsharathAuthor Commented:
Yes they are
0
bsharathAuthor Commented:
Rob i am mentioning the Firstname and Lastname in the txt file one per line.
0
RobSampsonCommented:
Oh...I thought they were NTLogin names:
>> I have a txt file in which i have the Nt logins of users

Oh well, if you have the Display Name in the file, change this bit:
      strLogin = objInputFile.ReadLine
      strNTName = objNetwork.UserDomain & "\" & strLogin
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "NTLoginName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strNTName, strObjectType, strIntputFormat)

to this:
      strDisplayName = objInputFile.ReadLine
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "DisplayName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strDisplayName, strObjectType, strIntputFormat)


Regards,

Rob.
0
bsharathAuthor Commented:
I really wanted for a NTlogin..
In the first single user script i had to mention the firstname and lastname. So i thought it would be the same..

I did the changes and tried but i get this message..

---------------------------

---------------------------
There was an error returning the DistinguishedName attribute of
---------------------------
OK  
---------------------------

0
bsharathAuthor Commented:
Rob this script below...

'==================
Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4

Set objRootDSE = GetObject("LDAP://RootDSE")
Set objUser = GetObject("LDAP://CN=TestUser,OU=Users,OU=TestOU," & objRootDSE.Get("defaultNamingContext"))
objSettings = objUser.GetEx("protocolSettings")
If IsArray(objSettings) = True Then
      For Each protocolSettings In objSettings
            If Left(protocolSettings, 4) = "HTTP" Then
                  objUser.PutEx ADS_PROPERTY_DELETE, "protocolSettings", Array(protocolSettings)
                  objUser.SetInfo
            End If
      Next
Else
      MsgBox "Cannot retrieve protocolSettings"
End If
objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array("HTTP§0§1§§§§§§")
objUser.SetInfo

MsgBox "Done"
'==================


Worked great on my login name and even retested it now..For others it does not work...
Firstname and lastname for my login it disable OWA access...
0
RobSampsonCommented:
NT Login should be fine.  Use the script posted in ID: 20774931, with your NT login name only in the text file, and it should disable the OWA for you.

The only reason we specified your full name in the CN= part of the manual query, is because the display name is what is required when connecting directly to an LDAP object like that.  When you want to use the NT Login name, we need to use a search function, which I have inlcluded in the other script.

Try it out with your NT Login, it should find your Distinguished Name.

Regards,

Rob.
0
bsharathAuthor Commented:
I get this rror..

---------------------------
Windows Script Host
---------------------------
Script:      C:\Owa access deny for all users.vbs
Line:      23
Char:      13
Error:      The directory property cannot be found in the cache.

Code:      8000500D
Source:       Active Directory

---------------------------
OK  
---------------------------

I have NTlogins in the txt file
0
RobSampsonCommented:
Hmmm, that's the error you got the first time, and is why I've just read that protocolSettings is only available on Exchange 2000.  So it's getting the user object fine, it just can't modify those settings....I'll have to find something more reliable for Exchange 2003.....off to Google I go.... ;-P

Rob.
0
RobSampsonCommented:
Sharath, this is for the OMA thing, but it also mentions it's tied in with OWA, so can you try this, with just your login in a file:

'==================
strInputFile = "Users_To_Disable_OWA.txt"
Const intForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")

Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4

Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
While Not objInputFile.AtEndOfStream
      strLogin = objInputFile.ReadLine
      strNTName = objNetwork.UserDomain & "\" & strLogin
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "NTLoginName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strNTName, strObjectType, strIntputFormat)

      If strUserDN <> "ERROR" Then
            'MsgBox "adsPath of " & strNTName & ":" & VbCrLf & "LDAP://" & strUserDN
            Set objUser = GetObject("LDAP://" & strUserDN)
                  objUser.Put "msExchOmaAdminWirelessEnable", "7"
            objUser.SetInfo
      Else
            MsgBox "There was an error returning the DistinguishedName attribute of " & strNTName
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

MsgBox "Done"

Function Get_DistinguishedName_From_AD(strName, strObjectType, strInputFormat)
      ' Source: http://www.rlmueller.net/NameTranslateFAQ.htm#What%20is%20NameTranslate
      ' Constants for the NameTranslate object.
      ' INIT Method Parameters
      ' To search a specific domain that is not the local one
      Const ADS_NAME_INITTYPE_DOMAIN = 1 ' Use objTrans.Init ADS_NAME_INITTYPE_DOMAIN, "MyDomain.com"
      ' To search a specific domain controller in the local domain
      Const ADS_NAME_INITTYPE_SERVER = 2 ' Use objTrans.Init ADS_NAME_INITTYPE_SERVER, "MyServer"
      ' To search through local domain - should be mainly used
      Const ADS_NAME_INITTYPE_GC = 3 ' Use objTrans.Init ADS_NAME_INIITTYPE_GC, ""
     
      If LCase(strObjectType) = "computer" Then
            If Right(strName, 1) <> "$" Then strName = strName & "$"
      End If
     
      ' SET and GET Method Parameters
      Const ADS_NAME_TYPE_1779 = 1
      Const ADS_NAME_TYPE_CANONICAL = 2
      Const ADS_NAME_TYPE_NT4 = 3
      Const ADS_NAME_TYPE_DISPLAY = 4
      Const ADS_NAME_TYPE_DOMAIN_SIMPLE = 5
      Const ADS_NAME_TYPE_ENTERPRISE_SIMPLE = 6
      Const ADS_NAME_TYPE_GUID = 7
      Const ADS_NAME_TYPE_UNKNOWN = 8
      Const ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9
      Const ADS_NAME_TYPE_CANONICAL_EX = 10
      Const ADS_NAME_TYPE_SERVICE_PRINCIPAL_NAME = 11
      Const ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME = 12
     
      ' Use the NameTranslate object to convert the NT user name to the
      ' Distinguished Name required for the LDAP provider.
      Set objTrans = CreateObject("NameTranslate")
     
      ' Initialize NameTranslate by locating the Global Catalog.
      objTrans.Init ADS_NAME_INITTYPE_GC, ""

      boolError = False
      If LCase(strInputFormat) = "displayname" Then
            ' Use the Set method to specify the Display Name of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_DISPLAY, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      Else ' assume it is the NTName
            ' Use the Set method to specify the NT format of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_NT4, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      End If
     
      If boolError = False Then
            ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
            strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      Else
            strUserDN = "ERROR"
      End If
     
      ' Escape any "/" characters with backslash escape character.
      ' All other characters that need to be escaped will be escaped.
      strUserDN = Replace(strUserDN, "/", "\/")
     
      Get_DistinguishedName_From_AD = strUserDN
End Function
'==================

Regards,

Rob.
0
bsharathAuthor Commented:
Rob this works for OMA but not OWA
0
RobSampsonCommented:
OK, I've done some research, but can't test this, so see how you go.

Basically, from here:
http://www.msxfaq.de/tools/grp2exinet.4.0.vbs.txt

It seems that there are four elements to protocolSettings, and if they don't exist, you need to create them, so hopefully I have it right.

'==================
strInputFile = "Users_To_Disable_OWA.txt"
Const intForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")

Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4
Const conExInetOWAoff = "HTTP§0§1§§§§§§"
Const conExInetOWAon = "HTTP§1§1§§§§§§"

Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
While Not objInputFile.AtEndOfStream
      strLogin = objInputFile.ReadLine
      strNTName = objNetwork.UserDomain & "\" & strLogin
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "NTLoginName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strNTName, strObjectType, strIntputFormat)
      
      ReDim arrProtocolSettings(3)
      ' The first array element of protocolSettings (element id 0), is for POP3
      ' The third array element of protocolSettings (element id 1), is for IMAP4
      ' The third array element of protocolSettings (element id 2), is for OWA
      ' The fourth array element of protocolSettings (element id 3), is for MAPI cache
      If strUserDN <> "ERROR" Then
            'MsgBox "adsPath of " & strNTName & ":" & VbCrLf & "LDAP://" & strUserDN
            Set objUser = GetObject("LDAP://" & strUserDN)
            On Error Resume Next
            arrSettings = objUser.GetEx("protocolSettings")
            If Err.Number = 0 Then
                  On Error GoTo 0
                  ' Copy the existing settings
                  For intSetting = 0 To 3
                        arrProtocolSettings(intSetting) = arrSettings(intSetting)
                  Next
                  ' Reset the OWA element
                  arrProtocolSettings(2) = conExInetOWAoff
            Else
                  Err.Clear
                  On Error GoTo 0
                  ' Leave the other protocols empty and just populate the OWA element
                  arrProtocolSettings(2) = conExInetOWAoff
            End If
      objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", arrProtocolSettings
      objUser.SetInfo
      Else
            MsgBox "There was an error returning the DistinguishedName attribute of " & strNTName
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

MsgBox "Done"

Function Get_DistinguishedName_From_AD(strName, strObjectType, strInputFormat)
      ' Source: http://www.rlmueller.net/NameTranslateFAQ.htm#What%20is%20NameTranslate
      ' Constants for the NameTranslate object.
      ' INIT Method Parameters
      ' To search a specific domain that is not the local one
      Const ADS_NAME_INITTYPE_DOMAIN = 1 ' Use objTrans.Init ADS_NAME_INITTYPE_DOMAIN, "MyDomain.com"
      ' To search a specific domain controller in the local domain
      Const ADS_NAME_INITTYPE_SERVER = 2 ' Use objTrans.Init ADS_NAME_INITTYPE_SERVER, "MyServer"
      ' To search through local domain - should be mainly used
      Const ADS_NAME_INITTYPE_GC = 3 ' Use objTrans.Init ADS_NAME_INIITTYPE_GC, ""
     
      If LCase(strObjectType) = "computer" Then
            If Right(strName, 1) <> "$" Then strName = strName & "$"
      End If
     
      ' SET and GET Method Parameters
      Const ADS_NAME_TYPE_1779 = 1
      Const ADS_NAME_TYPE_CANONICAL = 2
      Const ADS_NAME_TYPE_NT4 = 3
      Const ADS_NAME_TYPE_DISPLAY = 4
      Const ADS_NAME_TYPE_DOMAIN_SIMPLE = 5
      Const ADS_NAME_TYPE_ENTERPRISE_SIMPLE = 6
      Const ADS_NAME_TYPE_GUID = 7
      Const ADS_NAME_TYPE_UNKNOWN = 8
      Const ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9
      Const ADS_NAME_TYPE_CANONICAL_EX = 10
      Const ADS_NAME_TYPE_SERVICE_PRINCIPAL_NAME = 11
      Const ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME = 12
     
      ' Use the NameTranslate object to convert the NT user name to the
      ' Distinguished Name required for the LDAP provider.
      Set objTrans = CreateObject("NameTranslate")
     
      ' Initialize NameTranslate by locating the Global Catalog.
      objTrans.Init ADS_NAME_INITTYPE_GC, ""

      boolError = False
      If LCase(strInputFormat) = "displayname" Then
            ' Use the Set method to specify the Display Name of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_DISPLAY, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      Else ' assume it is the NTName
            ' Use the Set method to specify the NT format of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_NT4, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      End If
     
      If boolError = False Then
            ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
            strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      Else
            strUserDN = "ERROR"
      End If
     
      ' Escape any "/" characters with backslash escape character.
      ' All other characters that need to be escaped will be escaped.
      strUserDN = Replace(strUserDN, "/", "\/")
     
      Get_DistinguishedName_From_AD = strUserDN
End Function
'==================

Regards,

Rob.
0
bsharathAuthor Commented:
Rob i get this error...
0
bsharathAuthor Commented:
Sorrrry...

---------------------------
Windows Script Host
---------------------------
Script:      C:\OWA deny.vbs
Line:      46
Char:      7
Error:      Unspecified error

Code:      80004005
Source:       Active Directory

---------------------------
OK  
---------------------------
0
RobSampsonCommented:
Try this:

'==================
strInputFile = "Users_To_Disable_OWA.txt"
Const intForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")

Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4
Const conExInetOWAoff = "HTTP§0§1§§§§§§"
Const conExInetOWAon = "HTTP§1§1§§§§§§"

Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
While Not objInputFile.AtEndOfStream
      strLogin = objInputFile.ReadLine
      strNTName = objNetwork.UserDomain & "\" & strLogin
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "NTLoginName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strNTName, strObjectType, strIntputFormat)
      
      If strUserDN <> "ERROR" Then
            'MsgBox "adsPath of " & strNTName & ":" & VbCrLf & "LDAP://" & strUserDN
            Set objUser = GetObject("LDAP://" & strUserDN)
            On Error Resume Next
            arrSettings = objUser.GetEx("protocolSettings")
            If Err.Number = 0 Then
                  On Error GoTo 0
                  For Each protocolSettings In objSettings
                        If Left(protocolSettings, 4) = "HTTP" Then
                              objUser.PutEx ADS_PROPERTY_DELETE, "protocolSettings", Array(protocolSettings)
                              objUser.SetInfo
                        End If
                  Next
            Else
                  Err.Clear
                  On Error GoTo 0
                  'MsgBox "Cannot retrieve protocolSettings"
            End If
            objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array(conExInetOWAon)
            objUser.SetInfo
      Else
            MsgBox "There was an error returning the DistinguishedName attribute of " & strNTName
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

MsgBox "Done"

Function Get_DistinguishedName_From_AD(strName, strObjectType, strInputFormat)
      ' Source: http://www.rlmueller.net/NameTranslateFAQ.htm#What%20is%20NameTranslate
      ' Constants for the NameTranslate object.
      ' INIT Method Parameters
      ' To search a specific domain that is not the local one
      Const ADS_NAME_INITTYPE_DOMAIN = 1 ' Use objTrans.Init ADS_NAME_INITTYPE_DOMAIN, "MyDomain.com"
      ' To search a specific domain controller in the local domain
      Const ADS_NAME_INITTYPE_SERVER = 2 ' Use objTrans.Init ADS_NAME_INITTYPE_SERVER, "MyServer"
      ' To search through local domain - should be mainly used
      Const ADS_NAME_INITTYPE_GC = 3 ' Use objTrans.Init ADS_NAME_INIITTYPE_GC, ""
     
      If LCase(strObjectType) = "computer" Then
            If Right(strName, 1) <> "$" Then strName = strName & "$"
      End If
     
      ' SET and GET Method Parameters
      Const ADS_NAME_TYPE_1779 = 1
      Const ADS_NAME_TYPE_CANONICAL = 2
      Const ADS_NAME_TYPE_NT4 = 3
      Const ADS_NAME_TYPE_DISPLAY = 4
      Const ADS_NAME_TYPE_DOMAIN_SIMPLE = 5
      Const ADS_NAME_TYPE_ENTERPRISE_SIMPLE = 6
      Const ADS_NAME_TYPE_GUID = 7
      Const ADS_NAME_TYPE_UNKNOWN = 8
      Const ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9
      Const ADS_NAME_TYPE_CANONICAL_EX = 10
      Const ADS_NAME_TYPE_SERVICE_PRINCIPAL_NAME = 11
      Const ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME = 12
     
      ' Use the NameTranslate object to convert the NT user name to the
      ' Distinguished Name required for the LDAP provider.
      Set objTrans = CreateObject("NameTranslate")
     
      ' Initialize NameTranslate by locating the Global Catalog.
      objTrans.Init ADS_NAME_INITTYPE_GC, ""

      boolError = False
      If LCase(strInputFormat) = "displayname" Then
            ' Use the Set method to specify the Display Name of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_DISPLAY, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      Else ' assume it is the NTName
            ' Use the Set method to specify the NT format of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_NT4, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      End If
     
      If boolError = False Then
            ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
            strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      Else
            strUserDN = "ERROR"
      End If
     
      ' Escape any "/" characters with backslash escape character.
      ' All other characters that need to be escaped will be escaped.
      strUserDN = Replace(strUserDN, "/", "\/")
     
      Get_DistinguishedName_From_AD = strUserDN
End Function
'==================

Regards,

Rob.
0
bsharathAuthor Commented:
I get this Rob..

---------------------------
Windows Script Host
---------------------------
Script:      C:\OWA deny.vbs
Line:      29
Char:      19
Error:      Object not a collection
Code:      800A01C3
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
RobSampsonCommented:
Hmmm, try this:

'==================
strInputFile = "Users_To_Disable_OWA.txt"
Const intForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")

Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4
Const conExInetOWAoff = "HTTP§0§1§§§§§§"
Const conExInetOWAon = "HTTP§1§1§§§§§§"

Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
While Not objInputFile.AtEndOfStream
      strLogin = objInputFile.ReadLine
      strNTName = objNetwork.UserDomain & "\" & strLogin
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "NTLoginName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strNTName, strObjectType, strIntputFormat)
     
      If strUserDN <> "ERROR" Then
            'MsgBox "adsPath of " & strNTName & ":" & VbCrLf & "LDAP://" & strUserDN
            Set objUser = GetObject("LDAP://" & strUserDN)
            On Error Resume Next
            arrSettings = objUser.GetEx("protocolSettings")
            If Err.Number = 0 Then
                  Err.Clear
                  For Each protocolSettings In objSettings
                        If Err.Number <> 0 Then Exit For
                        If Left(protocolSettings, 4) = "HTTP" Then
                              objUser.PutEx ADS_PROPERTY_DELETE, "protocolSettings", Array(protocolSettings)
                              objUser.SetInfo
                        End If
                  Next
                  On Error GoTo 0
            Else
                  Err.Clear
                  On Error GoTo 0
                  'MsgBox "Cannot retrieve protocolSettings"
            End If
            objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array(conExInetOWAon)
            objUser.SetInfo
      Else
            MsgBox "There was an error returning the DistinguishedName attribute of " & strNTName
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

MsgBox "Done"

Function Get_DistinguishedName_From_AD(strName, strObjectType, strInputFormat)
      ' Source: http://www.rlmueller.net/NameTranslateFAQ.htm#What%20is%20NameTranslate
      ' Constants for the NameTranslate object.
      ' INIT Method Parameters
      ' To search a specific domain that is not the local one
      Const ADS_NAME_INITTYPE_DOMAIN = 1 ' Use objTrans.Init ADS_NAME_INITTYPE_DOMAIN, "MyDomain.com"
      ' To search a specific domain controller in the local domain
      Const ADS_NAME_INITTYPE_SERVER = 2 ' Use objTrans.Init ADS_NAME_INITTYPE_SERVER, "MyServer"
      ' To search through local domain - should be mainly used
      Const ADS_NAME_INITTYPE_GC = 3 ' Use objTrans.Init ADS_NAME_INIITTYPE_GC, ""
     
      If LCase(strObjectType) = "computer" Then
            If Right(strName, 1) <> "$" Then strName = strName & "$"
      End If
     
      ' SET and GET Method Parameters
      Const ADS_NAME_TYPE_1779 = 1
      Const ADS_NAME_TYPE_CANONICAL = 2
      Const ADS_NAME_TYPE_NT4 = 3
      Const ADS_NAME_TYPE_DISPLAY = 4
      Const ADS_NAME_TYPE_DOMAIN_SIMPLE = 5
      Const ADS_NAME_TYPE_ENTERPRISE_SIMPLE = 6
      Const ADS_NAME_TYPE_GUID = 7
      Const ADS_NAME_TYPE_UNKNOWN = 8
      Const ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9
      Const ADS_NAME_TYPE_CANONICAL_EX = 10
      Const ADS_NAME_TYPE_SERVICE_PRINCIPAL_NAME = 11
      Const ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME = 12
     
      ' Use the NameTranslate object to convert the NT user name to the
      ' Distinguished Name required for the LDAP provider.
      Set objTrans = CreateObject("NameTranslate")
     
      ' Initialize NameTranslate by locating the Global Catalog.
      objTrans.Init ADS_NAME_INITTYPE_GC, ""

      boolError = False
      If LCase(strInputFormat) = "displayname" Then
            ' Use the Set method to specify the Display Name of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_DISPLAY, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      Else ' assume it is the NTName
            ' Use the Set method to specify the NT format of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_NT4, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      End If
     
      If boolError = False Then
            ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
            strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      Else
            strUserDN = "ERROR"
      End If
     
      ' Escape any "/" characters with backslash escape character.
      ' All other characters that need to be escaped will be escaped.
      strUserDN = Replace(strUserDN, "/", "\/")
     
      Get_DistinguishedName_From_AD = strUserDN
End Function
'==================

Regards,

Rob.
0
bsharathAuthor Commented:
Rob i get a Done box but no change on the users OWA its still enabled.May be it needs time to replicate...
0
bsharathAuthor Commented:
Rob only my login got disabled and when trying to enable i get this message...

---------------------------
Microsoft Active Directory - Exchange Extension
---------------------------
The specified directory service attribute or value already exists.
Facility: LDAP Provider
ID no: 8007200d
Microsoft Active Directory - Exchange Extension
---------------------------
OK  
---------------------------
0
RobSampsonCommented:
What do you mean "when trying to enable"?  Are you trying to re-enable it for yourself via the User Interface?  I'm not sure why you wouldn't be able to re-enable it, but try the script again, but change this
 objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array(conExInetOWAon)
to this
 objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Array(conExInetOWAoff)

and see if that enables it.

Regards,

Rob.
0
bsharathAuthor Commented:
Yes Rob i tryed to enable through ADUC but after changing the code also i get the same error.

0
RobSampsonCommented:
Can you remove the OWA protocol, then re-add it?

Regards,

Rob.
0
RobSampsonCommented:
If you still can't do that, download ADSI Edit from here:
http://www.computerperformance.co.uk/ScriptsGuy/adsi.zip

extract it to your C:\Windows\System32 folder, run
regsvr32 adsiedit.dll

then run
adsiedit.msc

BE CAREFUL WITH THIS.  ONLY EDIT THE ATTRIBUTE YOU WANT TO EDIT.

On the left, go through DOMAIN --> DC=groups,DC=co,DC=uk --> then browse through your OUs until you get to your CN account.
Right-click your CN=Sharath Remi account, and click Properties.
On the "Attribute Editor" tab, scroll down and double-click on protocolSettings
Click any HTTP entry, and click Remove, then click OK, and close ADSIEdit.

Now, hopefully, you can go back to your account in the ordinary ADUC and re-enable OWA.

Regards,

Rob.
0
bsharathAuthor Commented:
Rob i did as said through ADSIEDIT and it got enabled....
0
RobSampsonCommented:
OK, that's great.....so we're back as square one, I suppose, after finding out that disabling it via a script doesn't really work.

Just to clarify, after fixing the issue by using ADSIEdit, are you able to enable and disable OWA normally via the ADUC console?  If so, then great.  As I don't have Exchange, and can't see the protocolSettings property, can I get you to enable OWA, use ADSIEdit to browse to the protocolSettings attribute and take a screenshot of the values in it.  Then, disable OWA from ADUC, and take another screenshot in ADSIEdit, then, remove the OWA protocol completely via ADUC and take another screenshot of ADSIEdit.  I would like to see what the values do after these changes.

Regards,

Rob.
0
bsharathAuthor Commented:
Yes now i am able to disable and enable normally.
I did as mentioned but enabled or disabled i have the same position
Disable and Enabled its the same...
ScreenShot027.jpg
0
RobSampsonCommented:
Really?  That's odd.  From what I've read, disabled should be:
HTTP§0§1§§§§§§
and enabled should be:
HTTP§1§1§§§§§§

Note the zero and one difference.  Maybe there's another setting.....

Rob.
0
bsharathAuthor Commented:
Sorry the 1 and 0 was a small change and i did not notice it so specificallt.Yes they change.


ScreenShot029.jpg
0
RobSampsonCommented:
Right, and if you remove the protocol via ADUC, does it then not show up in protocolSettings?

This confuses me then, that if you change it via a script, why it cannot be changed again via the ADUC console.

Anyway, a slightly different approach, try this, again with only one user account in the text file:

'==================
strInputFile = "Users_To_Disable_OWA.txt"
Const intForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")

Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4
Const conExInetOWAoff = "HTTP§0§1§§§§§§"
Const conExInetOWAon = "HTTP§1§1§§§§§§"

Set objInputFile = objFSO.OpenTextFile(strInputFile, intForReading, False)
While Not objInputFile.AtEndOfStream
      strLogin = objInputFile.ReadLine
      strNTName = objNetwork.UserDomain & "\" & strLogin
      strObjectType = "user" ' Can be "user", "group", or "computer"
      strInputFormat = "NTLoginName" ' Can be "NTLoginName" or "DisplayName"
      strUserDN = Get_DistinguishedName_From_AD(strNTName, strObjectType, strIntputFormat)
     
      If strUserDN <> "ERROR" Then
            'MsgBox "adsPath of " & strNTName & ":" & VbCrLf & "LDAP://" & strUserDN
            Set objUser = GetObject("LDAP://" & strUserDN)
            On Error Resume Next
            arrSettings = objUser.GetEx("protocolSettings")
            strSettings = ""
            If Err.Number = 0 Then
                  Err.Clear
                  For Each protocolSettings In objSettings
                        If Err.Number <> 0 Then Exit For
                        If Left(protocolSettings, 4) <> "HTTP" Then
                              ' Keep anything other than a HTTP Protocol
                                    If strSettings = "" Then
                                          strSettings = protocolSettings
                                    Else
                                          strSettings = strSettings & ";" & protocolSettings
                                    End If
                        End If
                  Next
                  Err.Clear
                  On Error GoTo 0
            Else
                  Err.Clear
                  On Error GoTo 0
                  'MsgBox "Cannot retrieve protocolSettings"
            End If
            If strSettings = "" Then
                  strSettings = conExInetOWAon
            Else
                  strSettings = strSettings & ";" & conExInetOWAon
            End If
                  On Error Resume Next
                  ' Clear the settings before re-applying them
                  objUser.PutEx ADS_PROPERTY_DELETE, "protocolSettings", 0
                  objUser.SetInfo
                  Err.Clear
                  On Error GoTo 0
            objUser.PutEx ADS_PROPERTY_APPEND, "protocolSettings", Split(strSettings, ";")
            objUser.SetInfo
      Else
            MsgBox "There was an error returning the DistinguishedName attribute of " & strNTName
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

MsgBox "Done"

Function Get_DistinguishedName_From_AD(strName, strObjectType, strInputFormat)
      ' Source: http://www.rlmueller.net/NameTranslateFAQ.htm#What%20is%20NameTranslate
      ' Constants for the NameTranslate object.
      ' INIT Method Parameters
      ' To search a specific domain that is not the local one
      Const ADS_NAME_INITTYPE_DOMAIN = 1 ' Use objTrans.Init ADS_NAME_INITTYPE_DOMAIN, "MyDomain.com"
      ' To search a specific domain controller in the local domain
      Const ADS_NAME_INITTYPE_SERVER = 2 ' Use objTrans.Init ADS_NAME_INITTYPE_SERVER, "MyServer"
      ' To search through local domain - should be mainly used
      Const ADS_NAME_INITTYPE_GC = 3 ' Use objTrans.Init ADS_NAME_INIITTYPE_GC, ""
     
      If LCase(strObjectType) = "computer" Then
            If Right(strName, 1) <> "$" Then strName = strName & "$"
      End If
     
      ' SET and GET Method Parameters
      Const ADS_NAME_TYPE_1779 = 1
      Const ADS_NAME_TYPE_CANONICAL = 2
      Const ADS_NAME_TYPE_NT4 = 3
      Const ADS_NAME_TYPE_DISPLAY = 4
      Const ADS_NAME_TYPE_DOMAIN_SIMPLE = 5
      Const ADS_NAME_TYPE_ENTERPRISE_SIMPLE = 6
      Const ADS_NAME_TYPE_GUID = 7
      Const ADS_NAME_TYPE_UNKNOWN = 8
      Const ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9
      Const ADS_NAME_TYPE_CANONICAL_EX = 10
      Const ADS_NAME_TYPE_SERVICE_PRINCIPAL_NAME = 11
      Const ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME = 12
     
      ' Use the NameTranslate object to convert the NT user name to the
      ' Distinguished Name required for the LDAP provider.
      Set objTrans = CreateObject("NameTranslate")
     
      ' Initialize NameTranslate by locating the Global Catalog.
      objTrans.Init ADS_NAME_INITTYPE_GC, ""

      boolError = False
      If LCase(strInputFormat) = "displayname" Then
            ' Use the Set method to specify the Display Name of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_DISPLAY, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      Else ' assume it is the NTName
            ' Use the Set method to specify the NT format of the object name.
            On Error Resume Next
            objTrans.Set ADS_NAME_TYPE_NT4, strName
            If Err.Number <> 0 Then boolError = True
            On Error GoTo 0
      End If
     
      If boolError = False Then
            ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
            strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
      Else
            strUserDN = "ERROR"
      End If
     
      ' Escape any "/" characters with backslash escape character.
      ' All other characters that need to be escaped will be escaped.
      strUserDN = Replace(strUserDN, "/", "\/")
     
      Get_DistinguishedName_From_AD = strUserDN
End Function
'==================


Regards,

Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bsharathAuthor Commented:
Rob will this disable the OWA access?
I just ran it.Got a Done box.Just giving it some time to replicate if required...
I have mentioned the NTlogin in the txt file.Is that right?
0
RobSampsonCommented:
Oh, whoops.  Actually, that would "enable" OWA, to "disable" it, change this:
            If strSettings = "" Then
                  strSettings = conExInetOWAon
            Else
                  strSettings = strSettings & ";" & conExInetOWAon
            End If

to this:
            If strSettings = "" Then
                  strSettings = conExInetOWAoff
            Else
                  strSettings = strSettings & ";" & conExInetOWAoff
            End If


I had "on" there, instead of "off".

Regards,

Rob.
0
bsharathAuthor Commented:
Thanks Rob...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming Languages-Other

From novice to tech pro — start learning today.