Solved

Active Directory user modification.

Posted on 2008-06-24
10
246 Views
Last Modified: 2013-12-18
Hi Experts,

Is it possible, to take first name and last name in AD, add a dott in between plus add a @ and domain name and put that information back in the users Email field?
Like this firsname.lastname@domain.com

The reason is that we are using Lotus Notes and we never used the Email field in AD, but now we need to have that field coverd because of a new software that does not sopport Lotus Notes.
If someone have a script or AD syntax it would be great. I have two days to se if there is a script of some kind or start to do it manually :(

In advanced, thank you.
0
Comment
Question by:Bjarte Fjelland
  • 5
  • 4
10 Comments
 
LVL 8

Expert Comment

by:DenverRick
ID: 21860397
Use LDIFDE to export to a file, modify, then import back into AD. For the little you want to do it should not be hard.  If you have a really large number of users, use VBA in Excel to populate the email field with the information from fname and lname.

Using LDIFDE to import and export directory objects to Active Directory -> http://support.microsoft.com/kb/237677/en-us
0
 
LVL 5

Accepted Solution

by:
kollenh earned 500 total points
ID: 21861495
Yeah, it's no problem; I wrote a script to do almost exactly that about two years ago when a very similar thing happened with the company I worked for at the time.  This is a quick & dirty version; if you want something nicer, let me know.  You'll need to change the values "strRootDomain" and "strEmailDomain" to match yours, of course.  Run this from a command prompt with 'cscript' as it will output those accounts that do not match your criteria.  You can run it with a "/chk" switch and it will loop through only 10 (you can change this number) and not make any changes to the accounts - to get an idea of what would happen before committing a whole bunch of changes.  Note, I did not include the ability to recurse sub-domains and it will overwrite anything already in the Email field.
'updateEmail.vbs
 

'Function: Populate the email address field from a user's first and last names.
 

'USER-DEFINED Variables

strRootDomain = "dc=domain,dc=name"

strEmailDomain = "@domain.com"

strRootDomain = "dc=ustechs,dc=local"

strEmailDomain = "@ustechs.com"
 

'Checking option

If wscript.arguments.named.exists("chk") Then blnTest=True Else blnTest=False

If wscript.arguments.named.exists("s") Then blnSilent=True Else blnSilent=False

If (blnTest=True) And (blnSilent=True) Then _

  wscript.echo "You cannot specify console output AND silent mode." _

  & vbCrLf & "Please try again and use only one switch." : wscript.quit
 

'

Dim blnFirstName

Dim blnLastName
 

'Query AD

strUserAttribs = "distinguishedName,givenName,sn"

Set objConnection = CreateObject("ADODB.Connection")

objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")

objCommand.ActiveConnection = objConnection

objCommand.Properties("Size Limit") = 5000

objCommand.Properties("Page Size") = 5000

objCommand.CommandText = _

    "<LDAP://" & strRootDomain & ">;(objectCategory=User);" & strUserAttribs & ";subtree"  

Set objRecordSet = objCommand.Execute
 

'Loop through results

Do Until objRecordset.EOF

	intCount=intCount + 1

	If (blnTest=True) And (intCount>10) Then Exit Do

	firstName = objRecordSet.Fields("givenName")

	lastName = objRecordSet.Fields("sn")

	strUserObj = objRecordset.Fields("distinguishedName")

	If IsNull(firstName) Then firstName = "Null" : blnPatternMatch=False

	If IsNull(lastName) Then lastName = "Null" : blnPatternMatch=False

	If blnPatternMatch=True Then

		strEmailAddr = firstName & "." & lastName & strEmailDomain

		If blnTest=True Then

			wscript.echo "[" & intcount & "] " & firstName & " + " & lastName & " = " & strEmailAddr

		Else

			Set objUser = GetObject("LDAP://" & strUserObj)

			objUser.Put "Mail", strEmailAddr

			objUser.SetInfo

			intChanged = intChanged + 1

		End If

	ElseIf blnSilent=False Then

		wscript.echo "[" & intcount & "] " & strUserObj & " did not match pattern."

		wscript.echo "   FirstName: " & firstName

		wscript.echo "   LastName: " & lastName

	End If

	blnPatternMatch=True

	objRecordset.MoveNext

Loop

objConnection.Close
 

wscript.echo intChanged & " accounts modified."

Open in new window

0
 
LVL 1

Author Comment

by:Bjarte Fjelland
ID: 21866032
Thank you for the script kollenh, that is what im looking for, but I have a questions regarding the script.
Is the script just displaying the E-mail address or shall it also put the email information in to the E-mail field to the user?
0
 
LVL 1

Author Comment

by:Bjarte Fjelland
ID: 21873911
The script does change some users but not all and I can't figure it out why.
I do not have more time to investigate so I have started to do this manually. But I have not given up the script yet.
0
 
LVL 1

Author Closing Comment

by:Bjarte Fjelland
ID: 31470369
The script did change about 30% of the users and that is more then zero :o)
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 5

Expert Comment

by:kollenh
ID: 21875875
Sorry for the delay, I was wrapped up in troubleshooting some email issues of my own yesterday.

The script *should* be setting the "Email" field on user's account, but only if the object is 1)a "User" and 2)has both 'firstname' and 'lastname' field populated.  Since it's sporadic, not sure where to suggest you start looking.  There must be something about those accounts that doesn't fit or perhaps you do not have permission to modify them?
0
 
LVL 1

Author Comment

by:Bjarte Fjelland
ID: 21878563
Hi kollenh,

No problem with the delay.
By the way I'm domain admin, it's my network :o) but the thing is that we have upgraded the users from Windows NT 4.0 to AD with Windows 2003. That's from 1999 up until now.
I'm not surprised that the script does sporadic turns cos I haven't learned scripting yet.
I'll try though :o)
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21878624
I went through that exact migration about 3 years ago.  Lots of fun.

You did edit the two values at the beginning, right?  I mistakenly left a test domain listed so lines 8 and 9 can just be deleted outright and then you should have edited lines 6 & 7.  Do you have just the one domain/forest and are the users in one or multiple OUs?
0
 
LVL 1

Author Comment

by:Bjarte Fjelland
ID: 21879274
We have multiple OUs (one domain) and I was wondering about the 8 and 9 lines.
I did REM them out but the script stoped, or it did not finish.
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21879303
Ok, those were for my test domain.  Go ahead and remove them but then edit lines 6 & 7 so they match your AD domain and Email domain, respectively.  For example if your domain was contoso.com, line 6 would be "dc=contoso,dc=com" and line 7 would be "@contoso.com"... make sense?  You may have already done this, I just want to make sure.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Notes Document Link used by IBM Notes is a link file which aids in the sharing of links to documents in email and webpages. The posts describe the importance and steps to create a Lotus Notes NDL file in brief.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now