Solved

VBSCRIPT Help

Posted on 2009-05-18
6
398 Views
Last Modified: 2012-06-27
Hello all i am currently modifying the code below, i am tryin to add this line, but have had no luck, i want it to tell me if it could not find the user i input. the full code is at the code window
else      
   strResp=Msgbox(strUser & " not found.  Would you like to retry?", vbYesNo, "Problem with account information")
   If strResp=vbYes Then Reset
end if
End Sub
'This Script will disable and move a user, also remove memberships accept Domain Users and hide from Exchange Addressbook
 

Const ADS_PROPERTY_DELETE = 4

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

 

UserName=InputBox ("Enter Username (samAccountName): ", "Account Disable")

IF LEN(Trim(UserName)) <=0 Then wscript.echo "A user account must be entered." 
 
 

Incident=InputBox ("Enter Incident ID: ", "")

IF LEN(Trim(UserName)) <=0 Then wscript.echo "A Incident ID Must be Entered."
 
 

SET adoCon = CreateObject("ADODB.Connection")

SET adoCmd =   CreateObject("ADODB.Command")

adoCon.Provider = "ADsDSOObject"

adoCon.Open "Active Directory Provider"

SET adoCmd.ActiveConnection = adoCon

adoCmd.Properties("Page Size") = 1000

adoCmd.Properties("Timeout") = 30

adoCmd.Properties("Cache Results") = False

 

SET objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")

strFilter = "(&(sAMAccountType=805306368)(SAMAccountName=" & UserName & "))"

strFields = "distinguishedName, ADsPath"
 
 
 

'Change this OU Name

strNewOUDN="OU=voIP,DC=ABC,DC=local"

strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";" & strFields & ";subtree"

adoCmd.CommandText = strQuery

SET adoRec = adoCmd.Execute

DO UNTIL adoRec.EOF

      SET objUser = GetObject(adoRec.Fields("ADsPath").Value)

      arrMemberOf = objUser.GetEx("memberOf")

      If Not Err.Number = E_ADS_PROPERTY_NOT_FOUND Then

            For Each Group in arrMemberOf

                  Set objGroup = GetObject("LDAP://" & Group) 

                  objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(adoRec.Fields("distinguishedName").Value)

                  objGroup.SetInfo

            Next

      End If

objUser.info = Incident 

objUser.SetInfo

      objUser.AccountDisabled = TRUE

      objUser.HideFromAddressBook = True

      objUser.SetInfo

      SET objCont = GetObject("LDAP://" & strNewOUDN)

      objCont.MoveHere adoRec.Fields("ADsPath").Value, vbNullString

      Msgbox "Account disabled and moved to new OU.", vbInformation, "Confirmation"

      adoRec.MoveNext

LOOP

adoRec.Close

SET adoRec = Nothing

adoCon.Close

SET adoCon = Nothing

Open in new window

0
Comment
Question by:EfrenM
6 Comments
 
LVL 67

Assisted Solution

by:sirbounty
sirbounty earned 100 total points
ID: 24415764
Not sure where you're intending to put that, as it doesn't match up with your code, but if you're trying to ensure input, you could use something like the attached (though it does have the potential for an 'endless loop')
While UserName = ""  

  UserName=InputBox ("Enter Username (samAccountName): ", "Account Disable")

Wend

Open in new window

0
 
LVL 7

Accepted Solution

by:
crokeefe28 earned 200 total points
ID: 24415844
How about creating a function to find the user:

ldapPath = FindUser(username)

if ldapPath = "Not Found" then
      wscript.echo "User not found!"
EndIf

Function FindUser(Byval UserName)
      on error resume next

      set objRoot = getobject("LDAP://RootDSE")
      domainName = objRoot.get("defaultNamingContext")
      set cn = createobject("ADODB.Connection")
      set cmd = createobject("ADODB.Command")
      set rs = createobject("ADODB.Recordset")

      cn.open "Provider=ADsDSOObject;"
      
      cmd.activeconnection=cn
      cmd.commandtext="SELECT ADsPath FROM 'LDAP://" & domainName & _
                  "' WHERE sAMAccountName = '" & UserName & "'"
      
      set rs = cmd.execute

      if err<>0 then
            wscript.echo "Error connecting to Active Directory Database:" & err.description
            wscript.quit
      else
            if not rs.BOF and not rs.EOF then
                       rs.MoveFirst
                       FindUser = rs(0)
            else
                  FindUser = "Not Found"
            end if
      end if
      cn.close
end function
0
 
LVL 3

Assisted Solution

by:Cameron_S
Cameron_S earned 200 total points
ID: 24415871
I think if I understand correctly, you want to return a message stating that the account was not found, yes? If so, something like this should work. I do not think you need an End Sub at the location you are at, and from what I see the Else should trap if the If Not Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
flags True.
If Not Err.Number = E_ADS_PROPERTY_NOT_FOUND Then

            For Each Group in arrMemberOf

                  Set objGroup = GetObject("LDAP://" & Group) 

                  objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(adoRec.Fields("distinguishedName").Value)

                  objGroup.SetInfo

            Next

Else

strResp=Msgbox(strUser & " not found.  Would you like to retry?", vbYesNo, "Problem with account information")

   If strResp=vbYes Then <DO SOMETHING OR CALL SOMETHING HERE>

   End if

End If

Open in new window

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 2

Author Comment

by:EfrenM
ID: 24416155
wasnt able to get them to work =[ , any other ideas?
0
 
LVL 3

Expert Comment

by:Cameron_S
ID: 24416322
Here is some code from MS on how to do an AD search for a user:

http://www.microsoft.com/technet/scriptcenter/guide/sas_usr_seaa.mspx?mfr=true

It will return the values if the user exists, or let you know if it does not. From here you can just add whatever additional code to perform your operations.
0
 
LVL 2

Author Comment

by:EfrenM
ID: 24417415
well i found out here is the finsh code, i added If adoRec.EOF Then ' User not found in AD
                  WScript.Echo "No Records Found"
                  Else

and now it works =] ,
'This Script will disable and move a user, also remove memberships accept Domain Users and hide from Exchange Addressbook

On Error Resume Next

Const ADS_PROPERTY_DELETE = 4

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

 

UserName=InputBox ("Enter Username (samAccountName): ", "Account Disable")

IF LEN(Trim(UserName)) <=0 Then wscript.echo "A user account must be entered." 
 
 

Incident=InputBox ("Enter Incident ID: ", "")

IF LEN(Trim(UserName)) <=0 Then wscript.echo "A Incident ID Must be Entered."
 

SET adoCon = CreateObject("ADODB.Connection")

SET adoCmd =   CreateObject("ADODB.Command")

adoCon.Provider = "ADsDSOObject"

adoCon.Open "Active Directory Provider"

SET adoCmd.ActiveConnection = adoCon

adoCmd.Properties("Page Size") = 1000

adoCmd.Properties("Timeout") = 30

adoCmd.Properties("Cache Results") = False

 

SET objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")

strFilter = "(&(sAMAccountType=805306368)(SAMAccountName=" & UserName & "))"

strFields = "distinguishedName, ADsPath"
 
 
 

'Change this OU Name
 

'strNewOUDN="OU=voIP,DC=ABV,DC=local"

strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";" & strFields & ";subtree"

adoCmd.CommandText = strQuery

SET adoRec = adoCmd.Execute

If adoRec.EOF Then ' User not found in AD  

			WScript.Echo "No Records Found"

			Else

		DO UNTIL adoRec.EOF

      SET objUser = GetObject(adoRec.Fields("ADsPath").Value)

      arrMemberOf = objUser.GetEx("memberOf")

      If Not Err.Number = E_ADS_PROPERTY_NOT_FOUND Then

            For Each Group in arrMemberOf

                  Set objGroup = GetObject("LDAP://" & Group) 

                  objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(adoRec.Fields("distinguishedName").Value)

                  objGroup.SetInfo

            Next
 
 

      End If

objUser.info = Incident 

objUser.SetInfo

      objUser.AccountDisabled = TRUE

      objUser.HideFromAddressBook = True

      objUser.SetInfo

      SET objCont = GetObject("LDAP://" & strNewOUDN)

      objCont.MoveHere adoRec.Fields("ADsPath").Value, vbNullString

      Msgbox "Account disabled and moved to new OU.", vbInformation, "Confirmation"

      adoRec.MoveNext

LOOP

adoRec.Close

SET adoRec = Nothing

adoCon.Close

SET adoCon = Nothing
 
 
 

end if

Open in new window

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now