Solved

change user account control

Posted on 2011-02-14
6
464 Views
Last Modified: 2012-05-11
I need a script that reads from a txt file (set of names) that i can drag and drop into a script that will enable Smart Card required. Can somebody help me with this please.

Thanks in advance
0
Comment
Question by:Skibo187
  • 4
6 Comments
 
LVL 5

Expert Comment

by:mickinoz2005
ID: 34891954
Can you be a bit more descriptive to what you need you question is not very clear.
0
 

Author Comment

by:Skibo187
ID: 34892375
mickinoz2005:
I have a group of people that I need to have Smart Card is required for interactive logon. checked off, and I dont want to go thru each account and do it manually.So, I was wondering if anybody had a VB script that can check off Smart Card required on active directory for people accounts. Also, is there a way to have a  txt file with there names that i can drag into the script so it can read and make the changes for only those people accounts.

In other words, have a text file with peoples names whos accounts that need to be change. and drag it to the script so it can change Smart card logon.

Thanks again, hope this helps, let me know if you need any more input.
0
 

Author Comment

by:Skibo187
ID: 34910483
Here is a script that i found in this forum,and i am trying to do the same thing, I have to change several accounts in different OU, But not all of the same people in the same OU need Smart Card. One thing This script still wont work.

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22799803.html?sfQueryTermInfo=1+10+30+card+enabl+logon+script+smart

******************** Start Script *************************************************
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Dim strFirstLetter ,strUName, intDo

'Change the first letter here
strFirstLetter = "M"

'Change the Domain name and OU here
Set objOU = GetObject _
   ("LDAP://ou=TestUsers,dc=TOP,dc=MIL")

For Each objUser In objOU
      strUName = objUser.Get("sn")
        intDo = 0
        intDo = Left(strUName,1)
     
      If intDo = strFirstLetter then
              intUAC = objUser.Get("userAccountControl")
                    If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then
                                 objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
                                 objUser.SetInfo
                     End If
            End If
Next

0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 12

Accepted Solution

by:
Daz_1234 earned 500 total points
ID: 35236108
Hi,

Please try the script below.

It requires an input file containing usernames (sAMAccountNames / NT Logon names), one per line.  If you drag the input file onto the script it will begin.

It will log to a file in the same folder as the script - the log will be called <scriptname>.log

The script must be run logged on as a user with permissions to edit user objects (obviously a domain admin will do).

PLEASE PLEASE PLEASE PLEASE PLEASE test on test user accounts first many times before attempting to use this script on live user accounts.

Good luck,
Daz.
Const SMARTCARD_REQUIRED = &H40000

If WScript.Arguments.Count < 1 Then
    strFile = InputBox ("Enter the full path to the input file of usernames:", "Enter File Path")
    If strFile = "" Then WScript.Quit
Else
    strFile = WScript.Arguments(0)
    MsgBox strFile,,"Input File:"
End If

Set fso = CreateObject("Scripting.FileSystemObject")
If Not fso.FileExists(strFile) Then
    MsgBox "Cannot find file '" & strFile & "'", vbCritical + vbSystemModal, "File not Found"
    WScript.Quit 1
End If

arrUsers = Split(fso.OpenTextFile(strFile, 1).ReadAll, vbCrlf)
strUsers = "¶" & Join(arrUsers, "¶") & "¶"

strCurrDir = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strLog = Replace(WScript.ScriptName, ".vbs", ".log")

Set tsLog = fso.OpenTextFile(strCurrDir & strLog, 8, True)
tsLog.WriteLine "### Starting Run at " & Now() & " ###"

'# ADO Init
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strConfig = objRootDSE.Get("configurationNamingContext")
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open = "ADProvider"
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 900
'#


strFilter = "(&(objectCategory=person))"

strAttributes = "distinguishedName,sAMAccountName, userAccountControl"

strBase = "<LDAP://" & strDNSDomain & ">"'
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery

Set objRecordSet = objCommand.Execute

blNone = True
Do Until objRecordSet.EOF
    strNTName = objRecordSet.Fields("sAMAccountName")
    If InStr(1, strUsers, "¶" & strNTName & "¶", 1) <> 0 Then
        strDN = objRecordSet.Fields("distinguishedName")
        dblUAC = objRecordSet.Fields("userAccountControl")
        If Not dblUAC And SMARTCARD_REQUIRED Then
            Set objUser = GetObject("LDAP://" & strDN)
            objUser.Put "userAccountControl", dblUAC + SMARTCARD_REQUIRED
            objUser.SetInfo
            tsLog.WriteLine "Changing account '" & strNTName & "'"
            blNone = False
        Else
            tsLog.WriteLine "User '" & strNTName & "' checked: Already set Ok"
        End If
    End If

    objRecordSet.MoveNext
Loop

If blNone Then
    tsLog.WriteLine "No Accounts amended."
    tsLog.Close
    MsgBox "No Accounts amended."
Else
    tsLog.Close
    MsgBox "Done!"
End If

Open in new window

0
 

Author Comment

by:Skibo187
ID: 35311367
Ok will try this in few hours, being really careful on this one...
0
 

Author Closing Comment

by:Skibo187
ID: 35328028
Daz,

Excellent it worked...Thank u Very Much.....
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now