Solved

change user account control

Posted on 2011-02-14
6
482 Views
Last Modified: 2012-05-11
I need a script that reads from a txt file (set of names) that i can drag and drop into a script that will enable Smart Card required. Can somebody help me with this please.

Thanks in advance
0
Comment
Question by:Skibo187
  • 4
6 Comments
 
LVL 5

Expert Comment

by:mickinoz2005
ID: 34891954
Can you be a bit more descriptive to what you need you question is not very clear.
0
 

Author Comment

by:Skibo187
ID: 34892375
mickinoz2005:
I have a group of people that I need to have Smart Card is required for interactive logon. checked off, and I dont want to go thru each account and do it manually.So, I was wondering if anybody had a VB script that can check off Smart Card required on active directory for people accounts. Also, is there a way to have a  txt file with there names that i can drag into the script so it can read and make the changes for only those people accounts.

In other words, have a text file with peoples names whos accounts that need to be change. and drag it to the script so it can change Smart card logon.

Thanks again, hope this helps, let me know if you need any more input.
0
 

Author Comment

by:Skibo187
ID: 34910483
Here is a script that i found in this forum,and i am trying to do the same thing, I have to change several accounts in different OU, But not all of the same people in the same OU need Smart Card. One thing This script still wont work.

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22799803.html?sfQueryTermInfo=1+10+30+card+enabl+logon+script+smart

******************** Start Script *************************************************
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Dim strFirstLetter ,strUName, intDo

'Change the first letter here
strFirstLetter = "M"

'Change the Domain name and OU here
Set objOU = GetObject _
   ("LDAP://ou=TestUsers,dc=TOP,dc=MIL")

For Each objUser In objOU
      strUName = objUser.Get("sn")
        intDo = 0
        intDo = Left(strUName,1)
     
      If intDo = strFirstLetter then
              intUAC = objUser.Get("userAccountControl")
                    If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then
                                 objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
                                 objUser.SetInfo
                     End If
            End If
Next

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 13

Accepted Solution

by:
Daz_1234 earned 500 total points
ID: 35236108
Hi,

Please try the script below.

It requires an input file containing usernames (sAMAccountNames / NT Logon names), one per line.  If you drag the input file onto the script it will begin.

It will log to a file in the same folder as the script - the log will be called <scriptname>.log

The script must be run logged on as a user with permissions to edit user objects (obviously a domain admin will do).

PLEASE PLEASE PLEASE PLEASE PLEASE test on test user accounts first many times before attempting to use this script on live user accounts.

Good luck,
Daz.
Const SMARTCARD_REQUIRED = &H40000

If WScript.Arguments.Count < 1 Then
    strFile = InputBox ("Enter the full path to the input file of usernames:", "Enter File Path")
    If strFile = "" Then WScript.Quit
Else
    strFile = WScript.Arguments(0)
    MsgBox strFile,,"Input File:"
End If

Set fso = CreateObject("Scripting.FileSystemObject")
If Not fso.FileExists(strFile) Then
    MsgBox "Cannot find file '" & strFile & "'", vbCritical + vbSystemModal, "File not Found"
    WScript.Quit 1
End If

arrUsers = Split(fso.OpenTextFile(strFile, 1).ReadAll, vbCrlf)
strUsers = "¶" & Join(arrUsers, "¶") & "¶"

strCurrDir = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strLog = Replace(WScript.ScriptName, ".vbs", ".log")

Set tsLog = fso.OpenTextFile(strCurrDir & strLog, 8, True)
tsLog.WriteLine "### Starting Run at " & Now() & " ###"

'# ADO Init
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strConfig = objRootDSE.Get("configurationNamingContext")
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open = "ADProvider"
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 900
'#


strFilter = "(&(objectCategory=person))"

strAttributes = "distinguishedName,sAMAccountName, userAccountControl"

strBase = "<LDAP://" & strDNSDomain & ">"'
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery

Set objRecordSet = objCommand.Execute

blNone = True
Do Until objRecordSet.EOF
    strNTName = objRecordSet.Fields("sAMAccountName")
    If InStr(1, strUsers, "¶" & strNTName & "¶", 1) <> 0 Then
        strDN = objRecordSet.Fields("distinguishedName")
        dblUAC = objRecordSet.Fields("userAccountControl")
        If Not dblUAC And SMARTCARD_REQUIRED Then
            Set objUser = GetObject("LDAP://" & strDN)
            objUser.Put "userAccountControl", dblUAC + SMARTCARD_REQUIRED
            objUser.SetInfo
            tsLog.WriteLine "Changing account '" & strNTName & "'"
            blNone = False
        Else
            tsLog.WriteLine "User '" & strNTName & "' checked: Already set Ok"
        End If
    End If

    objRecordSet.MoveNext
Loop

If blNone Then
    tsLog.WriteLine "No Accounts amended."
    tsLog.Close
    MsgBox "No Accounts amended."
Else
    tsLog.Close
    MsgBox "Done!"
End If

Open in new window

0
 

Author Comment

by:Skibo187
ID: 35311367
Ok will try this in few hours, being really careful on this one...
0
 

Author Closing Comment

by:Skibo187
ID: 35328028
Daz,

Excellent it worked...Thank u Very Much.....
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Limit the # times a macro code will run 14 51
Modify Permissions in Windows Folders. 15 32
Locate Source of Failed AD Authentication 7 21
Powershell query 1 23
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question