?
Solved

change user account control

Posted on 2011-02-14
6
Medium Priority
?
500 Views
Last Modified: 2012-05-11
I need a script that reads from a txt file (set of names) that i can drag and drop into a script that will enable Smart Card required. Can somebody help me with this please.

Thanks in advance
0
Comment
Question by:Skibo187
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 5

Expert Comment

by:mickinoz2005
ID: 34891954
Can you be a bit more descriptive to what you need you question is not very clear.
0
 

Author Comment

by:Skibo187
ID: 34892375
mickinoz2005:
I have a group of people that I need to have Smart Card is required for interactive logon. checked off, and I dont want to go thru each account and do it manually.So, I was wondering if anybody had a VB script that can check off Smart Card required on active directory for people accounts. Also, is there a way to have a  txt file with there names that i can drag into the script so it can read and make the changes for only those people accounts.

In other words, have a text file with peoples names whos accounts that need to be change. and drag it to the script so it can change Smart card logon.

Thanks again, hope this helps, let me know if you need any more input.
0
 

Author Comment

by:Skibo187
ID: 34910483
Here is a script that i found in this forum,and i am trying to do the same thing, I have to change several accounts in different OU, But not all of the same people in the same OU need Smart Card. One thing This script still wont work.

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22799803.html?sfQueryTermInfo=1+10+30+card+enabl+logon+script+smart

******************** Start Script *************************************************
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Dim strFirstLetter ,strUName, intDo

'Change the first letter here
strFirstLetter = "M"

'Change the Domain name and OU here
Set objOU = GetObject _
   ("LDAP://ou=TestUsers,dc=TOP,dc=MIL")

For Each objUser In objOU
      strUName = objUser.Get("sn")
        intDo = 0
        intDo = Left(strUName,1)
     
      If intDo = strFirstLetter then
              intUAC = objUser.Get("userAccountControl")
                    If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then
                                 objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
                                 objUser.SetInfo
                     End If
            End If
Next

0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 13

Accepted Solution

by:
Daz_1234 earned 2000 total points
ID: 35236108
Hi,

Please try the script below.

It requires an input file containing usernames (sAMAccountNames / NT Logon names), one per line.  If you drag the input file onto the script it will begin.

It will log to a file in the same folder as the script - the log will be called <scriptname>.log

The script must be run logged on as a user with permissions to edit user objects (obviously a domain admin will do).

PLEASE PLEASE PLEASE PLEASE PLEASE test on test user accounts first many times before attempting to use this script on live user accounts.

Good luck,
Daz.
Const SMARTCARD_REQUIRED = &H40000

If WScript.Arguments.Count < 1 Then
    strFile = InputBox ("Enter the full path to the input file of usernames:", "Enter File Path")
    If strFile = "" Then WScript.Quit
Else
    strFile = WScript.Arguments(0)
    MsgBox strFile,,"Input File:"
End If

Set fso = CreateObject("Scripting.FileSystemObject")
If Not fso.FileExists(strFile) Then
    MsgBox "Cannot find file '" & strFile & "'", vbCritical + vbSystemModal, "File not Found"
    WScript.Quit 1
End If

arrUsers = Split(fso.OpenTextFile(strFile, 1).ReadAll, vbCrlf)
strUsers = "¶" & Join(arrUsers, "¶") & "¶"

strCurrDir = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strLog = Replace(WScript.ScriptName, ".vbs", ".log")

Set tsLog = fso.OpenTextFile(strCurrDir & strLog, 8, True)
tsLog.WriteLine "### Starting Run at " & Now() & " ###"

'# ADO Init
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strConfig = objRootDSE.Get("configurationNamingContext")
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open = "ADProvider"
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 900
'#


strFilter = "(&(objectCategory=person))"

strAttributes = "distinguishedName,sAMAccountName, userAccountControl"

strBase = "<LDAP://" & strDNSDomain & ">"'
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery

Set objRecordSet = objCommand.Execute

blNone = True
Do Until objRecordSet.EOF
    strNTName = objRecordSet.Fields("sAMAccountName")
    If InStr(1, strUsers, "¶" & strNTName & "¶", 1) <> 0 Then
        strDN = objRecordSet.Fields("distinguishedName")
        dblUAC = objRecordSet.Fields("userAccountControl")
        If Not dblUAC And SMARTCARD_REQUIRED Then
            Set objUser = GetObject("LDAP://" & strDN)
            objUser.Put "userAccountControl", dblUAC + SMARTCARD_REQUIRED
            objUser.SetInfo
            tsLog.WriteLine "Changing account '" & strNTName & "'"
            blNone = False
        Else
            tsLog.WriteLine "User '" & strNTName & "' checked: Already set Ok"
        End If
    End If

    objRecordSet.MoveNext
Loop

If blNone Then
    tsLog.WriteLine "No Accounts amended."
    tsLog.Close
    MsgBox "No Accounts amended."
Else
    tsLog.Close
    MsgBox "Done!"
End If

Open in new window

0
 

Author Comment

by:Skibo187
ID: 35311367
Ok will try this in few hours, being really careful on this one...
0
 

Author Closing Comment

by:Skibo187
ID: 35328028
Daz,

Excellent it worked...Thank u Very Much.....
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question