Solved

Need a VB Script to clear out a specific AD Attribute

Posted on 2011-03-16
7
547 Views
Last Modified: 2012-05-11
I am needing a vb script that I can specify a specific OU to clear out the extensionAttribute4 for all users within that defined attribute.
0
Comment
Question by:seaninman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 28

Expert Comment

by:omgang
ID: 35148861
Try this.
OM Gang



Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "OU=users,OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = ""

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
For Each objOU in objParentOU
        'filter for user objects
    objOU.Filter = Array("user")
    For Each objUser in objOU
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
    Next    'objUser
Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35149071
I am getting this error.  I updated the strContainer line but wasn't sure if it just need the OU's or if it need the whole domain.com piece as well.   strContainer = "OU=TST,OU=Home Office,OU=Users" error
0
 
LVL 28

Expert Comment

by:omgang
ID: 35149125
I actually stripped down and existing script I have to populate a different extension attribute with a user selected value.  Let me test what I posted and I'll get back to you.
OM Gang
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Accepted Solution

by:
omgang earned 500 total points
ID: 35149385
I had nested loops, the first was enumerating each OU in the specified OU.  Try this.  Note that I changed the value for the extension attribute from an empty string to "<not set>".  Tested and this works.
OM Gang

Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "ou=Users, OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = "<not set>"

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
'objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
'For Each objOU in objParentOU
        'filter for user objects
    'objOU.Filter = Array("user")
    objParentOU.Filter = Array("user")
    'For Each objUser in objOU
    For Each objUser in objParentOU
      'If objUser.sAMAccountName = "MyLoginID" Then      'for testing just on my own account
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
      'End If
    Next    'objUser
'Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35150431
Cool, that worked.  What do I need to add at the end of this to let me know the script is finished?
0
 
LVL 28

Expert Comment

by:omgang
ID: 35150663
MsgBox "What is thy bidding Master?", , "Task Complete As Commanded"

or

WScript.Echo "All Finished"

Put either before the WScript.Quit command.

OM Gang
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35153492
You should try the following...

On Error Resume Next
' Get OU
'
strOU = "OU=Users,DC=domain,DC=com" 'Give the OU Path

Const ADS_PROPERTY_CLEAR = 1
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
"<LDAP://" & strOU & ">;" & _
"(&(objectclass=user)(objectcategory=person));" & _
"distinguishedname,sAMAccountName;subtree"
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
 
    WScript.Echo objRecordSet.Fields("distinguishedname").Value
    WScript.Echo objRecordSet.Fields("sAMAccountName").Value
    Set objUser = GetObject("LDAP://"&objRecordSet.Fields("distinguishedname").Value)
    objUser.PutEx ADS_PROPERTY_CLEAR, "extensionattribute4", 0
    objUser.SetInfo
   
    objRecordSet.MoveNext
Loop

' Clean up
'
objRecordSet.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
objConnection.Close
Set objConnection = Nothing
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question