Solved

Need a VB Script to clear out a specific AD Attribute

Posted on 2011-03-16
7
544 Views
Last Modified: 2012-05-11
I am needing a vb script that I can specify a specific OU to clear out the extensionAttribute4 for all users within that defined attribute.
0
Comment
Question by:seaninman
  • 4
  • 2
7 Comments
 
LVL 28

Expert Comment

by:omgang
ID: 35148861
Try this.
OM Gang



Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "OU=users,OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = ""

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
For Each objOU in objParentOU
        'filter for user objects
    objOU.Filter = Array("user")
    For Each objUser in objOU
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
    Next    'objUser
Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35149071
I am getting this error.  I updated the strContainer line but wasn't sure if it just need the OU's or if it need the whole domain.com piece as well.   strContainer = "OU=TST,OU=Home Office,OU=Users" error
0
 
LVL 28

Expert Comment

by:omgang
ID: 35149125
I actually stripped down and existing script I have to populate a different extension attribute with a user selected value.  Let me test what I posted and I'll get back to you.
OM Gang
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 28

Accepted Solution

by:
omgang earned 500 total points
ID: 35149385
I had nested loops, the first was enumerating each OU in the specified OU.  Try this.  Note that I changed the value for the extension attribute from an empty string to "<not set>".  Tested and this works.
OM Gang

Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "ou=Users, OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = "<not set>"

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
'objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
'For Each objOU in objParentOU
        'filter for user objects
    'objOU.Filter = Array("user")
    objParentOU.Filter = Array("user")
    'For Each objUser in objOU
    For Each objUser in objParentOU
      'If objUser.sAMAccountName = "MyLoginID" Then      'for testing just on my own account
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
      'End If
    Next    'objUser
'Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35150431
Cool, that worked.  What do I need to add at the end of this to let me know the script is finished?
0
 
LVL 28

Expert Comment

by:omgang
ID: 35150663
MsgBox "What is thy bidding Master?", , "Task Complete As Commanded"

or

WScript.Echo "All Finished"

Put either before the WScript.Quit command.

OM Gang
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35153492
You should try the following...

On Error Resume Next
' Get OU
'
strOU = "OU=Users,DC=domain,DC=com" 'Give the OU Path

Const ADS_PROPERTY_CLEAR = 1
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
"<LDAP://" & strOU & ">;" & _
"(&(objectclass=user)(objectcategory=person));" & _
"distinguishedname,sAMAccountName;subtree"
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
 
    WScript.Echo objRecordSet.Fields("distinguishedname").Value
    WScript.Echo objRecordSet.Fields("sAMAccountName").Value
    Set objUser = GetObject("LDAP://"&objRecordSet.Fields("distinguishedname").Value)
    objUser.PutEx ADS_PROPERTY_CLEAR, "extensionattribute4", 0
    objUser.SetInfo
   
    objRecordSet.MoveNext
Loop

' Clean up
'
objRecordSet.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
objConnection.Close
Set objConnection = Nothing
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question