Solved

Need a VB Script to clear out a specific AD Attribute

Posted on 2011-03-16
7
527 Views
Last Modified: 2012-05-11
I am needing a vb script that I can specify a specific OU to clear out the extensionAttribute4 for all users within that defined attribute.
0
Comment
Question by:seaninman
  • 4
  • 2
7 Comments
 
LVL 28

Expert Comment

by:omgang
ID: 35148861
Try this.
OM Gang



Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "OU=users,OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = ""

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
For Each objOU in objParentOU
        'filter for user objects
    objOU.Filter = Array("user")
    For Each objUser in objOU
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
    Next    'objUser
Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35149071
I am getting this error.  I updated the strContainer line but wasn't sure if it just need the OU's or if it need the whole domain.com piece as well.   strContainer = "OU=TST,OU=Home Office,OU=Users" error
0
 
LVL 28

Expert Comment

by:omgang
ID: 35149125
I actually stripped down and existing script I have to populate a different extension attribute with a user selected value.  Let me test what I posted and I'll get back to you.
OM Gang
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 28

Accepted Solution

by:
omgang earned 500 total points
ID: 35149385
I had nested loops, the first was enumerating each OU in the specified OU.  Try this.  Note that I changed the value for the extension attribute from an empty string to "<not set>".  Tested and this works.
OM Gang

Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "ou=Users, OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = "<not set>"

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
'objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
'For Each objOU in objParentOU
        'filter for user objects
    'objOU.Filter = Array("user")
    objParentOU.Filter = Array("user")
    'For Each objUser in objOU
    For Each objUser in objParentOU
      'If objUser.sAMAccountName = "MyLoginID" Then      'for testing just on my own account
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
      'End If
    Next    'objUser
'Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35150431
Cool, that worked.  What do I need to add at the end of this to let me know the script is finished?
0
 
LVL 28

Expert Comment

by:omgang
ID: 35150663
MsgBox "What is thy bidding Master?", , "Task Complete As Commanded"

or

WScript.Echo "All Finished"

Put either before the WScript.Quit command.

OM Gang
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35153492
You should try the following...

On Error Resume Next
' Get OU
'
strOU = "OU=Users,DC=domain,DC=com" 'Give the OU Path

Const ADS_PROPERTY_CLEAR = 1
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
"<LDAP://" & strOU & ">;" & _
"(&(objectclass=user)(objectcategory=person));" & _
"distinguishedname,sAMAccountName;subtree"
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
 
    WScript.Echo objRecordSet.Fields("distinguishedname").Value
    WScript.Echo objRecordSet.Fields("sAMAccountName").Value
    Set objUser = GetObject("LDAP://"&objRecordSet.Fields("distinguishedname").Value)
    objUser.PutEx ADS_PROPERTY_CLEAR, "extensionattribute4", 0
    objUser.SetInfo
   
    objRecordSet.MoveNext
Loop

' Clean up
'
objRecordSet.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
objConnection.Close
Set objConnection = Nothing
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now