Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need a VB Script to clear out a specific AD Attribute

Posted on 2011-03-16
7
Medium Priority
?
559 Views
Last Modified: 2012-05-11
I am needing a vb script that I can specify a specific OU to clear out the extensionAttribute4 for all users within that defined attribute.
0
Comment
Question by:seaninman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 28

Expert Comment

by:omgang
ID: 35148861
Try this.
OM Gang



Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "OU=users,OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = ""

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
For Each objOU in objParentOU
        'filter for user objects
    objOU.Filter = Array("user")
    For Each objUser in objOU
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
    Next    'objUser
Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35149071
I am getting this error.  I updated the strContainer line but wasn't sure if it just need the OU's or if it need the whole domain.com piece as well.   strContainer = "OU=TST,OU=Home Office,OU=Users" error
0
 
LVL 28

Expert Comment

by:omgang
ID: 35149125
I actually stripped down and existing script I have to populate a different extension attribute with a user selected value.  Let me test what I posted and I'll get back to you.
OM Gang
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Accepted Solution

by:
omgang earned 2000 total points
ID: 35149385
I had nested loops, the first was enumerating each OU in the specified OU.  Try this.  Note that I changed the value for the extension attribute from an empty string to "<not set>".  Tested and this works.
OM Gang

Option Explicit
'sets the AD object ExtensionAttribute4

Dim strDNSDomain, strContainer, strMsg, strExtAttr4
Dim objUser, objRootDSE, objParentOU, objFSO, objFile, objOU, objShell
Dim intRow
Dim blResult
Dim arrMemberOf

    'modify this for your environment
strContainer = "ou=Users, OU=MyCompany, "

    'value we want to assign to extension attribute 4
strExtAttr4 = "<not set>"

    'get AD domain directory object
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    'set pointer to AD org unit we want to work with
Set objParentOU = GetObject("LDAP://"& strContainer & strDNSDomain)
    'filter for ou objects
'objParentOU.Filter = Array("organizationalunit")
    'iterate through objects looking for the user we want to modify
'For Each objOU in objParentOU
        'filter for user objects
    'objOU.Filter = Array("user")
    objParentOU.Filter = Array("user")
    'For Each objUser in objOU
    For Each objUser in objParentOU
      'If objUser.sAMAccountName = "MyLoginID" Then      'for testing just on my own account
            objUser.put "extensionattribute4", strExtAttr4
            objUser.SetInfo
      'End If
    Next    'objUser
'Next    'objOU

    'destroy object variables
Set objShell = Nothing
Set objUser = Nothing
Set objOU = Nothing
Set objParentOU = Nothing
Set objRootDSE = Nothing

WScript.Quit
0
 
LVL 4

Author Comment

by:seaninman
ID: 35150431
Cool, that worked.  What do I need to add at the end of this to let me know the script is finished?
0
 
LVL 28

Expert Comment

by:omgang
ID: 35150663
MsgBox "What is thy bidding Master?", , "Task Complete As Commanded"

or

WScript.Echo "All Finished"

Put either before the WScript.Quit command.

OM Gang
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35153492
You should try the following...

On Error Resume Next
' Get OU
'
strOU = "OU=Users,DC=domain,DC=com" 'Give the OU Path

Const ADS_PROPERTY_CLEAR = 1
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
"<LDAP://" & strOU & ">;" & _
"(&(objectclass=user)(objectcategory=person));" & _
"distinguishedname,sAMAccountName;subtree"
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
 
    WScript.Echo objRecordSet.Fields("distinguishedname").Value
    WScript.Echo objRecordSet.Fields("sAMAccountName").Value
    Set objUser = GetObject("LDAP://"&objRecordSet.Fields("distinguishedname").Value)
    objUser.PutEx ADS_PROPERTY_CLEAR, "extensionattribute4", 0
    objUser.SetInfo
   
    objRecordSet.MoveNext
Loop

' Clean up
'
objRecordSet.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
objConnection.Close
Set objConnection = Nothing
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
I met Paul Devereux (@pdevereux) today when I responded to his tweet asking “Anybody know how to automate adding files from disk to a folder in #outlook  ?”.  I replied back and told Paul that using automation, in this case scripting, to add files t…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question