Solved

AD user script

Posted on 2013-01-27
7
211 Views
Last Modified: 2014-10-28
Hi All,
I would like a script that will do the following for a user or users based on excel or text file which ever is easier to script.  It does not have to be in the order below.

-Change password to XXXXX (password will always be the same)
-Add a group membership & set as primary (group will always be the same)
-Remove all other groups except the primary from above step
-Copy Manger info to Notes field under telephone tab
-Remove Manager name
-Remove fax & mobile & ip phone numbers from telephone tab (all fields may not have data)
-Remove telephone from general tab
-Move account to a different OU (This will vary)  

Thanks all for your hard work.   If you have any suggestions, I am open to it.
0
Comment
Question by:keonh
7 Comments
 
LVL 39

Expert Comment

by:footech
Comment Utility
@keonh - I don't want to sound too harsh, but...
It always irks me when I see someone asking for a complete script that does more than one or two things.  People get paid good money to write custom stuff like that.  I understand that people have different skill sets and may not have experience as a scripter, but when something this specific is required they should try to learn and contribute to the solution or hire a consultant to do it for them.  I love helping people out at this site, but I don't like doing their job for them.  Good luck.
0
 
LVL 4

Expert Comment

by:palicos
Comment Utility
Yes agreeing to foot tech this is something a complete help.If thats the issues then why are you searching, opt a third party tool that will make your work easier.

If you would ask to give a script on password update or name update then this would be the best part to explain you up.Same like on all of your issues.

Thanks.
0
 
LVL 17

Expert Comment

by:Tony Massa
Comment Utility
Here's a sample script that works well.  Customize to fit your needs.
http://www.rlmueller.net/Programs/CreateUsers.txt

You should probably try to learn PowerShell as it will be the defacto scripting language for years to come...http://www.rlmueller.net/ has a lot of very good examples in VB and PS.
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
Comment Utility
Hi, I haven't fully tested this, but change the usernames in the array at the top, and see if it works.  It should do all that you have asked.

Regards,

Rob,

arrUsers = Array("user1", "user2")
strPassword = "newpassword"
strNewPrimaryGroup = "CN=New_Group,OU=Our Groups,DC=domain,DC=com"
strNewParentDN = "OU=NewOU,OU=Our OUs,DC=domain,DC=com"

Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

For Each strUserName In arrUsers
	strADSPath = Get_LDAP_User_Properties("user", "samAccountName", strUsername, "adspath")
	If strADsPath <> "" Then
		' Bind to the user
		Set objUser = GetObject(strADsPath)

		' Change the password
		objUser.SetPassword strPassword
		objUser.SetInfo
		
		' Set the primary group
		Set objPrimaryGroup = GetObject("LDAP://" & strNewPrimaryGroup)
		objPrimaryGroup.Add(objNewUser.ADsPath)
		objPrimaryGroup.GetInfoEx Array("primaryGroupToken"), 0
		objNewUser.primaryGroupID = objPrimaryGroup.primaryGroupToken
		objNewUser.SetInfo

		' Remove from all other groups
		On Error Resume Next
		arrMemberOf = objUser.GetEx("memberOf")
		If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
			'WScript.Echo "This account is not a member of any security groups."
		Else
			For Each strGroupPath In arrMemberOf
			    Set objGroup = GetObject("LDAP://" & strGroupPath)
			    objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(objUser.distinguishedName)
			    objGroup.SetInfo
			Next
		End If

		' Put manager name into Notes field (info)
		strManager = objUser.manager
		If strManager <> "" Then
			objUser.info = strManager
			objUser.SetInfo
			' Remove the manager
			objuser.PutEx ADS_PROPERTY_CLEAR, "Manager", 0
		End If
		
		' Remove fax, mobile, and IP numbers
		objUser.facsimileTelephoneNumber = ""
		objUser.ipPhone = ""
		objUser.mobile = ""
		objUser.SetInfo
		
		' Remove telephone number from General tab
		objUser.telephoneNumber = ""
		objUser.SetInfo
		
		' Move the user to a new account
		Set objNewOU = GetObject(strNewParentDN)
		objNewOU.MoveHere "LDAP://" & objUser.distinguishedName, vbNullString
		
	End If
Next

Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
    
    ' This is a custom function that connects to the Active Directory, and returns the specific
    ' Active Directory attribute value, of a specific Object.
    ' strObjectType: usually "User" or "Computer"
    ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.
    '             It filters the results by the value of strObjectToGet
    ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.
    '             For example, if you are searching based on the user account name, strSearchField
    '             would be "samAccountName", and strObjectToGet would be that speicific account name,
    '             such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"
    ' strCommaDelimProps: the field from the object to actually return.  For example, if you wanted
    '             the home folder path, as defined by the AD, for a specific user, this would be
    '             "homeDirectory".  If you want to return the ADsPath so that you can bind to that
    '             user and get your own parameters from them, then use "ADsPath" as a return string,
    '             then bind to the user: Set objUser = GetObject("LDAP://" & strReturnADsPath)
    
    ' Now we're checking if the user account passed may have a domain already specified,
    ' in which case we connect to that domain in AD, instead of the default one.
    If InStr(strObjectToGet, "\") > 0 Then
          arrGroupBits = Split(strObjectToGet, "\")
          strDC = arrGroupBits(0)
          strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
          strObjectToGet = arrGroupBits(1)
    Else
    ' Otherwise we just connect to the default domain
          Set objRootDSE = GetObject("LDAP://RootDSE")
          strDNSDomain = objRootDSE.Get("defaultNamingContext")
    End If

    strBase = "<LDAP://" & strDNSDomain & ">"
    ' Setup ADO objects.
    Set adoCommand = CreateObject("ADODB.Command")
    Set ADOConnection = CreateObject("ADODB.Connection")
    ADOConnection.Provider = "ADsDSOObject"
    ADOConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = ADOConnection


    ' Filter on user objects.
    'strFilter = "(&(objectCategory=person)(objectClass=user))"
    strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"

    ' Comma delimited list of attribute values to retrieve.
    strAttributes = strCommaDelimProps
    arrProperties = Split(strCommaDelimProps, ",")

    ' Construct the LDAP syntax query.
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
    adoCommand.CommandText = strQuery
    ' Define the maximum records to return
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False

    ' Run the query.
    Set adoRecordset = adoCommand.Execute
    ' Enumerate the resulting recordset.
    strReturnVal = ""
    Do Until adoRecordset.EOF
        ' Retrieve values and display.
        For intCount = LBound(arrProperties) To UBound(arrProperties)
            If strReturnVal = "" Then
                If IsArray(adoRecordset.Fields(intCount).Value) Then
                    For Each strValue In adoRecordset.Fields(intCount).Value
                        If strReturnVal = "" Then
                            strReturnVal = strValue
                        Else
                            strReturnVal = strReturnVal & ", " & strValue
                        End If
                    Next
                Else
                    strReturnVal = adoRecordset.Fields(intCount).Value
                End If
            Else
                If IsArray(adoRecordset.Fields(intCount).Value) Then
                    For Each strValue In adoRecordset.Fields(intCount).Value
                        strReturnVal = strReturnVal & ", " & strValue
                    Next
                Else
                    strReturnVal = strReturnVal & ", " & adoRecordset.Fields(intCount).Value
                End If
            End If
        Next
        ' Move to the next record in the recordset.
        adoRecordset.MoveNext
    Loop
 
    ' Clean up.
    adoRecordset.Close
    ADOConnection.Close
    Get_LDAP_User_Properties = strReturnVal
     
End Function

Open in new window

0
 

Author Comment

by:keonh
Comment Utility
Thanks everyone!!!!  I will test them & see what happens.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Mapped shared drives are with red X mark 4 43
Exchange 2013 Message Loop 7 29
Windows server 2008 5 30
Folder NTFS Permissions 14 63
This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now