Solved

IE to get user creds in VBS

Posted on 2013-11-10
9
451 Views
Last Modified: 2013-11-11
I have figured out how to get multiple inputs but not sure how to extract the data for use in a variable for the rest of my VB script.

PasswordBox("Please enter your domain admin credentials.") 
Wscript.Echo ("Domain: ") & domain
Wscript.Echo ("User: ") & admuser
Wscript.Echo ("Password: ") & pass


Function PasswordBox(sTitle) 
  set oIE = CreateObject("InternetExplorer.Application") 
  With oIE 
    .FullScreen = False 
    .ToolBar   = False : .RegisterAsDropTarget = False 
    .StatusBar = False : .Navigate("about:blank") 
    While .Busy : WScript.Sleep 200 : Wend 
    With .document 
      With .ParentWindow 
        .resizeto 350,210 
        .moveto .screen.width/2-200, .screen.height/2-50 
      End With 
      .Write("<html><body bgColor=Silver><center>") 
      .Write( sTitle ) 
      .Write("<br />") 
	  .Write("<input type=radio name=domain value=domain1 checked=checked>Domain1")
	  .Write("<input type=radio name=domain value=domain2>Domain2<br />")
      .Write("Username: <input type=test id=admuser><br />")
      .Write("Password: <input type=password id=pass><br />" & _ 
               "<button id=but3>Submit</button>")
      .WriteLn("</center></body></html>") 
      With .ParentWindow.document.body 
        .scroll="no" 
        .style.borderStyle = "outset" 
        .style.borderWidth = "3px" 
      End With 
      .all.but3.onclick = getref("PasswordBox_Submit") 
      .all.pass.focus 
      oIE.Visible = True 
      bPasswordBoxOkay = False : bPasswordBoxWait = True 
      On Error Resume Next 
      While bPasswordBoxWait 
        WScript.Sleep 100 
        if oIE.Visible Then bPasswordBoxWait = bPasswordBoxWait 
        if Err Then bPasswordBoxWait = False 
      Wend 
      PasswordBox = .all.pass.value 
	  .Quit
    End With ' document 
    .Visible = False 
	.Quit
  End With   ' IE 
End Function 


Sub PasswordBox_Submit() 
  bPasswordBoxWait = False 
End Sub

Open in new window

0
Comment
Question by:pphreadr
  • 5
  • 4
9 Comments
 
LVL 65

Accepted Solution

by:
RobSampson earned 150 total points
Comment Utility
Hi, try changing
      PasswordBox = .all.pass.value

to
      PasswordBox = .all.admuser.value & "|" & .all.pass.value

and then use
arrCreds = Split(PasswordBox("Please enter your domain admin credentials."), "|")
Wscript.Echo ("User: " & arrCreds(0))
Wscript.Echo ("Password: " & arrCreds(1))


Rob.
0
 

Author Comment

by:pphreadr
Comment Utility
RobSampson

Again you find the answer. Now although I can add a text box for the domain, and use:
arrCreds = Split(PasswordBox("Please enter your domain admin credentials."), "|")
admDomain = arrCreds(0)
admUser = arrCreds(1)
admPW = arrCreds(2)
Wscript.Echo "Domain: " & admDomain
Wscript.Echo "User: " & admUser
Wscript.Echo "Password: " & admPW

Open in new window

and
     .Write("Username: <input type=test id=admuser><br />")

Open in new window


I would rather use either a dropdown or radio buttons, because I only have 2 domains to work with.

How do I determine which radio button is checked?
0
 

Author Comment

by:pphreadr
Comment Utility
Oops the correct domain code is:
.Write("Domain: <input type=test id=domain><br />")

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
Hi, with your radio option in your original code (the one with name=domain), does this work:

      PasswordBox = all.domain.value & "|" & .all.pass.value & "|" & .all.admuser.value

You may need to add id=domain to the radio options, or id='domain'

On the other hand, instead of launching an IE window to get this job done, and then, I assume, continuing the VBS to perform some other task, have you considered using a HTA, where you can design a UI, and run code directly in that HTA?

Regards,

Rob.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:pphreadr
Comment Utility
Rob

I have tried your suggestion for id-domain, but since there are 2 radio buttons it does not like that. I have decided to go with the same text box that is used for admUser. Thanks for the help.

As for an HTA, I have never really done that. I am assuming that what I am doing is using VB to create the interface and logic and calling IE (html) when needed, whereas an HTA would use html as the main interface and calling vb when needed.

If that is the case it sounds like the HTA would have a cleaner interface (less clunky than what I have), but I would basically have to start over. I like the idea, but I wanted to try and get this working by Tuesday.

That said this post has been in prep for #2 in the menu below, as I will need the domain creds to reset a computer account.
I am trying to create a stand alone file that will do the following:
Menu;
1. Join a computer to a Workgroup
2. Reset AD Computer Account for the computer
3. Reset the local Administrator's password
4. Release the IP and shutdown computer
5. Do 1 - 4 in sequence
6. Join a Workgroup computer to a Domain

1. I have found several scripts that will remove a computer from a domain, but I want to have the local computer joined to a workgroup without removing the account from the domain. I want the computer detached from the domain, so I can reset the computer account later.

2. I am not sure if I have to specify the complete path to the OU the computer resides in, or can I simply code 'reset computer XXX' and it will find it for me.

3. DONE
4. DONE
5. easy
6. Once a computer is part of a workgroup and the AD account has been reset this should be fairly easy.

I am sure I will have more posts to follow....hopefully today.
0
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
OK, so it's getting bigger ;-)

For step 1, try something like this:
Const NETSETUP_ACCT_DELETE = 2 'Disables computer account in domain.
strUser = "administrator"
strPassword = "password"

Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\.\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'")
strDomain = objComputer.Domain

intReturn = objComputer.UnjoinDomainOrWorkgroup(strPassword, strDomain & "\" & strUser, NETSETUP_ACCT_DELETE)

Open in new window


Which should remove the computer from the domain, and disable the computer account.

For step 2, try code like this, to search AD for the computer name, and then reset the password:
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

strADsPath = Get_LDAP_User_Properties("computer", "name", strComputer, "adsPath")
If strADsPath <> "" Then
	Set objComputer = GetObject(strADsPath)
	objComputer.SetPassword strComputer & "$"
End If

Private Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
    
    ' This is a custom function that connects to the Active Directory, and returns the specific
    ' Active Directory attribute value, of a specific Object.
    ' strObjectType: usually "User" or "Computer"
    ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.
    '             It filters the results by the value of strObjectToGet
    ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.
    '             For example, if you are searching based on the user account name, strSearchField
    '             would be "samAccountName", and strObjectToGet would be that speicific account name,
    '             such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"
    ' strCommaDelimProps: the field from the object to actually return.  For example, if you wanted
    '             the home folder path, as defined by the AD, for a specific user, this would be
    '             "homeDirectory".  If you want to return the ADsPath so that you can bind to that
    '             user and get your own parameters from them, then use "ADsPath" as a return string,
    '             then bind to the user: Set objUser = GetObject("LDAP://" & strReturnADsPath)
    
    ' Now we're checking if the user account passed may have a domain already specified,
    ' in which case we connect to that domain in AD, instead of the default one.
    If InStr(strObjectToGet, "\") > 0 Then
          arrGroupBits = Split(strObjectToGet, "\")
          strDC = arrGroupBits(0)
          strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
          strObjectToGet = arrGroupBits(1)
    Else
    ' Otherwise we just connect to the default domain
          Set objRootDSE = GetObject("LDAP://RootDSE")
          strDNSDomain = objRootDSE.Get("defaultNamingContext")
    End If

    strBase = "<LDAP://" & strDNSDomain & ">"
    ' Setup ADO objects.
    Set adoCommand = CreateObject("ADODB.Command")
    Set ADOConnection = CreateObject("ADODB.Connection")
    ADOConnection.Provider = "ADsDSOObject"
    ADOConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = ADOConnection


    ' Filter on user objects.
    'strFilter = "(&(objectCategory=person)(objectClass=user))"
    strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"

    ' Comma delimited list of attribute values to retrieve.
    strAttributes = strCommaDelimProps
    arrProperties = Split(strCommaDelimProps, ",")

    ' Construct the LDAP syntax query.
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
    adoCommand.CommandText = strQuery
    ' Define the maximum records to return
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False

    ' Run the query.
    Set adoRecordset = adoCommand.Execute
    ' Enumerate the resulting recordset.
    strReturnVal = ""
    Do Until adoRecordset.EOF
        ' Retrieve values and display.
        For intCount = LBound(arrProperties) To UBound(arrProperties)
            If strReturnVal = "" Then
                If IsArray(adoRecordset.Fields(intCount).Value) Then
                    For Each strValue In adoRecordset.Fields(intCount).Value
                        If strReturnVal = "" Then
                            strReturnVal = strValue
                        Else
                            strReturnVal = strReturnVal & ", " & strValue
                        End If
                    Next
                Else
                    strReturnVal = adoRecordset.Fields(intCount).Value
                End If
            Else
                If IsArray(adoRecordset.Fields(intCount).Value) Then
                    For Each strValue In adoRecordset.Fields(intCount).Value
                        strReturnVal = strReturnVal & ", " & strValue
                    Next
                Else
                    strReturnVal = strReturnVal & ", " & adoRecordset.Fields(intCount).Value
                End If
            End If
        Next
        ' Move to the next record in the recordset.
        adoRecordset.MoveNext
    Loop
 
    ' Clean up.
    adoRecordset.Close
    ADOConnection.Close
    Get_LDAP_User_Properties = strReturnVal
     
End Function

Open in new window


Finally, to join it to the domain, use the JoinDomainOrWorkgroup method (as opposed to the UnjoinDomainOrWorkgroup in step 1).

One of the most annoying things with a process like this is having to reboot in between the domain changes.

Hope that helps.

Regards,

Rob.
0
 

Author Closing Comment

by:pphreadr
Comment Utility
Once again rob comes thru. 'Split' is a wonderful thing.
0
 

Author Comment

by:pphreadr
Comment Utility
Rob

My timing is bad. I just figured out that I had to unjoin first. I had another question about that, so I posted my fix and completed that.
VB script to join computer to workgroup

Just after that I checked my email and  found you gave me that solution on this question and  what appears to be my next project of resetting the computer account.

Please post your reset solution here, so I can give you the credit you deserve.
How do I reset an AD computer account using VB

Thanx
0
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
No problem.  Glad to help.

Rob.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now