Windows Management
 Introduction
 VBScript Collection (1)
 VBScript Collection (2)
 WSH (Scripting Host)
 WMI
 ADSI
 PowerShell
 Resource Kit (2003)
 Resource Kit (2000)
 Resource Kit (NT4)
 Miscellaneous


ActiveXperts
Network Monitor
 Product Overview
 Built-in checks:
 
 Brochure (.pdf)
 Manual (.pdf)
 Download (.exe)


Some quotes
 
 Windows&.NET Mag.:
 "Small,smart,handy!"
 
 "Extremely easy to use,
  great value for money!"


  ActiveXperts Network Monitor - Home page
  Download ActiveXperts Network Monitor 7.1  (7301 KB - .exe file)
ActiveXperts.com > ActiveXperts Network Monitor > WindowsManagement > Scripts > Users and Groups > Active Directory Users

Scripts to manage Active Directory Users

Appending a Multi-Valued Attribute
Appending a Phone Number
Adding a Route to the Dial-In Properties of a User Account
Adding a User to Two Security Groups
Appending Address Page Information for a User Account
Appending a Home Phone Number to a User Account
Assigning a Published Certificate to a User Account
Changing User Account Attributes
Changing a User Password
Clearing Address Page Information for a User Account
Clearing All Published Certificates from a User Account
Clearing Department and Direct Report Information from a User Account
Clearing Telephone Attributes
Clearing Telephone Properties for a User Account
Clearing User Account Address Attributes
Clearing User Account Attributes
Configuring Account Page Information for a User Account
Configuring Address Page Information for a User Account
Configuring COM+ Information for a User Account
Configuring Dial-In Properties for a User Account
Configuring the Expiration Date for a User Account
Configuring Organization Properties for a User Account
Copying a Published Certificate to a User Account
Configuring the UPN Suffixes Defined in the Forest
Configuring User Account Telephone Numbers
Configuring User Profile Properties
Configuring User Profile Properties for a User Account
Configuring User Telephone Properties
Copying Allowed Logon Hours from One Account to Another
Creating 1,000 User Accounts
Creating an Active Directory User Account
Creating a Contact in Active Directory
Creating a User, a Group, and an OU
Deleting a Calling Station ID from a User Account
Deleting One Telephone Number from a User Account
Deleting a Phone Number
Deleting a Post Office Box from a User Account
Deleting Published Certificates from a User Account
Deleting Single- and Multi-Valued Attributes
Deleting a User Account from Active Directory
Determining When an Account Expires
Determining the Owner of a User Account
Determining When a Password Expires
Determining When a Password was Last Set
Determining User Account Status
Determining When a User Account Expires
Determining User Logon Hours
Disabling a Password Flag
Disabling the “Smartcard Required” Attribute for a User Account
Disabling a User Account
Disabling the User Cannot Change Password Option
Displaying Allowed Logon Hours for a User Account
Displaying Domain Password Attributes
Displaying Password Property Attributes
Displaying User Account Password Attributes
Enabling a User Account
Ensuring that an Account will not Expire
Modifying User Profile Paths
Moving a User Account
Moving a User Account to a New Domain
Preventing a User From Changing His or Her Password
Requiring a Password Change
Requiring a User to Logon on Using a Smartcard
Retrieving Organization Information
Retrieving User Account Account Properties
Retrieving User Profile Properties
Setting an Account Expiration Date
Setting a Password So It Never Expires
Setting the Primary Group for a User
Setting a User’s Password
Unlocking an Active Directory User Account
Writing User Account Properties



Appending a Multi-Valued Attribute


Adds an additional URL to a user account. Demonstrates how to append a new value to a multi-valued attribute.
Const ADS_PROPERTY_APPEND = 3 
 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_APPEND, _
  "url", Array("http://www.fabrikam.com/policy")
 
objUser.SetInfo

Appending a Phone Number


Appends an additional home phone number for a user.
Const ADS_PROPERTY_APPEND = 3 
 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_APPEND, _
  "otherHomePhone", Array("(425) 555-1113")
 
objUser.SetInfo

Adding a Route to the Dial-In Properties of a User Account


Appends a new route to the Dial-In properties of a user account in Active Directory. This operation adds the new route without deleting any existing routes. 
Const ADS_PROPERTY_APPEND = 3 
 
Set objUser = GetObject _
   ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
objUser.PutEx ADS_PROPERTY_APPEND, _
    "msRASSavedFramedRoute", _
        Array("128.168.0.0/15 0.0.0.0 5") 
objUser.PutEx ADS_PROPERTY_APPEND, _
    "msRADIUSFramedRoute", _
        Array("128.168.0.0/15 0.0.0.0 5")
objUser.SetInfo

Adding a User to Two Security Groups


Adds a user (MyerKen) to two different Active Directory security groups: Atl-Users and NA-Employees.
Const ADS_PROPERTY_APPEND = 3
 
Set objGroup = GetObject _
    ("LDAP://cn=Atl-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")
objGroup.PutEx ADS_PROPERTY_APPEND, _
    "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
 
Set objGroup = GetObject _
    ("LDAP://cn=NA-Employees,cn=Users,dc=NA,dc=fabrikam,dc=com")  
objGroup.PutEx ADS_PROPERTY_APPEND, _
    "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo

Appending Address Page Information for a User Account


Appends new entries to the postOfficeBox attribute of an Active Directory user account. This operation adds the new post office boxes without deleting any existing entries. 
Const ADS_PROPERTY_APPEND = 3 
 
Set objUser = GetObject _
   ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
objUser.PutEx ADS_PROPERTY_APPEND, "postOfficeBox", Array("2225","2226")
objUser.SetInfo

Appending a Home Phone Number to a User Account


Appends a new phone number to the otherHomePhone attribute of an Active Directory user account. This operation adds the phone number to the attribute without deleting ant existing phone numbers. 
Const ADS_PROPERTY_APPEND = 3 
 
Set objUser = GetObject _
   ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
objUser.PutEx ADS_PROPERTY_APPEND, "otherHomePhone", Array("(425) 555-0116")
objUser.SetInfo

Assigning a Published Certificate to a User Account


Copies a published certificate from a template account (userTemplate) and assigns it to the MyerKen Active Directory user account. This operation replaces any existing published certificates for the MyerKen account.
On Error Resume Next
Const ADS_PROPERTY_UPDATE = 2 
 
Set objUserTemplate = _
    GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
 
Set objUser = _
    GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_UPDATE, "userCertificate", arrUserCertificates
objUser.SetInfo

Changing User Account Attributes


Configures user account attributes found on the General Properties page of the user account object in Active Directory users and Computers.
Const ADS_PROPERTY_UPDATE = 2 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.Put "givenName", "Ken"
objUser.Put "initials", "E."
objUser.Put "sn", "Myer"
objUser.Put "displayName", "Myer, Ken"
objUser.Put "physicalDeliveryOfficeName", "Room 4358" 
objUser.Put "telephoneNumber", "(425) 555-1211"
objUser.Put "mail", "myerken@fabrikam.com"
objUser.Put "wWWHomePage", "http://www.fabrikam.com"   
 
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "description", Array("Management staff")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherTelephone", Array("(800) 555-1212", "(425) 555-1213")  
objUser.PutEx ADS_PROPERTY_UPDATE, _
     "url", Array("http://www.fabrikam.com/management")
 
objUser.SetInfo

Changing a User Password


Changes the password for a user. Requires you to know the user's previous password.
Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.ChangePassword "i5A2sj*!", "jl3R86df"

Clearing Address Page Information for a User Account


Removes all information for the c (country) and postOfficeBox attributes of the MyerKen Active Directory user account. 
Const ADS_PROPERTY_CLEAR = 1 
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
objUser.PutEx ADS_PROPERTY_CLEAR, "c", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "postOfficeBox", 0
objUser.SetInfo

Clearing All Published Certificates from a User Account


Removes all published certificates for the MyerKen Active Directory user account. 
Const ADS_PROPERTY_CLEAR = 1 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "userCertificate", 0
objUser.SetInfo

Clearing Department and Direct Report Information from a User Account


Removes all information from the deparment, directReports, and manager attributes of the MyerKen Active Directory user account. 
On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ADS_PROPERTY_CLEAR = 1 
Set objUser = GetObject _
   ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
objUser.PutEx ADS_PROPERTY_CLEAR, "department", 0
objUser.SetInfo
 
arrDirectReports = objUser.GetEx("directReports")
If err.number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Quit
Else
    For Each strValue in arrDirectReports
        Set objUserSource = GetObject("LDAP://" & strValue)
        objUserSource.PutEx ADS_PROPERTY_CLEAR, "manager", 0
        objUserSource.SetInfo
    Next
End If

Clearing Telephone Attributes


Clears selected telephone-related attributes for a user account.
Const ADS_PROPERTY_CLEAR = 1 
 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_CLEAR, "info", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "otherPager", 0
 
objUser.SetInfo

Clearing Telephone Properties for a User Account


Removes all information from the info and otherPager attributes of the MyerKen Active Directory user account. 
Const ADS_PROPERTY_CLEAR = 1 
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
objUser.PutEx ADS_PROPERTY_CLEAR, "info", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "otherPager", 0
objUser.SetInfo

Clearing User Account Address Attributes


Clears selected address-related attributes for a user account.
Const ADS_PROPERTY_CLEAR = 1 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_CLEAR, "streetAddress", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "c", 0
 
objUser.SetInfo

Clearing User Account Attributes


Clears selected attributes for a user account.
Const ADS_PROPERTY_CLEAR = 1 
 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_CLEAR, "initials", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "otherTelephone", 0
 
objUser.SetInfo

Configuring Account Page Information for a User Account


Configures basic account information for the MyerKen Active Directory user account.
Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
objUser.Put "sAMAccountName", "MyerKen01"
objUser.Put "userWorkstations","wks1,wks2,wks3"
 
objUser.SetInfo

Configuring Address Page Information for a User Account


Configures address-related information for the MyerKen Active Directory user account. 
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
   ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
 
objUser.Put "streetAddress", "Building 43" & vbCrLf & "One Microsoft Way"
objUser.Put "l", "Redmond"
objUser.Put "st", "Washington"
objUser.Put "postalCode", "98053"
objUser.Put "c", "US"
 
objUser.PutEx ADS_PROPERTY_UPDATE, _
 "postOfficeBox", Array("2222", "2223", "2224")
    
objUser.SetInfo

Configuring COM+ Information for a User Account


Sets COM+ information for the MyerKen Active Directory user account. 
Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
objUser.Put "msCOM-UserPartitionSetLink", _
  "cn=PartitionSet1,cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com"
 
objUser.SetInfo

Configuring Dial-In Properties for a User Account


Configures Dial-In attribute values for the MyerKen Active Directory user account. 
Const ADS_PROPERTY_UPDATE = 2
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
objUser.Put "msNPAllowDialin", TRUE
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "msNPSavedCallingStationID", Array("555-0100", "555-0111")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "msNPCallingStationID", Array("555-0100", "555-0111")
objUser.Put "msRADIUSServiceType", 4
objUser.Put "msRADIUSCallbackNumber", "555-0112" 
objUser.Put "msRASSavedFramedIPAddress", 167903442
objUser.Put "msRADIUSFramedIPAddress", 167903442 'value of 10.2.0.210
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "msRASSavedFramedRoute", _
        Array("10.1.0.0/16 0.0.0.0 1", "192.168.1.0/24 0.0.0.0 3")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "msRADIUSFramedRoute", _
        Array("10.1.0.0/16 0.0.0.0 1", "192.168.1.0/24 0.0.0.0 3")
 
objUser.SetInfo

Configuring the Expiration Date for a User Account


Configures the MyerKen Active Directory user account to expire on March 30, 2003.
Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.AccountExpirationDate = "03/30/2003"
objUser.SetInfo

Configuring Organization Properties for a User Account


Configures organization information for the MyerKen Active Directory user account. The script also assigns MyerKen as the manager for LewJudy and AkersKim.
Set objUser = GetObject _
    ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
objUser.Put "title", "Manager"
objUser.Put "department", "Executive Management Team"
objUser.Put "company", "Fabrikam"
objUser.Put "manager", _
    "cn=AckermanPilar,OU=Management,dc=NA,dc=fabrikam,dc=com"   
objUser.SetInfo
 
Set objUser01 = GetObject _
    ("LDAP://cn=LewJudy,OU=Sales,dc=NA,dc=fabrikam,dc=com")
Set objUser02 = GetObject _
    ("LDAP://cn=AckersKim,OU=Sales,dc=NA,dc=fabrikam,dc=com")
 
objUser01.Put "manager", objUser.Get("distinguishedName")
objUser02.Put "manager", objUser.Get("distinguishedName")   
 
objUser01.SetInfo
objUser02.SetInfo

Copying a Published Certificate to a User Account


Copies a published certificate from a template account (userTemplate) to the MyerKen Active Directory user account. This operation appends the new certificate without deleting any existing certificates. 
On Error Resume Next
Const ADS_PROPERTY_APPEND = 3 
 
Set objUserTemplate = _
    GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
 
Set objUser = _
    GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_APPEND, "userCertificate", arrUserCertificates
objUser.SetInfo

Configuring the UPN Suffixes Defined in the Forest


Configures the upnSuffixes attribute of the Partitions container and displays the new values to the operator.
Const ADS_PROPERTY_APPEND = 3 
Set objPartitions = GetObject _
    ("LDAP://cn=Partitions,cn=Configuration,dc=fabrikam,dc=com")
 
objPartitions.PutEx ADS_PROPERTY_APPEND, _
    "upnSuffixes", Array("sa.fabrikam.com","corp.fabrikam.com")
objPartitions.SetInfo
 
For Each Suffix in objPartitions.GetEx("upnSuffixes")
    WScript.Echo Suffix
Next

Configuring User Account Telephone Numbers


Configures telephone numbers and calling information for the MyerKen Active Directory user account.
Const ADS_PROPERTY_UPDATE = 2 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
 
objUser.Put "homePhone", "(425) 555-0100"
objUser.Put "pager", "(425) 555-0101"
objUser.Put "mobile", "(425) 555-0102"
objUser.Put "facsimileTelephoneNumber", "(425) 555-0103"   
objUser.Put "ipPhone", "5555"
objUser.Put "info", "Please do not call this user account" & _
    " at home unless there is a work-related emergency. Call" & _
    " this user's mobile phone before calling the pager number."
 
objUser.PutEx ADS_PROPERTY_UPDATE, "otherHomePhone", Array("(425) 555-0110")
objUser.PutEx ADS_PROPERTY_UPDATE, "otherPager", Array("(425) 555-0111")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherMobile", Array("(425) 555-0112", "(425) 555-0113")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherFacsimileTelephoneNumber", Array("(425) 555-0114")
objUser.PutEx ADS_PROPERTY_UPDATE, "otherIpPhone", Array("5556")
 
objUser.SetInfo

Configuring User Profile Properties


Configures user profile settings for a user account.
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
objUser.Put "profilePath", "\\sea-dc-01\Profiles\myerken"
objUser.Put "scriptPath", "logon.bat"
objUser.Put "homeDirectory", "\\sea-dc-01\HomeFolders\myerken"
objUser.Put "homeDrive", "H"
 
objUser.SetInfo

Configuring User Profile Properties for a User Account


Configures user profile properties for the MyerKen Active Directory user account. 
Set objUser = GetObject _
    ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
objUser.Put "profilePath", "\\sea-dc-01\Profiles\myerken"
objUser.Put "scriptPath", "logon.bat"
objUser.Put "homeDirectory", "\\sea-dc-01\HomeFolders\myerken"
objUser.Put "homeDrive", "H"
 
objUser.SetInfo

Configuring User Telephone Properties


Configures telephone numbers and telephone-related attributes for a user account.
Const ADS_PROPERTY_UPDATE = 2 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.Put "homePhone", "(425) 555-1111"
objUser.Put "pager", "(425) 555-2222"
objUser.Put "mobile", "(425) 555-3333"
objUser.Put "facsimileTelephoneNumber", "(425) 555-4444"   
objUser.Put "ipPhone", "5555"
objUser.Put "info", "Please do not call this user account" & _
  " at home unless there is a work-related emergency. Call" & _
  " this user's mobile phone before calling the pager number"
 
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherHomePhone", Array("(425) 555-1112")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherPager", Array("(425) 555-2223")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherMobile", Array("(425) 555-3334", "(425) 555-3335")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherFacsimileTelephoneNumber", Array("(425) 555-4445")
objUser.PutEx ADS_PROPERTY_UPDATE, _
    "otherIpPhone", Array("6666")
 
objUser.SetInfo

Copying Allowed Logon Hours from One Account to Another


Copies the allowed logon hours from a template account (userTemplate) and assigns them to the MyerKen Active Directory user account. The MyerKen account will thus have the same logon hour restrictions as those assigned to the userTemplate account. 
On Error Resume Next
Set objUserTemplate = _
    GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrLogonHours = objUserTemplate.Get("logonHours")
 
Set objUser = _
    GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "logonHours", arrLogonHours
objUser.SetInfo

Creating 1,000 User Accounts


Demonstration script that creates 1,000 user accounts (named UserNo1, UserNo2, UserNo3, etc.) in the Users container in Active Directory. The script is useful for test scenarios that require multiple user accounts. 
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
    objRootDSE.Get("defaultNamingContext"))
 
For i = 1 To 1000
    Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
    objLeaf.Put "sAMAccountName", "UserNo" & i
    objLeaf.SetInfo
Next
 
WScript.Echo "1000 Users created."

Creating an Active Directory User Account


Creates a user account in Active Directory. This script only creates the account, it does not enable it.
Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com")
Set objUser = objOU.Create("User", "cn=MyerKen")
objUser.Put "sAMAccountName", "myerken"
objUser.SetInfo

Creating a Contact in Active Directory


Creates a contact account named MyerKen in the Management organizational unit in a hypothetical domain named fabrikam.com. 
Creating a Contact in Active Directory

Creating a User, a Group, and an OU


Demonstration script that: 1) creates a new Active Directory organizational unit; 2) creates a new user account and new security group; and, 3) adds the new user as a member of that security group. 
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
Set objOU = objDomain.Create("organizationalUnit", "ou=Management")
objOU.SetInfo
 
Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com")
Set objUser = objOU.Create("User", "cn= AckermanPilar")
objUser.Put "sAMAccountName", "AckermanPila"
objUser.SetInfo
 
Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com")
Set objGroup = objOU.Create("Group", "cn=atl-users")
objGroup.Put "sAMAccountName", "atl-users"
objGroup.SetInfo
 
objGroup.Add objUser.ADSPath

Deleting a Calling Station ID from a User Account


Removes a specific calling station ID from the MyerKen Active Directory user account. This operation only removes the specified calling station ID; no other IDs are deleted. 
Const ADS_PROPERTY_DELETE = 4 
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
objUser.PutEx ADS_PROPERTY_DELETE, _
    "msNPSavedCallingStationID", Array("555-0111")
objUser.PutEx ADS_PROPERTY_DELETE, _
    "msNPCallingStationID", Array("555-0111")
 
objUser.SetInfo

Deleting One Telephone Number from a User Account


Deletes a phone number from the otherMobile attribute of the MyerKen Active Directory user account. This operation removes only one phone number (425-555-0113) without affecting any other phone numbers. 
Set objUser = GetObject _
  ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_DELETE, "otherMobile", Array("(425) 555-0113") 
 
objUser.SetInfo
objComptCopy.SetInfo

Deleting a Phone Number


Deletes a phone number from a user account with multiple mobile phone numbers.
Const ADS_PROPERTY_DELETE = 4
 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_DELETE, _
  "otherMobile", Array("(425) 555-3334") 
 
objUser.SetInfo

Deleting a Post Office Box from a User Account


Removes a specified value (2224) from the postOfficeBox attribute of the MyerKen Active Directory user account. This operation removes only the specified post office box; other entries will not be deleted. 
Const ADS_PROPERTY_DELETE = 4 
 
Set objUser = GetObject _
   ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_DELETE, "postOfficeBox", Array("2224")
 
objUser.SetInfo

Deleting Published Certificates from a User Account


Retrieves a set of published certificates from a template account (userTemplate), and then deletes each of those certificates from the MyerKen Active Directory user account.
On Error Resume Next
Const ADS_PROPERTY_DELETE = 4 
 
Set objUserTemplate = _
    GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
 
Set objUser = _
    GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_DELETE, "userCertificate", arrUserCertificates
objUser.SetInfo

Deleting Single- and Multi-Valued Attributes


Deletes selected attributes from a user account. Demonstrates how to delete single-valued attributes as well as how to delete a single entry from a multi-valued attribute. 
Const ADS_PROPERTY_DELETE = 4
 
Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.PutEx ADS_PROPERTY_DELETE, _
  "otherTelephone", Array("(425) 555-1213") 
objUser.PutEx ADS_PROPERTY_DELETE, _
  "initials", Array("E.")
 
objUser.SetInfo

Deleting a User Account from Active Directory


Deletes the user account for MyerKen from the HR organizational unit in a hypothetical domain named fabrikam.com. 
Set objOU = GetObject("LDAP://ou=hr,dc=fabrikam,dc=com")
objOU.Delete "user", "cn=MyerKen"

Determining When an Account Expires


Returns the expiration date for a user account.
On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
dtmAccountExpiration = objUser.AccountExpirationDate 
 
If err.number = -2147467259 Or _
 dtmAccountExpiration = "1/1/1970" Then
  WScript.echo "No account expiration specified"
Else
  WScript.echo "Account expiration:" & _
    objUser.AccountExpirationDate
End If

Determining the Owner of a User Account


Reports the owner of the MyerKen Active Directory user account.
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
WScript.Echo "Owner Tab"
WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner

Determining When a Password Expires


Determines the date when a user password will expire.
Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objUserLDAP = GetObject _
  ("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com")
intCurrentValue = objUserLDAP.Get("userAccountControl")
 
If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
  wscript.echo "The password does not expire."
Else
  dtmValue = objUserLDAP.PasswordLastChanged 
  Wscript.echo "The password was last changed on " & _
  DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
  "The difference between when the password was last set" & VbCrLf & _
  "and today is " & int(now - dtmValue) & " days"
  intTimeInterval = int(now - dtmValue)
  
  Set objDomainNT = GetObject("WinNT://fabrikam")
  intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
  If intMaxPwdAge < 0 Then
    WScript.Echo "The Maximum Password Age is set to 0 in the " & _
      "domain. Therefore, the password does not expire."
  Else
    intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
    Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
    If intTimeInterval >= intMaxPwdAge Then
      Wscript.echo "The password has expired."
    Else
      Wscript.echo "The password will expire on " & _
      DateValue(dtmValue + intMaxPwdAge) & " (" & _
      int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
    End If
  End If
End If

Determining When a Password was Last Set


Identifies the last time a user password was set.
Set objUser = GetObject _
    ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
dtmValue = objUser.PasswordLastChanged
WScript.echo "pwdLastSet is: " & dtmValue

Determining User Account Status


Identifies whether a user account is enabled or disabled.
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
If objUser.AccountDisabled = FALSE Then
      WScript.Echo "The account is enabled."
Else
      WScript.Echo "The account is disabled."
End If

Determining When a User Account Expires


Reports the date that the MyerKen Active Directory user account expires. 
On Error Resume Next
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
dtmAccountExpiration = objUser.AccountExpirationDate 
 
If Err.Number = -2147467259 Or dtmAccountExpiration = "1/1/1970" Then
    WScript.Echo "No account expiration specified"
Else
    WScript.Echo "Account expiration: " & objUser.AccountExpirationDate
End If

Determining User Logon Hours


Retrieves the allowed logon hours for a user.
Dim arrLogonHoursBytes(20)
Dim arrLogonHoursBits(167)
arrDayOfWeek = Array _
  ("Sun", "Mon", "Tue", "Wed", _
   "Thu", "Fri", "Sat")
 
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfoEx Array("logonHours"), 0
arrLogonHours = objUser.Get("logonHours")
 
For i = 1 To LenB(arrLogonHours)
     arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1))
Next
 
intCounter = 0
intLoopCounter = 0
WScript.Echo "Day  Byte 1   Byte 2   Byte 3"
For Each LogonHourByte In arrLogonHoursBytes
  arrLogonHourBits = GetLogonHourBits(LogonHourByte)
 
   If intCounter = 0 Then
    WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2)
    intLoopCounter = intLoopCounter + 1
  End If
 
    For Each LogonHourBit In arrLogonHourBits
        WScript.STDOUT.Write LogonHourBit
        intCounter = 1 + intCounter
 
        If intCounter = 8 or intCounter = 16 Then
          WScript.STDOUT.Write Space(1)
        End If
        
        If intCounter = 24 Then
          WScript.echo VbCr
          intCounter = 0
        End If 
    Next
Next
 
Function GetLogonHourBits(x)
    Dim arrBits(7)
    For i = 7 to 0 Step -1
        If x And 2^i Then
            arrBits(i) = 1
        Else
            arrBits(i) = 0
        End If
    Next
    GetLogonHourBits = arrBits
End Function

Disabling a Password Flag


Disables the option allowing a password to be stored using reversible encrypted text.
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80
 
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
 
If intUAC AND _
  ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED Then
    objUser.Put "userAccountControl", intUAC XOR _
      ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
    objUser.SetInfo
End If

Disabling the “Smartcard Required” Attribute for a User Account


Disables the setting that required MyerKen to use a smartcard when logging on to Active Directory. 
Const ADS_UF_SMARTCARD_REQUIRED = &h40000 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
intUAC = objUser.Get("userAccountControl")
 
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) <> 0 Then
    objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
    objUser.SetInfo
End If

Disabling a User Account


Disables a user account.
Const ADS_UF_ACCOUNTDISABLE = 2
 
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
 
objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo

Disabling the User Cannot Change Password Option


Disables the User Cannot Change Password option, allowing the user to change their password.
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID  = _
  "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
 
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
Set objSD   = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
arrTrustees = Array("nt authority\self", "everyone")
 
For Each strTrustee In arrTrustees
  For Each ace In objDACL
    If(LCase(ace.Trustee) = strTrustee) Then
      If((ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
        (LCase(ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
        objDACL.RemoveAce ace
      End If
    End If
  Next
Next
 
objUser.Put "nTSecurityDescriptor", objSD
objUser.SetInfo

Displaying Allowed Logon Hours for a User Account


Returns the allowed logon hours for the MyerKen Active Directory user account.
On Error Resume Next
Dim arrLogonHoursBytes(20)
Dim arrLogonHoursBits(167)
arrDayOfWeek = Array _
    ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat")
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
arrLogonHours = objUser.Get("logonHours")
 
For i = 1 To LenB(arrLogonHours)
    arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1))
    WScript.Echo "MidB returns: " & MidB(arrLogonHours, i, 1)
    WScript.Echo "arrLogonHoursBytes: " & arrLogonHoursBytes(i-1)
    wscript.echo vbcrlf
Next
 
intCounter = 0
intLoopCounter = 0
WScript.echo "Day  Byte 1   Byte 2   Byte 3"
For Each LogonHourByte In arrLogonHoursBytes
    arrLogonHourBits = GetLogonHourBits(LogonHourByte)
 
    If intCounter = 0 Then
        WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2)
        intLoopCounter = intLoopCounter + 1
    End If
 
    For Each LogonHourBit In arrLogonHourBits
        WScript.STDOUT.Write LogonHourBit
        intCounter = 1 + intCounter
 
        If intCounter = 8 or intCounter = 16 Then
            Wscript.STDOUT.Write Space(1)
        End If
        
        If intCounter = 24 Then
            WScript.echo vbCr
            intCounter = 0
        End If 
    Next
Next
 
Function GetLogonHourBits(x)
    Dim arrBits(7)
    For i = 7 to 0 Step -1
        If x And 2^i Then
            arrBits(i) = 1
        Else
            arrBits(i) = 0
        End If
    Next
    GetLogonHourBits = arrBits
End Function

Displaying Domain Password Attributes


Displays password policy settings for the domain.
Const MIN_IN_DAY = 1440, SEC_IN_MIN = 60
 
Set objDomain = GetObject("WinNT://fabrikam")
Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com")
 
intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge")
intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge")
intLockOutObservationWindowSeconds = objDomain.Get("LockoutObservationInterval")
intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval")
intMinPwdLength = objAds.Get("minPwdLength")
 
intPwdHistoryLength = objAds.Get("pwdHistoryLength")
intPwdProperties = objAds.Get("pwdProperties")
intLockoutThreshold = objAds.Get("lockoutThreshold")
intMaxPwdAgeDays = _
  ((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intMinPwdAgeDays = _
  ((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intLockOutObservationWindowMinutes = _
  (intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes"
 
If intLockoutDurationSeconds <> -1 Then
  intLockoutDurationMinutes = _
(intLockOutDurationSeconds/SEC_IN_MIN) & " minutes"
Else
  intLockoutDurationMinutes = _
    "Administrator must manually unlock locked accounts"
End If
 
WScript.Echo "maxPwdAge = " & intMaxPwdAgeDays
WScript.Echo "minPwdAge = " & intMinPwdAgeDays
WScript.Echo "minPwdLength = " & intMinPwdLength
WScript.Echo "pwdHistoryLength = " & intPwdHistoryLength
WScript.Echo "pwdProperties = " & intPwdProperties
WScript.Echo "lockOutThreshold = " & intLockoutThreshold
WScript.Echo "lockOutObservationWindow = " & intLockOutObservationWindowMinutes
WScript.Echo "lockOutDuration = " & intLockoutDurationMinutes

Displaying Password Property Attributes


Displays password settings for the domain.
Set objHash = CreateObject("Scripting.Dictionary")
 
objHash.Add "DOMAIN_PASSWORD_COMPLEX", &h1
objHash.Add "DOMAIN_PASSWORD_NO_ANON_CHANGE", &h2
objHash.Add "DOMAIN_PASSWORD_NO_CLEAR_CHANGE", &h4
objHash.Add "DOMAIN_LOCKOUT_ADMINS", &h8
objHash.Add "DOMAIN_PASSWORD_STORE_CLEARTEXT", &h16
objHash.Add "DOMAIN_REFUSE_PASSWORD_CHANGE", &h32
 
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
 
intPwdProperties = objDomain.Get("PwdProperties")
WScript.Echo "pwdProperties = " & intPwdProperties
 
For Each Key In objHash.Keys
    If objHash(Key) And intPwdProperties Then 
        WScript.Echo Key & " is enabled"
    Else
        WScript.Echo Key & " is disabled"
    End If
Next

Displaying User Account Password Attributes


Displays password-related attributes for an individual user account.
Const ADS_UF_PASSWORD_EXPIRED = &h800000
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
 
Set objHash = CreateObject("Scripting.Dictionary")
objHash.Add "ADS_UF_PASSWD_NOTREQD", &h00020
objHash.Add "ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED", &h0080
objHash.Add "ADS_UF_DONT_EXPIRE_PASSWD", &h10000
 
Set objUser = GetObject _
  ("LDAP://CN=MyerKen,OU=management,DC=Fabrikam,DC=com")
intUserAccountControl = objUser.Get("userAccountControl")
 
Set objUserNT = GetObject("WinNT://fabrikam/myerken")
intUserFlags = objUserNT.Get("userFlags")
 
If ADS_UF_PASSWORD_EXPIRED And intUserFlags Then
  blnExpiredFlag = True
  Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is enabled"
Else
  Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is disabled"
End If
 
For Each Key In objHash.Keys
  If objHash(Key) And intUserAccountControl Then 
    WScript.Echo Key & " is enabled"
  Else
    WScript.Echo Key & " is disabled"
  End If
Next
 
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
For Each Ace In objDACL
  If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
      (LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
    blnACEPresent = True
  End If
Next
If blnACEPresent Then
  Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is enabled"
Else
  Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is disabled"
End If
 
If blnExpiredFlag = True Then 
  Wscript.echo "pwdLastSet is null"
Else 
  Wscript.echo "pwdLastSet is " & objUser.PasswordLastChanged
End If

Enabling a User Account


Enables a user account.
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountDisabled = FALSE
objUser.SetInfo

Ensuring that an Account will not Expire


Configures a user account so that it will not expire. This is done by setting the expiration date to 1/1/1970.
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountExpirationDate = "01/01/1970"
objUser.SetInfo

Modifying User Profile Paths


Changes the server name portion of the user profile path to \\fabrikam for the MyerKen Active Directory user account. 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
strCurrentProfilePath = objUser.Get("profilePath")
intStringLen = Len(strCurrentProfilePath)
intStringRemains = intStringLen - 11
strRemains = Mid(strCurrentProfilePath, 12, intStringRemains)
strNewProfilePath = "\\fabrikam" & strRemains
objUser.Put "profilePath", strNewProfilePath
objUser.SetInfo

Moving a User Account


Moves a user account from one OU to another.
Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com")
objOU.MoveHere _
    "LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullString

Moving a User Account to a New Domain


Uses the MoveHere method of IADsContainer to move a user account to another domain. Note that there are a number of restrictions associated with performing this type of move operation. For details, see the Directory Services Platform SDK.
Set objOU = GetObject("LDAP://ou=management,dc=na,dc=fabrikam,dc=com")
objOU.MoveHere _
    "LDAP://cn=AckermanPilar,OU=management,dc=fabrikam,dc=com", vbNullString

Preventing a User From Changing His or Her Password


Enables the User Cannot Change Password option, which prevents the user from changing their password.
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const ADS_ACEFLAG_OBJECT_TYPE_PRESENT = &H1
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
 
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
Set objSD = objUser.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
arrTrustees = array("nt authority\self", "EVERYONE")
 
For Each strTrustee in arrTrustees
  Set objACE = CreateObject("AccessControlEntry")
    objACE.Trustee = strTrustee
  objACE.AceFlags = 0
  objACE.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT
  objACE.Flags = ADS_ACEFLAG_OBJECT_TYPE_PRESENT
  objACE.ObjectType = CHANGE_PASSWORD_GUID
  objACE.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
  objDACL.AddAce objACE
Next
 
objSD.DiscretionaryAcl = objDACL
objUser.Put "nTSecurityDescriptor", objSD
objUser. SetInfo

Requiring a Password Change


Forces a user to change their password the next time they logon.
Set objUser = GetObject _
    ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
objUser.Put "pwdLastSet", 0
objUser.SetInfo

Requiring a User to Logon on Using a Smartcard


Configures the MyerKen user account so that the user must use a smartcard in order to logon to Active Directory. 
Const ADS_UF_SMARTCARD_REQUIRED = &h40000 
Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
intUAC = objUser.Get("userAccountControl")
 
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then
  objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
  objUser.SetInfo
End If

Retrieving Organization Information


Retrieves user account attributes found on the Organization page of the user account object in Active Directory Users and Computers.
On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strTitle = objUser.Get("title")
strDepartment = objUser.Get("department")
strCompany = objUser.Get("company")
strManager = objUser.Get("manager")
 
strDirectReports = _
  objUser.GetEx("directReports")
 
WScript.echo "title: " & strTitle
WScript.echo "department: " & strDepartment
WScript.echo "company: " & strCompany
WScript.echo "manager: " & strManager
 
For Each strValue in strDirectReports
  WScript.echo "directReports: " & strValue
Next

Retrieving User Account Account Properties


Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers.
On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strUserPrincipalName = objUser.Get("userPrincipalName")
strSAMAccountName = objUser.Get("sAMAccountName")
strUserWorkstations = objUser.Get("userWorkstations")
 
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
objDomain.GetInfoEx Array("dc"), 0
strDC = objDomain.Get("dc")
 
WScript.echo "userPrincipalName: " & strUserPrincipalName
WScript.echo "sAMAccountName: " & strSAMAccountName
WScript.echo "UserWorkstations: " & strUserWorkstations
WScript.echo "dc: " & strDC

Retrieving User Profile Properties


Retrieves user account attributes found on the Profile page of the user account object in Active Directory users and Computers.
On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strProfilePath = objUser.Get("profilePath")
strScriptPath = objUser.Get("scriptPath")
strHomeDirectory = objUser.Get("homeDirectory")
strHomeDrive = objUser.Get("homeDrive")
 
WScript.echo "profilePath: " & strProfilePath
WScript.echo "scriptPath: " & strScriptPath
WScript.echo "homeDirectory: " & strHomeDirectory
WScript.echo "homeDrive: " & strHomeDrive

Setting an Account Expiration Date


Configures a user account to expire on 3/30/2003.
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountExpirationDate = "03/30/2003"
objUser.SetInfo

Setting a Password So It Never Expires


Configures the domain password for a user account to ensure that the password will never expire. 
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
 
If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
    Wscript.Echo "Already enabled"
Else
    objUser.Put "userAccountControl", intUAC XOR _
        ADS_UF_DONT_EXPIRE_PASSWD
    objUser.SetInfo
    WScript.Echo "Password never expires is now enabled"
End If

Setting the Primary Group for a User


Sets the primary group for the MyerKen Active Directory user account to MgmtUniversal.
Const ADS_PROPERTY_APPEND = 3
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
Set objGroup = GetObject _
    ("LDAP://cn=MgmtUniversal,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfoEx Array("primaryGroupToken"), 0
intPrimaryGroupToken = objGroup.Get("primaryGroupToken")
 
objGroup.PutEx ADS_PROPERTY_APPEND, _
   "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
objUser.Put "primaryGroupID", intPrimaryGroupToken
 
objUser.SetInfo

Setting a User’s Password


Configures a new password for a user.
Set objUser = GetObject _
 ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com")
objUser.SetPassword "i5A2sj*!"

Unlocking an Active Directory User Account


Unlocks the MyerKen Active Directory user account.
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.IsAccountLocked = False
objUser.SetInfo

Writing User Account Properties


Configures general attributes for a user account.
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
objUser.Put "sAMAccountName", "MyerKen01"
objUser.Put "userWorkstations", "wks1,wks2,wks3"
 
objUser.SetInfo
Copyright ©1999-2007 ActiveXperts Software. All rights reserved.