U bevindt zich hier:
ActiveXperts.com > ActiveXperts Network Monitor > WindowsManagement > Scripts > Users and Groups > Active Directory Users
quicklinks
- Download Free Trial (7561 kB - .exe file) - version 7.1.9.330
- Download Manual (875 kB - .pdf file)
Scripts to manage Active Directory Users
Appending a Multi-Valued AttributeAppending a Phone Number
Adding a Route to the Dial-In Properties of a User Account
Adding a User to Two Security Groups
Appending Address Page Information for a User Account
Appending a Home Phone Number to a User Account
Assigning a Published Certificate to a User Account
Changing User Account Attributes
Changing a User Password
Clearing Address Page Information for a User Account
Clearing All Published Certificates from a User Account
Clearing Department and Direct Report Information from a User Account
Clearing Telephone Attributes
Clearing Telephone Properties for a User Account
Clearing User Account Address Attributes
Clearing User Account Attributes
Configuring Account Page Information for a User Account
Configuring Address Page Information for a User Account
Configuring COM+ Information for a User Account
Configuring Dial-In Properties for a User Account
Configuring the Expiration Date for a User Account
Configuring Organization Properties for a User Account
Copying a Published Certificate to a User Account
Configuring the UPN Suffixes Defined in the Forest
Configuring User Account Telephone Numbers
Configuring User Profile Properties
Configuring User Profile Properties for a User Account
Configuring User Telephone Properties
Copying Allowed Logon Hours from One Account to Another
Creating 1,000 User Accounts
Creating an Active Directory User Account
Creating a Contact in Active Directory
Creating a User, a Group, and an OU
Deleting a Calling Station ID from a User Account
Deleting One Telephone Number from a User Account
Deleting a Phone Number
Deleting a Post Office Box from a User Account
Deleting Published Certificates from a User Account
Deleting Single- and Multi-Valued Attributes
Deleting a User Account from Active Directory
Determining When an Account Expires
Determining the Owner of a User Account
Determining When a Password Expires
Determining When a Password was Last Set
Determining User Account Status
Determining When a User Account Expires
Determining User Logon Hours
Disabling a Password Flag
Disabling the “Smartcard Required” Attribute for a User Account
Disabling a User Account
Disabling the User Cannot Change Password Option
Displaying Allowed Logon Hours for a User Account
Displaying Domain Password Attributes
Displaying Password Property Attributes
Displaying User Account Password Attributes
Enabling a User Account
Ensuring that an Account will not Expire
Modifying User Profile Paths
Moving a User Account
Moving a User Account to a New Domain
Preventing a User From Changing His or Her Password
Requiring a Password Change
Requiring a User to Logon on Using a Smartcard
Retrieving Organization Information
Retrieving User Account Account Properties
Retrieving User Profile Properties
Setting an Account Expiration Date
Setting a Password So It Never Expires
Setting the Primary Group for a User
Setting a User’s Password
Unlocking an Active Directory User Account
Writing User Account Properties
Appending a Multi-Valued Attribute
Adds an additional URL to a user account. Demonstrates how to append a new value to a multi-valued attribute.
Const ADS_PROPERTY_APPEND = 3
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_APPEND, _
"url", Array("http://www.fabrikam.com/policy")
objUser.SetInfoAppending a Phone Number
Appends an additional home phone number for a user.
Const ADS_PROPERTY_APPEND = 3
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_APPEND, _
"otherHomePhone", Array("(425) 555-1113")
objUser.SetInfoAdding a Route to the Dial-In Properties of a User Account
Appends a new route to the Dial-In properties of a user account in Active Directory. This operation adds the new route without deleting any existing routes.
Const ADS_PROPERTY_APPEND = 3
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_APPEND, _
"msRASSavedFramedRoute", _
Array("128.168.0.0/15 0.0.0.0 5")
objUser.PutEx ADS_PROPERTY_APPEND, _
"msRADIUSFramedRoute", _
Array("128.168.0.0/15 0.0.0.0 5")
objUser.SetInfoAdding a User to Two Security Groups
Adds a user (MyerKen) to two different Active Directory security groups: Atl-Users and NA-Employees.
Const ADS_PROPERTY_APPEND = 3
Set objGroup = GetObject _
("LDAP://cn=Atl-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")
objGroup.PutEx ADS_PROPERTY_APPEND, _
"member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
Set objGroup = GetObject _
("LDAP://cn=NA-Employees,cn=Users,dc=NA,dc=fabrikam,dc=com")
objGroup.PutEx ADS_PROPERTY_APPEND, _
"member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfoAppending Address Page Information for a User Account
Appends new entries to the postOfficeBox attribute of an Active Directory user account. This operation adds the new post office boxes without deleting any existing entries.
Const ADS_PROPERTY_APPEND = 3
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_APPEND, "postOfficeBox", Array("2225","2226")
objUser.SetInfoAppending a Home Phone Number to a User Account
Appends a new phone number to the otherHomePhone attribute of an Active Directory user account. This operation adds the phone number to the attribute without deleting ant existing phone numbers.
Const ADS_PROPERTY_APPEND = 3
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_APPEND, "otherHomePhone", Array("(425) 555-0116")
objUser.SetInfoAssigning a Published Certificate to a User Account
Copies a published certificate from a template account (userTemplate) and assigns it to the MyerKen Active Directory user account. This operation replaces any existing published certificates for the MyerKen account.
On Error Resume Next
Const ADS_PROPERTY_UPDATE = 2
Set objUserTemplate = _
GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
Set objUser = _
GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_UPDATE, "userCertificate", arrUserCertificates
objUser.SetInfoChanging User Account Attributes
Configures user account attributes found on the General Properties page of the user account object in Active Directory users and Computers.
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.Put "givenName", "Ken"
objUser.Put "initials", "E."
objUser.Put "sn", "Myer"
objUser.Put "displayName", "Myer, Ken"
objUser.Put "physicalDeliveryOfficeName", "Room 4358"
objUser.Put "telephoneNumber", "(425) 555-1211"
objUser.Put "mail", "myerken@fabrikam.com"
objUser.Put "wWWHomePage", "http://www.fabrikam.com"
objUser.PutEx ADS_PROPERTY_UPDATE, _
"description", Array("Management staff")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherTelephone", Array("(800) 555-1212", "(425) 555-1213")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"url", Array("http://www.fabrikam.com/management")
objUser.SetInfoChanging a User Password
Changes the password for a user. Requires you to know the user's previous password.
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.ChangePassword "i5A2sj*!", "jl3R86df"Clearing Address Page Information for a User Account
Removes all information for the c (country) and postOfficeBox attributes of the MyerKen Active Directory user account.
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "c", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "postOfficeBox", 0
objUser.SetInfoClearing All Published Certificates from a User Account
Removes all published certificates for the MyerKen Active Directory user account.
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "userCertificate", 0
objUser.SetInfoClearing Department and Direct Report Information from a User Account
Removes all information from the deparment, directReports, and manager attributes of the MyerKen Active Directory user account.
On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "department", 0
objUser.SetInfo
arrDirectReports = objUser.GetEx("directReports")
If err.number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Quit
Else
For Each strValue in arrDirectReports
Set objUserSource = GetObject("LDAP://" & strValue)
objUserSource.PutEx ADS_PROPERTY_CLEAR, "manager", 0
objUserSource.SetInfo
Next
End IfClearing Telephone Attributes
Clears selected telephone-related attributes for a user account.
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "info", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "otherPager", 0
objUser.SetInfoClearing Telephone Properties for a User Account
Removes all information from the info and otherPager attributes of the MyerKen Active Directory user account.
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "info", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "otherPager", 0
objUser.SetInfoClearing User Account Address Attributes
Clears selected address-related attributes for a user account.
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "streetAddress", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "c", 0
objUser.SetInfoClearing User Account Attributes
Clears selected attributes for a user account.
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "initials", 0
objUser.PutEx ADS_PROPERTY_CLEAR, "otherTelephone", 0
objUser.SetInfoConfiguring Account Page Information for a User Account
Configures basic account information for the MyerKen Active Directory user account.
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
objUser.Put "sAMAccountName", "MyerKen01"
objUser.Put "userWorkstations","wks1,wks2,wks3"
objUser.SetInfoConfiguring Address Page Information for a User Account
Configures address-related information for the MyerKen Active Directory user account.
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "streetAddress", "Building 43" & vbCrLf & "One Microsoft Way"
objUser.Put "l", "Redmond"
objUser.Put "st", "Washington"
objUser.Put "postalCode", "98053"
objUser.Put "c", "US"
objUser.PutEx ADS_PROPERTY_UPDATE, _
"postOfficeBox", Array("2222", "2223", "2224")
objUser.SetInfoConfiguring COM+ Information for a User Account
Sets COM+ information for the MyerKen Active Directory user account.
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "msCOM-UserPartitionSetLink", _
"cn=PartitionSet1,cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com"
objUser.SetInfoConfiguring Dial-In Properties for a User Account
Configures Dial-In attribute values for the MyerKen Active Directory user account.
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "msNPAllowDialin", TRUE
objUser.PutEx ADS_PROPERTY_UPDATE, _
"msNPSavedCallingStationID", Array("555-0100", "555-0111")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"msNPCallingStationID", Array("555-0100", "555-0111")
objUser.Put "msRADIUSServiceType", 4
objUser.Put "msRADIUSCallbackNumber", "555-0112"
objUser.Put "msRASSavedFramedIPAddress", 167903442
objUser.Put "msRADIUSFramedIPAddress", 167903442 'value of 10.2.0.210
objUser.PutEx ADS_PROPERTY_UPDATE, _
"msRASSavedFramedRoute", _
Array("10.1.0.0/16 0.0.0.0 1", "192.168.1.0/24 0.0.0.0 3")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"msRADIUSFramedRoute", _
Array("10.1.0.0/16 0.0.0.0 1", "192.168.1.0/24 0.0.0.0 3")
objUser.SetInfoConfiguring the Expiration Date for a User Account
Configures the MyerKen Active Directory user account to expire on March 30, 2003.
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.AccountExpirationDate = "03/30/2003"
objUser.SetInfoConfiguring Organization Properties for a User Account
Configures organization information for the MyerKen Active Directory user account. The script also assigns MyerKen as the manager for LewJudy and AkersKim.
Set objUser = GetObject _
("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "title", "Manager"
objUser.Put "department", "Executive Management Team"
objUser.Put "company", "Fabrikam"
objUser.Put "manager", _
"cn=AckermanPilar,OU=Management,dc=NA,dc=fabrikam,dc=com"
objUser.SetInfo
Set objUser01 = GetObject _
("LDAP://cn=LewJudy,OU=Sales,dc=NA,dc=fabrikam,dc=com")
Set objUser02 = GetObject _
("LDAP://cn=AckersKim,OU=Sales,dc=NA,dc=fabrikam,dc=com")
objUser01.Put "manager", objUser.Get("distinguishedName")
objUser02.Put "manager", objUser.Get("distinguishedName")
objUser01.SetInfo
objUser02.SetInfoCopying a Published Certificate to a User Account
Copies a published certificate from a template account (userTemplate) to the MyerKen Active Directory user account. This operation appends the new certificate without deleting any existing certificates.
On Error Resume Next
Const ADS_PROPERTY_APPEND = 3
Set objUserTemplate = _
GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
Set objUser = _
GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_APPEND, "userCertificate", arrUserCertificates
objUser.SetInfoConfiguring the UPN Suffixes Defined in the Forest
Configures the upnSuffixes attribute of the Partitions container and displays the new values to the operator.
Const ADS_PROPERTY_APPEND = 3
Set objPartitions = GetObject _
("LDAP://cn=Partitions,cn=Configuration,dc=fabrikam,dc=com")
objPartitions.PutEx ADS_PROPERTY_APPEND, _
"upnSuffixes", Array("sa.fabrikam.com","corp.fabrikam.com")
objPartitions.SetInfo
For Each Suffix in objPartitions.GetEx("upnSuffixes")
WScript.Echo Suffix
NextConfiguring User Account Telephone Numbers
Configures telephone numbers and calling information for the MyerKen Active Directory user account.
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "homePhone", "(425) 555-0100"
objUser.Put "pager", "(425) 555-0101"
objUser.Put "mobile", "(425) 555-0102"
objUser.Put "facsimileTelephoneNumber", "(425) 555-0103"
objUser.Put "ipPhone", "5555"
objUser.Put "info", "Please do not call this user account" & _
" at home unless there is a work-related emergency. Call" & _
" this user's mobile phone before calling the pager number."
objUser.PutEx ADS_PROPERTY_UPDATE, "otherHomePhone", Array("(425) 555-0110")
objUser.PutEx ADS_PROPERTY_UPDATE, "otherPager", Array("(425) 555-0111")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherMobile", Array("(425) 555-0112", "(425) 555-0113")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherFacsimileTelephoneNumber", Array("(425) 555-0114")
objUser.PutEx ADS_PROPERTY_UPDATE, "otherIpPhone", Array("5556")
objUser.SetInfoConfiguring User Profile Properties
Configures user profile settings for a user account.
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.Put "profilePath", "\\sea-dc-01\Profiles\myerken"
objUser.Put "scriptPath", "logon.bat"
objUser.Put "homeDirectory", "\\sea-dc-01\HomeFolders\myerken"
objUser.Put "homeDrive", "H"
objUser.SetInfoConfiguring User Profile Properties for a User Account
Configures user profile properties for the MyerKen Active Directory user account.
Set objUser = GetObject _
("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "profilePath", "\\sea-dc-01\Profiles\myerken"
objUser.Put "scriptPath", "logon.bat"
objUser.Put "homeDirectory", "\\sea-dc-01\HomeFolders\myerken"
objUser.Put "homeDrive", "H"
objUser.SetInfoConfiguring User Telephone Properties
Configures telephone numbers and telephone-related attributes for a user account.
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.Put "homePhone", "(425) 555-1111"
objUser.Put "pager", "(425) 555-2222"
objUser.Put "mobile", "(425) 555-3333"
objUser.Put "facsimileTelephoneNumber", "(425) 555-4444"
objUser.Put "ipPhone", "5555"
objUser.Put "info", "Please do not call this user account" & _
" at home unless there is a work-related emergency. Call" & _
" this user's mobile phone before calling the pager number"
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherHomePhone", Array("(425) 555-1112")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherPager", Array("(425) 555-2223")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherMobile", Array("(425) 555-3334", "(425) 555-3335")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherFacsimileTelephoneNumber", Array("(425) 555-4445")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherIpPhone", Array("6666")
objUser.SetInfoCopying Allowed Logon Hours from One Account to Another
Copies the allowed logon hours from a template account (userTemplate) and assigns them to the MyerKen Active Directory user account. The MyerKen account will thus have the same logon hour restrictions as those assigned to the userTemplate account.
On Error Resume Next
Set objUserTemplate = _
GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrLogonHours = objUserTemplate.Get("logonHours")
Set objUser = _
GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "logonHours", arrLogonHours
objUser.SetInfoCreating 1,000 User Accounts
Demonstration script that creates 1,000 user accounts (named UserNo1, UserNo2, UserNo3, etc.) in the Users container in Active Directory. The script is useful for test scenarios that require multiple user accounts.
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
objRootDSE.Get("defaultNamingContext"))
For i = 1 To 1000
Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
objLeaf.Put "sAMAccountName", "UserNo" & i
objLeaf.SetInfo
Next
WScript.Echo "1000 Users created."Creating an Active Directory User Account
Creates a user account in Active Directory. This script only creates the account, it does not enable it.
Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com")
Set objUser = objOU.Create("User", "cn=MyerKen")
objUser.Put "sAMAccountName", "myerken"
objUser.SetInfoCreating a Contact in Active Directory
Creates a contact account named MyerKen in the Management organizational unit in a hypothetical domain named fabrikam.com.
Creating a Contact in Active Directory
Creating a User, a Group, and an OU
Demonstration script that: 1) creates a new Active Directory organizational unit; 2) creates a new user account and new security group; and, 3) adds the new user as a member of that security group.
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
Set objOU = objDomain.Create("organizationalUnit", "ou=Management")
objOU.SetInfo
Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com")
Set objUser = objOU.Create("User", "cn= AckermanPilar")
objUser.Put "sAMAccountName", "AckermanPila"
objUser.SetInfo
Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com")
Set objGroup = objOU.Create("Group", "cn=atl-users")
objGroup.Put "sAMAccountName", "atl-users"
objGroup.SetInfo
objGroup.Add objUser.ADSPathDeleting a Calling Station ID from a User Account
Removes a specific calling station ID from the MyerKen Active Directory user account. This operation only removes the specified calling station ID; no other IDs are deleted.
Const ADS_PROPERTY_DELETE = 4
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_DELETE, _
"msNPSavedCallingStationID", Array("555-0111")
objUser.PutEx ADS_PROPERTY_DELETE, _
"msNPCallingStationID", Array("555-0111")
objUser.SetInfoDeleting One Telephone Number from a User Account
Deletes a phone number from the otherMobile attribute of the MyerKen Active Directory user account. This operation removes only one phone number (425-555-0113) without affecting any other phone numbers.
Set objUser = GetObject _
("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_DELETE, "otherMobile", Array("(425) 555-0113")
objUser.SetInfo
objComptCopy.SetInfoDeleting a Phone Number
Deletes a phone number from a user account with multiple mobile phone numbers.
Const ADS_PROPERTY_DELETE = 4
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_DELETE, _
"otherMobile", Array("(425) 555-3334")
objUser.SetInfoDeleting a Post Office Box from a User Account
Removes a specified value (2224) from the postOfficeBox attribute of the MyerKen Active Directory user account. This operation removes only the specified post office box; other entries will not be deleted.
Const ADS_PROPERTY_DELETE = 4
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_DELETE, "postOfficeBox", Array("2224")
objUser.SetInfoDeleting Published Certificates from a User Account
Retrieves a set of published certificates from a template account (userTemplate), and then deletes each of those certificates from the MyerKen Active Directory user account.
On Error Resume Next
Const ADS_PROPERTY_DELETE = 4
Set objUserTemplate = _
GetObject("LDAP://cn=userTemplate,OU=Management,dc=NA,dc=fabrikam,dc=com")
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
Set objUser = _
GetObject("LDAP://cn=MyerKen,OU=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_DELETE, "userCertificate", arrUserCertificates
objUser.SetInfoDeleting Single- and Multi-Valued Attributes
Deletes selected attributes from a user account. Demonstrates how to delete single-valued attributes as well as how to delete a single entry from a multi-valued attribute.
Const ADS_PROPERTY_DELETE = 4
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_DELETE, _
"otherTelephone", Array("(425) 555-1213")
objUser.PutEx ADS_PROPERTY_DELETE, _
"initials", Array("E.")
objUser.SetInfoDeleting a User Account from Active Directory
Deletes the user account for MyerKen from the HR organizational unit in a hypothetical domain named fabrikam.com.
Set objOU = GetObject("LDAP://ou=hr,dc=fabrikam,dc=com")
objOU.Delete "user", "cn=MyerKen"Determining When an Account Expires
Returns the expiration date for a user account.
On Error Resume Next
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
dtmAccountExpiration = objUser.AccountExpirationDate
If err.number = -2147467259 Or _
dtmAccountExpiration = "1/1/1970" Then
WScript.echo "No account expiration specified"
Else
WScript.echo "Account expiration:" & _
objUser.AccountExpirationDate
End IfDetermining the Owner of a User Account
Reports the owner of the MyerKen Active Directory user account.
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
WScript.Echo "Owner Tab"
WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.OwnerDetermining When a Password Expires
Determines the date when a user password will expire.
Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objUserLDAP = GetObject _
("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com")
intCurrentValue = objUserLDAP.Get("userAccountControl")
If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
wscript.echo "The password does not expire."
Else
dtmValue = objUserLDAP.PasswordLastChanged
Wscript.echo "The password was last changed on " & _
DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
"The difference between when the password was last set" & VbCrLf & _
"and today is " & int(now - dtmValue) & " days"
intTimeInterval = int(now - dtmValue)
Set objDomainNT = GetObject("WinNT://fabrikam")
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
If intMaxPwdAge < 0 Then
WScript.Echo "The Maximum Password Age is set to 0 in the " & _
"domain. Therefore, the password does not expire."
Else
intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
If intTimeInterval >= intMaxPwdAge Then
Wscript.echo "The password has expired."
Else
Wscript.echo "The password will expire on " & _
DateValue(dtmValue + intMaxPwdAge) & " (" & _
int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
End If
End If
End IfDetermining When a Password was Last Set
Identifies the last time a user password was set.
Set objUser = GetObject _
("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
dtmValue = objUser.PasswordLastChanged
WScript.echo "pwdLastSet is: " & dtmValueDetermining User Account Status
Identifies whether a user account is enabled or disabled.
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
If objUser.AccountDisabled = FALSE Then
WScript.Echo "The account is enabled."
Else
WScript.Echo "The account is disabled."
End IfDetermining When a User Account Expires
Reports the date that the MyerKen Active Directory user account expires.
On Error Resume Next
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
dtmAccountExpiration = objUser.AccountExpirationDate
If Err.Number = -2147467259 Or dtmAccountExpiration = "1/1/1970" Then
WScript.Echo "No account expiration specified"
Else
WScript.Echo "Account expiration: " & objUser.AccountExpirationDate
End IfDetermining User Logon Hours
Retrieves the allowed logon hours for a user.
Dim arrLogonHoursBytes(20)
Dim arrLogonHoursBits(167)
arrDayOfWeek = Array _
("Sun", "Mon", "Tue", "Wed", _
"Thu", "Fri", "Sat")
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfoEx Array("logonHours"), 0
arrLogonHours = objUser.Get("logonHours")
For i = 1 To LenB(arrLogonHours)
arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1))
Next
intCounter = 0
intLoopCounter = 0
WScript.Echo "Day Byte 1 Byte 2 Byte 3"
For Each LogonHourByte In arrLogonHoursBytes
arrLogonHourBits = GetLogonHourBits(LogonHourByte)
If intCounter = 0 Then
WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2)
intLoopCounter = intLoopCounter + 1
End If
For Each LogonHourBit In arrLogonHourBits
WScript.STDOUT.Write LogonHourBit
intCounter = 1 + intCounter
If intCounter = 8 or intCounter = 16 Then
WScript.STDOUT.Write Space(1)
End If
If intCounter = 24 Then
WScript.echo VbCr
intCounter = 0
End If
Next
Next
Function GetLogonHourBits(x)
Dim arrBits(7)
For i = 7 to 0 Step -1
If x And 2^i Then
arrBits(i) = 1
Else
arrBits(i) = 0
End If
Next
GetLogonHourBits = arrBits
End FunctionDisabling a Password Flag
Disables the option allowing a password to be stored using reversible encrypted text.
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
If intUAC AND _
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED Then
objUser.Put "userAccountControl", intUAC XOR _
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
objUser.SetInfo
End IfDisabling the “Smartcard Required” Attribute for a User Account
Disables the setting that required MyerKen to use a smartcard when logging on to Active Directory.
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) <> 0 Then
objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
objUser.SetInfo
End IfDisabling a User Account
Disables a user account.
Const ADS_UF_ACCOUNTDISABLE = 2
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfoDisabling the User Cannot Change Password Option
Disables the User Cannot Change Password option, allowing the user to change their password.
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID = _
"{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
arrTrustees = Array("nt authority\self", "everyone")
For Each strTrustee In arrTrustees
For Each ace In objDACL
If(LCase(ace.Trustee) = strTrustee) Then
If((ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
(LCase(ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
objDACL.RemoveAce ace
End If
End If
Next
Next
objUser.Put "nTSecurityDescriptor", objSD
objUser.SetInfoDisplaying Allowed Logon Hours for a User Account
Returns the allowed logon hours for the MyerKen Active Directory user account.
On Error Resume Next
Dim arrLogonHoursBytes(20)
Dim arrLogonHoursBits(167)
arrDayOfWeek = Array _
("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat")
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
arrLogonHours = objUser.Get("logonHours")
For i = 1 To LenB(arrLogonHours)
arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1))
WScript.Echo "MidB returns: " & MidB(arrLogonHours, i, 1)
WScript.Echo "arrLogonHoursBytes: " & arrLogonHoursBytes(i-1)
wscript.echo vbcrlf
Next
intCounter = 0
intLoopCounter = 0
WScript.echo "Day Byte 1 Byte 2 Byte 3"
For Each LogonHourByte In arrLogonHoursBytes
arrLogonHourBits = GetLogonHourBits(LogonHourByte)
If intCounter = 0 Then
WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2)
intLoopCounter = intLoopCounter + 1
End If
For Each LogonHourBit In arrLogonHourBits
WScript.STDOUT.Write LogonHourBit
intCounter = 1 + intCounter
If intCounter = 8 or intCounter = 16 Then
Wscript.STDOUT.Write Space(1)
End If
If intCounter = 24 Then
WScript.echo vbCr
intCounter = 0
End If
Next
Next
Function GetLogonHourBits(x)
Dim arrBits(7)
For i = 7 to 0 Step -1
If x And 2^i Then
arrBits(i) = 1
Else
arrBits(i) = 0
End If
Next
GetLogonHourBits = arrBits
End FunctionDisplaying Domain Password Attributes
Displays password policy settings for the domain.
Const MIN_IN_DAY = 1440, SEC_IN_MIN = 60
Set objDomain = GetObject("WinNT://fabrikam")
Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com")
intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge")
intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge")
intLockOutObservationWindowSeconds = objDomain.Get("LockoutObservationInterval")
intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval")
intMinPwdLength = objAds.Get("minPwdLength")
intPwdHistoryLength = objAds.Get("pwdHistoryLength")
intPwdProperties = objAds.Get("pwdProperties")
intLockoutThreshold = objAds.Get("lockoutThreshold")
intMaxPwdAgeDays = _
((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intMinPwdAgeDays = _
((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intLockOutObservationWindowMinutes = _
(intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes"
If intLockoutDurationSeconds <> -1 Then
intLockoutDurationMinutes = _
(intLockOutDurationSeconds/SEC_IN_MIN) & " minutes"
Else
intLockoutDurationMinutes = _
"Administrator must manually unlock locked accounts"
End If
WScript.Echo "maxPwdAge = " & intMaxPwdAgeDays
WScript.Echo "minPwdAge = " & intMinPwdAgeDays
WScript.Echo "minPwdLength = " & intMinPwdLength
WScript.Echo "pwdHistoryLength = " & intPwdHistoryLength
WScript.Echo "pwdProperties = " & intPwdProperties
WScript.Echo "lockOutThreshold = " & intLockoutThreshold
WScript.Echo "lockOutObservationWindow = " & intLockOutObservationWindowMinutes
WScript.Echo "lockOutDuration = " & intLockoutDurationMinutes
Displaying Password Property Attributes
Displays password settings for the domain.
Set objHash = CreateObject("Scripting.Dictionary")
objHash.Add "DOMAIN_PASSWORD_COMPLEX", &h1
objHash.Add "DOMAIN_PASSWORD_NO_ANON_CHANGE", &h2
objHash.Add "DOMAIN_PASSWORD_NO_CLEAR_CHANGE", &h4
objHash.Add "DOMAIN_LOCKOUT_ADMINS", &h8
objHash.Add "DOMAIN_PASSWORD_STORE_CLEARTEXT", &h16
objHash.Add "DOMAIN_REFUSE_PASSWORD_CHANGE", &h32
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
intPwdProperties = objDomain.Get("PwdProperties")
WScript.Echo "pwdProperties = " & intPwdProperties
For Each Key In objHash.Keys
If objHash(Key) And intPwdProperties Then
WScript.Echo Key & " is enabled"
Else
WScript.Echo Key & " is disabled"
End If
NextDisplaying User Account Password Attributes
Displays password-related attributes for an individual user account.
Const ADS_UF_PASSWORD_EXPIRED = &h800000
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Set objHash = CreateObject("Scripting.Dictionary")
objHash.Add "ADS_UF_PASSWD_NOTREQD", &h00020
objHash.Add "ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED", &h0080
objHash.Add "ADS_UF_DONT_EXPIRE_PASSWD", &h10000
Set objUser = GetObject _
("LDAP://CN=MyerKen,OU=management,DC=Fabrikam,DC=com")
intUserAccountControl = objUser.Get("userAccountControl")
Set objUserNT = GetObject("WinNT://fabrikam/myerken")
intUserFlags = objUserNT.Get("userFlags")
If ADS_UF_PASSWORD_EXPIRED And intUserFlags Then
blnExpiredFlag = True
Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is enabled"
Else
Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is disabled"
End If
For Each Key In objHash.Keys
If objHash(Key) And intUserAccountControl Then
WScript.Echo Key & " is enabled"
Else
WScript.Echo Key & " is disabled"
End If
Next
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
For Each Ace In objDACL
If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
(LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
blnACEPresent = True
End If
Next
If blnACEPresent Then
Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is enabled"
Else
Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is disabled"
End If
If blnExpiredFlag = True Then
Wscript.echo "pwdLastSet is null"
Else
Wscript.echo "pwdLastSet is " & objUser.PasswordLastChanged
End IfEnabling a User Account
Enables a user account.
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountDisabled = FALSE
objUser.SetInfoEnsuring that an Account will not Expire
Configures a user account so that it will not expire. This is done by setting the expiration date to 1/1/1970.
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountExpirationDate = "01/01/1970"
objUser.SetInfoModifying User Profile Paths
Changes the server name portion of the user profile path to \\fabrikam for the MyerKen Active Directory user account.
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
strCurrentProfilePath = objUser.Get("profilePath")
intStringLen = Len(strCurrentProfilePath)
intStringRemains = intStringLen - 11
strRemains = Mid(strCurrentProfilePath, 12, intStringRemains)
strNewProfilePath = "\\fabrikam" & strRemains
objUser.Put "profilePath", strNewProfilePath
objUser.SetInfoMoving a User Account
Moves a user account from one OU to another.
Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com")
objOU.MoveHere _
"LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullStringMoving a User Account to a New Domain
Uses the MoveHere method of IADsContainer to move a user account to another domain. Note that there are a number of restrictions associated with performing this type of move operation. For details, see the Directory Services Platform SDK.
Set objOU = GetObject("LDAP://ou=management,dc=na,dc=fabrikam,dc=com")
objOU.MoveHere _
"LDAP://cn=AckermanPilar,OU=management,dc=fabrikam,dc=com", vbNullStringPreventing a User From Changing His or Her Password
Enables the User Cannot Change Password option, which prevents the user from changing their password.
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const ADS_ACEFLAG_OBJECT_TYPE_PRESENT = &H1
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
Set objSD = objUser.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
arrTrustees = array("nt authority\self", "EVERYONE")
For Each strTrustee in arrTrustees
Set objACE = CreateObject("AccessControlEntry")
objACE.Trustee = strTrustee
objACE.AceFlags = 0
objACE.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT
objACE.Flags = ADS_ACEFLAG_OBJECT_TYPE_PRESENT
objACE.ObjectType = CHANGE_PASSWORD_GUID
objACE.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objDACL.AddAce objACE
Next
objSD.DiscretionaryAcl = objDACL
objUser.Put "nTSecurityDescriptor", objSD
objUser. SetInfoRequiring a Password Change
Forces a user to change their password the next time they logon.
Set objUser = GetObject _
("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
objUser.Put "pwdLastSet", 0
objUser.SetInfoRequiring a User to Logon on Using a Smartcard
Configures the MyerKen user account so that the user must use a smartcard in order to logon to Active Directory.
Const ADS_UF_SMARTCARD_REQUIRED = &h40000
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then
objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
objUser.SetInfo
End IfRetrieving Organization Information
Retrieves user account attributes found on the Organization page of the user account object in Active Directory Users and Computers.
On Error Resume Next
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
strTitle = objUser.Get("title")
strDepartment = objUser.Get("department")
strCompany = objUser.Get("company")
strManager = objUser.Get("manager")
strDirectReports = _
objUser.GetEx("directReports")
WScript.echo "title: " & strTitle
WScript.echo "department: " & strDepartment
WScript.echo "company: " & strCompany
WScript.echo "manager: " & strManager
For Each strValue in strDirectReports
WScript.echo "directReports: " & strValue
NextRetrieving User Account Account Properties
Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers.
On Error Resume Next
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
strUserPrincipalName = objUser.Get("userPrincipalName")
strSAMAccountName = objUser.Get("sAMAccountName")
strUserWorkstations = objUser.Get("userWorkstations")
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
objDomain.GetInfoEx Array("dc"), 0
strDC = objDomain.Get("dc")
WScript.echo "userPrincipalName: " & strUserPrincipalName
WScript.echo "sAMAccountName: " & strSAMAccountName
WScript.echo "UserWorkstations: " & strUserWorkstations
WScript.echo "dc: " & strDCRetrieving User Profile Properties
Retrieves user account attributes found on the Profile page of the user account object in Active Directory users and Computers.
On Error Resume Next
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
strProfilePath = objUser.Get("profilePath")
strScriptPath = objUser.Get("scriptPath")
strHomeDirectory = objUser.Get("homeDirectory")
strHomeDrive = objUser.Get("homeDrive")
WScript.echo "profilePath: " & strProfilePath
WScript.echo "scriptPath: " & strScriptPath
WScript.echo "homeDirectory: " & strHomeDirectory
WScript.echo "homeDrive: " & strHomeDriveSetting an Account Expiration Date
Configures a user account to expire on 3/30/2003.
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountExpirationDate = "03/30/2003"
objUser.SetInfoSetting a Password So It Never Expires
Configures the domain password for a user account to ensure that the password will never expire.
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
Wscript.Echo "Already enabled"
Else
objUser.Put "userAccountControl", intUAC XOR _
ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
WScript.Echo "Password never expires is now enabled"
End IfSetting the Primary Group for a User
Sets the primary group for the MyerKen Active Directory user account to MgmtUniversal.
Const ADS_PROPERTY_APPEND = 3
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
Set objGroup = GetObject _
("LDAP://cn=MgmtUniversal,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfoEx Array("primaryGroupToken"), 0
intPrimaryGroupToken = objGroup.Get("primaryGroupToken")
objGroup.PutEx ADS_PROPERTY_APPEND, _
"member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
objUser.Put "primaryGroupID", intPrimaryGroupToken
objUser.SetInfoSetting a User’s Password
Configures a new password for a user.
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com")
objUser.SetPassword "i5A2sj*!"Unlocking an Active Directory User Account
Unlocks the MyerKen Active Directory user account.
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.IsAccountLocked = False
objUser.SetInfoWriting User Account Properties
Configures general attributes for a user account.
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
objUser.Put "sAMAccountName", "MyerKen01"
objUser.Put "userWorkstations", "wks1,wks2,wks3"
objUser.SetInfo