Guy's Scripting Ezine 21 - Binding to Active Directory

IPAM will assist you in managing IP addresses.

To let you into a secret, this utilities is fun to use, even if you don't have a pressing need to calculate your IP address space.

Get a free evaluation copy of Orion IPAM

Is your server running slowly?  Check with SolarWinds ipMonitor

Get a free evaluation copy of ipMonitor

Guy's Scripting Ezine 20 - Binding to Active Directory

Contents Binding to Active Directory

• This week's secret
• Binding to Active Directory
• Example 1 - To create a user
• Example 2 - Add the user's container
• Out Takes - Guy Challenge
• Summary

This week’s secret

A great VBScript editor will save you both time and frustration.  While notepad is an adequate vehicle for copying and pasting, in comparison, a proper script editor is like driving a Rolls Royce.  Where a script editor is most useful is when your are troubleshooting.  Have you ever wasted time counting down 27 lines to find the error?   Well with a script editor, you can instantly see the line numbers and so locate the error at once.

I have to confess, that at first I thought that colour coding was a gimmick, but then I saw how useful colour was in distinguishing strVariables from Set Commands.  Why choose OnScript?  Not only do they offer a free trial version, but you also get friendly people who care and will look after you.

For a top Script Editor try a free download at OnScript

Binding to Active Directory

There is a whole family of scripts which manipulate objects in Active Directory.  For example, scripts which create new users.  One of the first tasks for such scripts is to connect or 'Bind' to Active Directory.

The command that does the binding is:
Set objRootDSE = GetObject("LDAP://RootDSE")

In my mind's eye 'Binding' is like connecting a pipe from the script to Active Directory.  Once the pipe is open, the next line extracts the DNS name so that we can name our user object
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

Then on the third line we use the information to set the objDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)

The above three lines are a joy to use because they get the domain name without you having to explicitly hard code the value.  Here below a shorter, but inferior alternative.  I say inferior because you have to know the correct values for dc=.

Set objDomain = GetObject("LDAP:// dc=cp,dc=com")

Example 1 - To create a user

The purpose of this script 1 is to create a user called Guido Fawk.  Now this script is good, but it could be improved.  My hidden agenda this week is learning from mistakes, so while 'BindAD.vbs should work there is a flaw which will be revealed in example 2.

Instructions

1. Pre-requisites.  You need a domain controller for this script to work.
2. Copy and paste the script below into notepad.
3. Save the file with .vbs extension e.g. BindAD.vbs
4. Double click and observer the message box - Check Active Directory Users and Computers.

Learning points

Note 1: We created Guido Fawk with the minimum user attributes, cn and sAMAccountName.

Note 2: See how these two lines get the name of your domain?

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
 

Note 3: The script will work, but it's not easy to find your user!  Make sure you have View (Menu) Advanced Features selected, now you can see the user under the root of the domain - not in the users folder.  Alternatively just use 'Find' from your Domain object in Active Directory Users and Computers.

Note 4: Admire how the script saves the objUser with two methods, 'Put' and a SetInfo.

Example 2 - Add the user's container.

What we need is a command to place the new account in the USERS container, then we can see the new user more easily in Active Directory Users and Computers.

strDNSDomain = "CN=Users," & strDNSDomain
 

Learning Points

Note 1: If you like a challenge change the CN=Users, to OU=YourOU.   If you accept this challenge make sure that OU=YourOU really exists.

Note 2: Users is a container, so its CN=Users, whereas OU is, well an OU, so,  OU=YourOU is correct.  (CN=YourOU would be wrong)

Out Takes - Introducing two Guy Challenges.

The truth is that rather like T.V. programs have cuts or 'out takes', so do my scripts!

My idea is to give you a script with two deliberate mistakes, so that you have a chance to troubleshoot and correct the problems.

There is a tiny error in this script which produces Error: 0x80005000.  Can you find it?  A good text editor would help you identify the line number.

If you are stuck, see the answers

Note 1:  Clue it's a single unwanted symbol.

Summary

Binding to Active Directory is such a widely used command its worth mastering the techniques so that you avoid having to type in the domain name.  In passing you learn that LDAP://RootDSE is the starting place for scripts wishing to create, amend or delete Active Directory objects.

If you are stuck, see the answers online.

Guy Thomas recommends Computer Training Software. 

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

Home Copyright © 1999-2009 Computer Performance LTD All rights reserved

Please report a broken link, or an error.