Guy's Scripting Ezine 21 - Binding to Active Directory
Guy's Scripting Ezine 20 - Binding to Active DirectoryContents Binding to Active
Directory
♣
A great VBScript editor will save you both time and frustration. While
notepad is an adequate vehicle for copying and pasting, in comparison, a proper script editor is
like driving a Rolls Royce. Where a script editor is most useful is when
your are troubleshooting. Have you ever wasted time counting down 27 lines to find
the error? Well with a script editor, you can instantly see
the line numbers and so
locate the error at once.
I have to confess, that at first I thought that colour coding was a gimmick,
but then I saw how useful colour was in distinguishing strVariables from Set
Commands. Why choose OnScript? Not only do they offer a free trial
version, but you also get friendly people who care and
will look after you.
Calculating IP Address
ranges is a black art, which many network managers solve by creating custom
Excel spreadsheets. IPAT cracks this problem of allocating IP addresses
in networks in two ways:
For Mr Organized there is a nifty subnet
calculator, you enter the network address and the subnet mask, then IPAT
works out the usable addresses and their ranges.
For Mr Lazy IPAT
discovers and then displays the IP addresses of existing computers.
Download the Free IP Address Tracker
There is a whole family of scripts which manipulate objects in Active Directory.
For example, scripts which create new users. One of the first tasks for
such scripts is to connect or
'Bind' to Active Directory.
The command that does the binding is:
Set objRootDSE =
GetObject("LDAP://RootDSE")
In my mind's eye 'Binding' is like connecting a pipe from the script to Active Directory. Once the pipe is open, the next line extracts the DNS name so that we can name our
user object
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Then on the third line we use the information to set the objDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)
The above three lines are a joy to use because they get the domain name
without you having to explicitly hard code the value. Here below a
shorter, but inferior alternative. I say inferior because you have to know
the correct values for dc=.
Set objDomain = GetObject("LDAP:// dc=cp,dc=com")
The purpose of this script 1 is to create a user called Guido Fawk. Now
this script is good, but it could be improved. My hidden agenda this
week is learning from mistakes, so while 'BindAD.vbs should work there is a
flaw which will be revealed in example 2.
Instructions
- Pre-requisites. You need a domain controller for this script to
work.
- Copy and paste the script below into notepad.
- Save the file with .vbs extension e.g. BindAD.vbs
- Double click and observer the message box - Check Active Directory Users
and Computers.
' BindAD.vbs
' VBScript to bind to Active Directory and create a user.
' Author Guy Thomas http://computerperformance.co.uk
' Version 1.8 - March 7th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawk")
objUser.Put "sAMAccountName", "GuidoFawk"
objUser.SetInfo
WScript.Echo "Created " & objUser.get ("cn")
WScript.quit
Learning points
Note 1: We created Guido Fawk with the minimum user attributes, cn and
sAMAccountName.
Note 2: See how these two lines get the name of your domain?
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Note 3: The script will work, but it's not easy to find your user!
Make sure you have View (Menu) Advanced Features selected, now you can see
the user under the root of the domain - not in the users folder.
Alternatively just use 'Find' from your Domain object in Active Directory
Users and Computers.
Note 4: Admire how the script saves the objUser with two methods, 'Put'
and a SetInfo.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
Solarwinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMWare
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you take advantage of Solarwinds' offer.
Download a free trial of
the Network Performance Monitor.
What we need is a command to place the new account in the USERS
container, then we can see the new user more easily in Active Directory Users and Computers.
strDNSDomain = "CN=Users," & strDNSDomain
' BindADUser.vbs
' VBScript to bind to AD and create a user in Users Container.
' Author Guy Thomas http://computerperformance.co.uk
' Version 2.3 - March 7th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strDNSDomain = "CN=Users," & strDNSDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawkes")
objUser.Put "sAMAccountName", "GuidoFawkes"
objUser.SetInfo
WScript.Echo "Created " & objUser.get ("cn")
WScript.quit
' End of example VBScript
Learning Points
Note 1: If you like a challenge change the CN=Users, to OU=YourOU.
If you accept this challenge make sure that OU=YourOU really exists.
Note 2: Users is a container, so its CN=Users, whereas OU is, well
an OU, so, OU=YourOU is correct. (CN=YourOU would be
wrong)
The truth is that rather like T.V. programs have cuts or 'out takes', so
do my scripts!
My idea is to give you a script with two deliberate mistakes, so that you
have a chance to troubleshoot and correct the problems.
There is a tiny error in this script which produces Error: 0x80005000.
Can you find it? A good text editor would help you identify the line
number.
' BindAD.vbs
' VBScript to bind to AD and create a user in Users Container.
' Author Guy Thomas http://computerperformance.co.uk
' Version 2.2 - March 7th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Dim objDomain, objUser, objRootDSE
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strDNSDomain = "CN=Users" & strDNSDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawke")
objUser.Put "sAMAccountName", "GuidoFawke"
objUser.SetInfo
WScript.Echo "Created " & strDNSDomain
WScript.quit
' End of example VBScript
Note 1: Clue it's a single unwanted symbol.
Binding to Active Directory is such a widely used command its worth
mastering the techniques so that you avoid having to type in the domain
name. In passing you learn that LDAP://RootDSE is the starting place
for scripts wishing to create, amend or delete Active Directory objects.
See More Active Directory VBScripts to Create Users
• User Spreadsheet • Ezines •
LDAP Properties • ADSIEdit • Free
CSV Importer
• Ezine 13 Create Users • Ezine 21
Create Users •
Ezine 23 Enable Accounts •
Ezine 93 ADSIEdit
• Ezine 134 Delete Users •
VBScript create users •
PowerShell Get Users •
PowerShell Create Users
| 
