Guy's Scripting Ezine 21 - Binding to Active Directory
Guy's Scripting Ezine 20 - Binding to Active Directory
Contents Binding to Active Directory
A great VBScript editor will save you both time and frustration. While notepad is an adequate vehicle for copying and pasting, in comparison, a proper script editor is like driving a Rolls Royce. Where a script editor is most useful is when your are troubleshooting. Have you ever wasted time counting down 27 lines to find the error? Well with a script editor, you can instantly see the line numbers and so locate the error at once.
I have to confess, that at first I thought that colour coding was a gimmick, but then I saw how useful colour was in distinguishing strVariables from Set Commands. Why choose OnScript? Not only do they offer a free trial version, but you also get friendly people who care and will look after you.
Guy Recommends: The Free IP Address Tracker (IPAT)
Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges.
For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker
There is a whole family of scripts which manipulate objects in Active Directory. For example, scripts which create new users. One of the first tasks for such scripts is to connect or 'Bind' to Active Directory.
The command that does the binding is:
In my mind's eye 'Binding' is like connecting a pipe from the script to Active Directory. Once the pipe is open, the next line extracts the DNS name so that we can name our
Then on the third line we use the information to set the objDomain
The above three lines are a joy to use because they get the domain name without you having to explicitly hard code the value. Here below a shorter, but inferior alternative. I say inferior because you have to know the correct values for dc=.
Set objDomain = GetObject("LDAP:// dc=cp,dc=com")
The purpose of this script 1 is to create a user called Guido Fawk. Now this script is good, but it could be improved. My hidden agenda this week is learning from mistakes, so while 'BindAD.vbs should work there is a flaw which will be revealed in example 2.
Note 1: We created Guido Fawk with the minimum user attributes, cn and sAMAccountName.
Note 2: See how these two lines get the name of your domain?
Set objRootDSE = GetObject("LDAP://RootDSE")
Note 3: The script will work, but it's not easy to find your user! Make sure you have View (Menu) Advanced Features selected, now you can see the user under the root of the domain - not in the users folder. Alternatively just use 'Find' from your Domain object in Active Directory Users and Computers.
Note 4: Admire how the script saves the objUser with two methods, 'Put' and a SetInfo.
SolarWinds' Orion performance monitor will help you discover what's happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
What we need is a command to place the new account in the USERS container, then we can see the new user more easily in Active Directory Users and Computers.
strDNSDomain = "CN=Users," & strDNSDomain
Note 1: If you like a challenge change the CN=Users, to OU=YourOU. If you accept this challenge make sure that OU=YourOU really exists.
Note 2: Users is a container, so its CN=Users, whereas OU is, well an OU, so, OU=YourOU is correct. (CN=YourOU would be wrong)
The truth is that rather like T.V. programs have cuts or 'out takes', so do my scripts!
My idea is to give you a script with two deliberate mistakes, so that you have a chance to troubleshoot and correct the problems.
There is a tiny error in this script which produces Error: 0x80005000. Can you find it? A good text editor would help you identify the line number.
Note 1: Clue it's a single unwanted symbol.
Binding to Active Directory is such a widely used command its worth mastering the techniques so that you avoid having to type in the domain name. In passing you learn that LDAP://RootDSE is the starting place for scripts wishing to create, amend or delete Active Directory objects.
See More Active Directory VBScripts to Create Users