Guy’s Scripting Ezine 21 – Binding to Active Directory

Guy’s Scripting Ezine 20 – Binding to Active Directory

Contents Binding to Active Directory

 ♣

This Week’s Secret

A great VBScript editor will save you both time and frustration.  While notepad is an adequate vehicle for copying and pasting, in comparison, a proper script editor is like driving a Rolls Royce.  Where a script editor is most useful is when your are troubleshooting.  Have you ever wasted time counting down 27 lines to find the error?   Well with a script editor, you can instantly see the line numbers and so locate the error at once.

I have to confess, that at first I thought that colour coding was a gimmick, but then I saw how useful colour was in distinguishing strVariables from Set Commands.  Why choose OnScript?  Not only do they offer a free trial version, but you also get friendly people who care and will look after you.

Guy Recommends: The Free IP Address Tracker (IPAT) IP Tracker

Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets.  IPAT cracks this problem of allocating IP addresses in networks in two ways:

For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges. 

For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker

Binding to Active Directory

There is a whole family of scripts which manipulate objects in Active Directory.  For example, scripts which create new users.  One of the first tasks for such scripts is to connect or ‘Bind’ to Active Directory.

The command that does the binding is:
Set objRootDSE = GetObject("LDAP://RootDSE")

In my mind’s eye ‘Binding’ is like connecting a pipe from the script to Active Directory.  Once the pipe is open, the next line extracts the DNS name so that we can name our user object
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

Then on the third line we use the information to set the objDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)

The above three lines are a joy to use because they get the domain name without you having to explicitly hard code the value.  Here below a shorter, but inferior alternative.  I say inferior because you have to know the correct values for dc=.

Set objDomain = GetObject("LDAP:// dc=cp,dc=com")

Example 1 – To create a user

The purpose of this script 1 is to create a user called Guido Fawk.  Now this script is good, but it could be improved.  My hidden agenda this week is learning from mistakes, so while ‘BindAD.vbs should work there is a flaw which will be revealed in example 2.

Instructions

  1. Pre-requisites.  You need a domain controller for this script to work.
  2. Copy and paste the script below into notepad.
  3. Save the file with .vbs extension e.g. BindAD.vbs
  4. Double click and observer the message box – Check Active Directory Users and Computers.

‘ BindAD.vbs
‘ VBScript to bind to Active Directory and create a user.
‘ Author Guy Thomas https://computerperformance.co.uk
‘ Version 1.8 – March 7th 2004
‘ —————————————————————–‘
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawk")
objUser.Put "sAMAccountName", "GuidoFawk"
objUser.SetInfo
WScript.Echo "Created " & objUser.get ("cn")
WScript.quit
 

 

Learning points

Note 1: We created Guido Fawk with the minimum user attributes, cn and sAMAccountName.

Note 2: See how these two lines get the name of your domain?

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
 

Note 3: The script will work, but it’s not easy to find your user!  Make sure you have View (Menu) Advanced Features selected, now you can see the user under the root of the domain – not in the users folder.  Alternatively just use ‘Find’ from your Domain object in Active Directory Users and Computers.

Note 4: Admire how the script saves the objUser with two methods, ‘Put’ and a SetInfo.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds’ Orion performance monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Example 2 – Add the user’s container.

What we need is a command to place the new account in the USERS container, then we can see the new user more easily in Active Directory Users and Computers.

strDNSDomain = "CN=Users," & strDNSDomain

 

‘ BindADUser.vbs
‘ VBScript to bind to AD and create a user in Users Container.
‘ Author Guy Thomas https://computerperformance.co.uk
‘ Version 2.3 – March 7th 2004
‘ —————————————————————–‘
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strDNSDomain = "CN=Users," & strDNSDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawkes")
objUser.Put "sAMAccountName", "GuidoFawkes"
objUser.SetInfo
WScript.Echo "Created " & objUser.get ("cn")
WScript.quit
‘ End of example VBScript
 

 

Learning Points

Note 1: If you like a challenge change the CN=Users, to OU=YourOU.   If you accept this challenge make sure that OU=YourOU really exists.

Note 2: Users is a container, so its CN=Users, whereas OU is, well an OU, so,  OU=YourOU is correct.  (CN=YourOU would be wrong)

Out Takes – Introducing two Guy Challenges.

The truth is that rather like T.V. programs have cuts or ‘out takes’, so do my scripts!

My idea is to give you a script with two deliberate mistakes, so that you have a chance to troubleshoot and correct the problems.

There is a tiny error in this script which produces Error: 0x80005000.  Can you find it?  A good text editor would help you identify the line number.

 

‘ BindAD.vbs
‘ VBScript to bind to AD and create a user in Users Container.
‘ Author Guy Thomas https://computerperformance.co.uk
‘ Version 2.2 – March 7th 2004
‘ —————————————————————–‘
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Dim objDomain, objUser, objRootDSE
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strDNSDomain = "CN=Users" & strDNSDomain
Set objDomain = GetObject("LDAP://"  &  strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawke")
objUser.Put "sAMAccountName", "GuidoFawke"
objUser.SetInfo
WScript.Echo "Created " & strDNSDomain
WScript.quit
‘ End of example VBScript
 

Note 1:  Clue it’s a single unwanted symbol.

Summary

Binding to Active Directory is such a widely used command its worth mastering the techniques so that you avoid having to type in the domain name.  In passing you learn that LDAP://RootDSE is the starting place for scripts wishing to create, amend or delete Active Directory objects.

See More Active Directory VBScripts to Create Users

• User Spreadsheet  • Ezines  •LDAP Properties  • ADSIEdit  • Free Solarwinds CSV Import Tool

Ezine 13 Create Users  • Ezine 21 Create Users  • Ezine 23 Enable Accounts  •Ezine 93 ADSIEdit

Ezine 134 Delete Users  • VBScript create users  •PowerShell Get Users  •PowerShell Create Users