———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–
–Creating 1000 User Accounts
 
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
    objRootDSE.Get("defaultNamingContext"))

For i = 1 To 1000
    Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
    objLeaf.Put "sAMAccountName", "UserNo" & i
    objLeaf.SetInfo
Next

WScript.Echo "1000 Users created."

 
 
———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–—-Creating an Active Directory User Account————————————————————————-
 
Creates a user account in Active Directory. This script only creates the account, it does not enable it.

Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com") Set objUser = objOU.Create("User", "cn=MyerKen") objUser.Put "sAMAccountName", "myerken" objUser.SetInfo
 
———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–

Creating a User, a Group, and an OU

  Demonstration script that: 1) creates a new Active Directory organizational unit; 2) creates a new user account and new security group; and, 3) adds the new user as a member of that security group.

Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") Set objOU = objDomain.Create("organizationalUnit", "ou=Management") objOU.SetInfo   Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com") Set objUser = objOU.Create("User", "cn= AckermanPilar") objUser.Put "sAMAccountName", "AckermanPila" objUser.SetInfo   Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com") Set objGroup = objOU.Create("Group", "cn=atl-users") objGroup.Put "sAMAccountName", "atl-users" objGroup.SetInfo   objGroup.Add objUser.ADSPath
————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————-

Deleting a User Account from Active Directory

———————————————————————-

Deletes the user account for MyerKen from the HR organizational unit in a hypothetical domain named fabrikam.com.

Set objOU = GetObject("LDAP://ou=hr,dc=fabrikam,dc=com") objOU.Delete "user", "cn=MyerKen"

Determining When an Account Expires

Returns the expiration date for a user account.

On Error Resume Next Set objUser = GetObject _   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")   dtmAccountExpiration = objUser.AccountExpirationDate    If err.number = -2147467259 Or _  dtmAccountExpiration = "1/1/1970" Then   WScript.echo "No account expiration specified" Else   WScript.echo "Account expiration:" & _     objUser.AccountExpirationDate End If
 
———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–
Determining When a Password Expires
 
Determines the date when a user password will expire.

Const SEC_IN_DAY = 86400 Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000   Set objUserLDAP = GetObject _   ("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com") intCurrentValue = objUserLDAP.Get("userAccountControl")   If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then   wscript.echo "The password does not expire." Else   dtmValue = objUserLDAP.PasswordLastChanged    Wscript.echo "The password was last changed on " & _   DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _   "The difference between when the password was last set" & VbCrLf & _   "and today is " & int(now - dtmValue) & " days"   intTimeInterval = int(now - dtmValue)      Set objDomainNT = GetObject("WinNT://fabrikam")   intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")   If intMaxPwdAge < 0 Then     WScript.Echo "The Maximum Password Age is set to 0 in the " & _       "domain. Therefore, the password does not expire."   Else     intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)     Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"     If intTimeInterval >= intMaxPwdAge Then       Wscript.echo "The password has expired."     Else       Wscript.echo "The password will expire on " & _       DateValue(dtmValue + intMaxPwdAge) & " (" & _       int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."     End If   End If End If

Determining When a Password was Last Set

Identifies the last time a user password was set.

Set objUser = GetObject _     ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") dtmValue = objUser.PasswordLastChanged WScript.echo "pwdLastSet is: " & dtmValue

Determining User Account Status

Identifies whether a user account is enabled or disabled.

Set objUser = GetObject _   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")   If objUser.AccountDisabled = FALSE Then       WScript.Echo "The account is enabled." Else       WScript.Echo "The account is disabled." End If

Determining When a User Account Expires

Reports the date that the MyerKen Active Directory user account expires.

On Error Resume Next Set objUser = GetObject _     ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") dtmAccountExpiration = objUser.AccountExpirationDate    If Err.Number = -2147467259 Or dtmAccountExpiration = "1/1/1970" Then     WScript.Echo "No account expiration specified" Else     WScript.Echo "Account expiration: " & objUser.AccountExpirationDate End If
———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–

Moving a User Account

Moves a user account from one OU to another.

Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com") objOU.MoveHere _     "LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullString
 
———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–

Requiring a Password Change

Forces a user to change their password the next time they logon.

Set objUser = GetObject _     ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") objUser.Put "pwdLastSet", 0 objUser.SetInfo
———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–

Retrieving User Account Account Properties

Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers.

 On Error Resume Next Set objUser = GetObject _   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfo   strUserPrincipalName = objUser.Get("userPrincipalName") strSAMAccountName = objUser.Get("sAMAccountName") strUserWorkstations = objUser.Get("userWorkstations")   Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") objDomain.GetInfoEx Array("dc"), 0 strDC = objDomain.Get("dc")   WScript.echo "userPrincipalName: " & strUserPrincipalName WScript.echo "sAMAccountName: " & strSAMAccountName WScript.echo "UserWorkstations: " & strUserWorkstations WScript.echo "dc: " & strDC
 
 
———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————–

Unlocking an Active Directory User Account

Unlocks the MyerKen Active Directory user account.

Set objUser = GetObject _     ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.IsAccountLocked = False objUser.SetInfo
 
 
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *