Set objContainer = GetObject("LDAP://cn=Users," & _
objRootDSE.Get("defaultNamingContext"))
For i = 1 To 1000
Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
objLeaf.Put "sAMAccountName", "UserNo" & i
objLeaf.SetInfo
Next
WScript.Echo "1000 Users created."
Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com") Set objUser = objOU.Create("User", "cn=MyerKen") objUser.Put "sAMAccountName", "myerken" objUser.SetInfo
Creating a User, a Group, and an OU
Demonstration script that: 1) creates a new Active Directory organizational unit; 2) creates a new user account and new security group; and, 3) adds the new user as a member of that security group.
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") Set objOU = objDomain.Create("organizationalUnit", "ou=Management") objOU.SetInfo Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com") Set objUser = objOU.Create("User", "cn= AckermanPilar") objUser.Put "sAMAccountName", "AckermanPila" objUser.SetInfo Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com") Set objGroup = objOU.Create("Group", "cn=atl-users") objGroup.Put "sAMAccountName", "atl-users" objGroup.SetInfo objGroup.Add objUser.ADSPath
Deleting a User Account from Active Directory
———————————————————————-
Deletes the user account for MyerKen from the HR organizational unit in a hypothetical domain named fabrikam.com.
Set objOU = GetObject("LDAP://ou=hr,dc=fabrikam,dc=com") objOU.Delete "user", "cn=MyerKen"
Determining When an Account Expires
Returns the expiration date for a user account.
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") dtmAccountExpiration = objUser.AccountExpirationDate If err.number = -2147467259 Or _ dtmAccountExpiration = "1/1/1970" Then WScript.echo "No account expiration specified" Else WScript.echo "Account expiration:" & _ objUser.AccountExpirationDate End If
Const SEC_IN_DAY = 86400 Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 Set objUserLDAP = GetObject _ ("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com") intCurrentValue = objUserLDAP.Get("userAccountControl") If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then wscript.echo "The password does not expire." Else dtmValue = objUserLDAP.PasswordLastChanged Wscript.echo "The password was last changed on " & _ DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _ "The difference between when the password was last set" & VbCrLf & _ "and today is " & int(now - dtmValue) & " days" intTimeInterval = int(now - dtmValue) Set objDomainNT = GetObject("WinNT://fabrikam") intMaxPwdAge = objDomainNT.Get("MaxPasswordAge") If intMaxPwdAge < 0 Then WScript.Echo "The Maximum Password Age is set to 0 in the " & _ "domain. Therefore, the password does not expire." Else intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY) Wscript.echo "The maximum password age is " & intMaxPwdAge & " days" If intTimeInterval >= intMaxPwdAge Then Wscript.echo "The password has expired." Else Wscript.echo "The password will expire on " & _ DateValue(dtmValue + intMaxPwdAge) & " (" & _ int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")." End If End If End If
Determining When a Password was Last Set
Identifies the last time a user password was set.
Set objUser = GetObject _ ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") dtmValue = objUser.PasswordLastChanged WScript.echo "pwdLastSet is: " & dtmValue
Determining User Account Status
Identifies whether a user account is enabled or disabled.
Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") If objUser.AccountDisabled = FALSE Then WScript.Echo "The account is enabled." Else WScript.Echo "The account is disabled." End If
Determining When a User Account Expires
Reports the date that the MyerKen Active Directory user account expires.
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") dtmAccountExpiration = objUser.AccountExpirationDate If Err.Number = -2147467259 Or dtmAccountExpiration = "1/1/1970" Then WScript.Echo "No account expiration specified" Else WScript.Echo "Account expiration: " & objUser.AccountExpirationDate End If
Moving a User Account
Moves a user account from one OU to another.
Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com") objOU.MoveHere _ "LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullString
Requiring a Password Change
Forces a user to change their password the next time they logon.
Set objUser = GetObject _ ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") objUser.Put "pwdLastSet", 0 objUser.SetInfo
Retrieving User Account Account Properties
Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers.
On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfo strUserPrincipalName = objUser.Get("userPrincipalName") strSAMAccountName = objUser.Get("sAMAccountName") strUserWorkstations = objUser.Get("userWorkstations") Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") objDomain.GetInfoEx Array("dc"), 0 strDC = objDomain.Get("dc") WScript.echo "userPrincipalName: " & strUserPrincipalName WScript.echo "sAMAccountName: " & strSAMAccountName WScript.echo "UserWorkstations: " & strUserWorkstations WScript.echo "dc: " & strDC
Unlocking an Active Directory User Account
Unlocks the MyerKen Active Directory user account.
Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.IsAccountLocked = False objUser.SetInfo