Re: Help with unlock script
- From: "Adamskey" <Adamskey@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Jun 2005 09:03:05 -0700
Richard,
I have 16 domain controllers on one domain and there's a delay of
replication between them. I am looking for a script allowing me to specify
what's the account to unlock and password then goes and unlock and resets it
on all the domain controllers. LockoutStatus.exe utility does not help me in
this situation niether does http://www.rlmueller.net/IsUserLocked.htm. Any
ideas?
Adam
"Richard Mueller [MVP]" wrote:
> Hi,
>
> Your script uses ADO to retrieve the AdsPath of all DC's, but then does not
> use this information, except to abort if there are no DC's. Note that this
> should never happen, as there must be at least one to get a result. Also, if
> the query finds any DC's in AD, that does not mean that any of them are even
> up and running.
>
> Otherwise, the script assumes the user knows the Common Name (the value of
> the "cn") attribute. The cn does not have to be unique in the domain. It
> must be unique in the container/OU, but several objects in AD can have the
> same Common Name, as long as they are in different containers. I would
> expect the users to know the NT name of the account (the "sAMAccountName"
> attribute, also called the "pre-Windows 2000 logon name").
>
> I have an example program that accepts the NT logon name, then determines if
> the account is locked out. If it is, the program displays some information
> and asks if the account should be unlocked. If requested, the account is
> unlocked.
>
> http://www.rlmueller.net/IsUserLocked.htm
>
> The program uses the NameTranslate object to convert the NT name to the
> Distinguished Name of the user object. ADO could also be used, but that
> would be less efficient. This example does not create the log entry you
> require.
>
> You can use the WshNetwork object or the ADSystemInfo object to retrieve the
> name of the current user. ADSystemInfo is available on any client with W2k
> or above, but WshNetwork is available on Win9x or above (Win9x and NT
> require that DSClient be installed). WshNetwork retrieves the NT name,
> ADSystemInfo the Distinguished Name of the current user. The Now function
> can be used to get the current date/time. For example:
>
> Dim objNetwork, strUser
> Set objNetwork = CreateObject("Wscript.Network")
> strUser = objNetwork.UserName
>
> or
>
> Dim objSysInfo, strUser
> Set objSysInfo
> Set objSysInfo = CreateObject("ADSystemInfo")
> strUser = objSysInfo.UserName
>
> Then for example:
>
> objTextFile.WriteLine("Account " & test & " unlocked by " & strUser & " at "
> Now())
>
> In the example script I linked, the variable dtmLockout is when the account
> was locked out. You could also add this to the line you append to the log
> file. I hope this helps.
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> Hilltop Lab web site - http://www.rlmueller.net
> --
>
> "DaveP56" <davephillips@xxxxxxxxxx> wrote in message
> news:1118693591.488911.133260@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> i am trying to create a script to unlock a user account in an OU and
> log the results for tracking.
> we are about to deligate it to the teamleads in the departments to cut
> down on calls to the helpdesk. and still want the numbers
> i am trying to set this up where they type the user id in and click ok
> it unlocks the account then logs who unlocked it, who they unlocked and
> the date/time it was unlocked
> maybe the time it was locked out just for referance.
> i dont want it to poll active directory for locked accounts just the
> one the deligate specifies in the input box.
>
> -----------------------------------
> script start
> -----------------------------------
>
>
> Option Explicit
> 'On Error Resume Next
> Dim objFSO, objFolder, objShell, objTextFile, objFile
> Dim strDirectory, strFile, strText, objuser, objDC
> Dim MyVar, test, oConnect, oCommand, strquery, orecordset
> Dim oRootDSE, strConfigNC, oConnection, ocmd
>
> 'userid = WshShell.ExpandEnvironmentStrings("%USERNAME%")
> MyVar = Now strDirectory = "c:\log"
> strFile = "\crc.txt"
>
>
> Set oConnect = CreateObject("ADODB.Connection")
> oConnect.Provider = "ADsDSOObject"
> oConnect.Open "DS Query"
> Set oCommand = CreateObject("ADODB.Command")
> Set oCommand.ActiveConnection = oConnect
> oCommand.Properties("SearchScope") = 2
>
>
> Set oRootDSE = GetObject("LDAP://RootDSE";)
> strConfigNC = oRootDSE.Get("configurationNamingContext")
>
> WScript.echo(strConfigNC)
> Set oConnection = CreateObject("ADODB.Connection")
> oConnection.Provider = "ADsDSOObject"
> oConnection.Open "ADs Provider"
>
> strquery = "<LDAP://"; & strConfigNC &
> ">;(objectClass=nTDSDSA);ADsPath;subtree"
> Set ocmd = CreateObject("ADODB.Command")
> ocmd.ActiveConnection = oConnection
> ocmd.CommandText = strquery
> Set orecordset = ocmd.Execute
> If orecordset.recordcount = 0 Then
> WScript.Echo "No Domain Controllers were found"
> Else
> 'unlock the user acct
> test = InputBox("Enter the user's login name that you want to unlock:")
> WScript.echo("Unlock " & test & "'s account click OK")
> Set objuser = GetObject _
> ("LDAP://cn="; & test & ",ou=users,dc=na,dc=DOMAin,dc=com")
> WScript.echo(objuser)
> objuser.IsAccountLocked = False
> objuser.SetInfo
> Set objFSO = CreateObject("Scripting.FileSystemObject")
>
> If objFSO.FolderExists(strDirectory) Then
> Set objFolder = objFSO.GetFolder(strDirectory)
> Else
> Set objFolder = objFSO.CreateFolder(strDirectory)
> WScript.Echo "Just created " & strDirectory
> End If
>
> If objFSO.FileExists(strDirectory & strFile) Then
> Set objFolder = objFSO.GetFolder(strDirectory)
> Else
> Set objFile = objFSO.CreateTextFile(strDirectory & strFile)
> WScript.Echo "Just created " & strDirectory & strFile
> End If
>
> ' OpenTextFile Method needs a Const value
> ' ForAppending = 8 ForReading = 1, ForWriting = 2
> Const ForAppending = 8
> Set objTextFile = objFSO.OpenTextFile _
> (strDirectory & strFile, ForAppending, True)
>
> objTextFile.WriteLine("account " &test& " is unlocked")
> objTextFile.Close
>
> WScript.Quit
> End If
>
> --------------------------------------------------------
> end
> --------------------------------------------------------
>
>
>
.
- References:
- Help with unlock script
- From: DaveP56
- Re: Help with unlock script
- From: Richard Mueller [MVP]
- Help with unlock script
- Prev by Date: Re: map network drive
- Next by Date: Cannot send emails with CDO.Message
- Previous by thread: Re: Help with unlock script
- Next by thread: Active Directory User Home Folders
- Index(es):
Relevant Pages
|
