Re: Running a script against an OU

Thanks Richard. Once again you've been very helpful.
Our actual OU path inclues a space character (i.e. "LDAP://OU=Computer
Accounts,OU=lab1,dc=MyDomain,dc=Com")
Do I need to place a forward slash between Computer and Accounts?
Thanks,
Jeremy


"Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:eRMR9Tn7GHA.4996@xxxxxxxxxxxxxxxxxxxxxxx
ComputerTeacher wrote:

In the following script, what do I have to put in place of "atl-ws-01" to
run the script against an OU called lab1? Can I use the distinguished
name? Or would it be easier to run it with a GPO?

strComputer = "atl-ws-01"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,
user")
objUser.SetPassword "09iuy%4e"
objUser.SetInfo

I assume you want to set the password for the local Administrator account
on all computers in an OU. This can be done using a Startup script in a
GPO, but it would run every time the machines start. There might be other
ways as well, but it can be done in bulk in one script. The trick is that
you must use the WinNT provider to bind to the computer to access local
accounts (the local SAM account database is not LDAP compliant). However,
the WinNT provider is blind to OU's, so you must use the LDAP provider to
bind to the OU. Also, you have to use the NT name of the computer, called
the NetBIOS name, with the WinNT provider. The trick here is to know that
the sAMAccountName attribute of the computer object exposed by the LDAP
provider is the NetBIOS name with "$" appended on the end. I would try
something similar to:
===========
' Bind to the OU with the Distinguished Name.
Set objOU = CreateObject("LDAP://ou=lab1,dc=MyDomain,dc=com";)

' Filter on computer objects.
objOU.Filter = Array("computer")

' Enumerate the computer objects.
For Each objComputer In objOU
' Retrieve the NetBIOS name so we can bind with the WinNT provider.
' The NetBIOS name is the sAMAccountName with the trailing "$" removed.
strNTName = objComputer.sAMAccountName
' Remove the trailing "$".
strNTName = Left(strNTName, Len(strNTName) - 1)
' Bind to the local Administrator user on the computer.
Set objAdmin = GetObject("WinNT://" & strNTName &
"/Administrator,user")
' Set the password.
objAdmin.SetPassword "09iuy%4e"
Next
===========
The SetPassword method is immediate, so you should not need to invoke the
SetInfo method.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net



.

Relevant Pages

  • Re: Running a script against an OU
    ... Do I need to place a forward slash between Computer and Accounts? ... the WinNT provider is blind to OU's, so you must use the LDAP provider to ... bind to the OU. ... provider is the NetBIOS name with "$" appended on the end. ...
    (microsoft.public.scripting.vbscript)
  • Re: Running a script against an OU
    ... This can be done using a Startup script in a GPO, ... use the WinNT provider to bind to the computer to access local accounts (the ... Also, you have to use the NT name of the computer, called the NetBIOS ...
    (microsoft.public.scripting.vbscript)
  • Re: Script just stops running even though on error resume next
    ... The WinNT provider is available if the client is Windows 2000 or above. ... If you run the script ... after logon the error message should indicate the line number and hopefully ... the "After bind:" entry. ...
    (microsoft.public.scripting.vbscript)
  • Re: Last Logon Time Stamp
    ... > I am new to script. ... > I need to list out inactive accounts more than 90 days in both AD accounts ... Use ADO to retrieve lastLogonTimeStamp for all users. ... And here is a sample program that retrieves the distinguishedName for all ...
    (microsoft.public.windows.server.scripting)
  • Re: Script to delete computer accounts not working
    ... thanks for the initial script as well. ... computer accounts that are disabled and haven't been modified for 30 days. ... Set objCommand = CreateObject ...
    (microsoft.public.scripting.vbscript)