Re: Editing users UPN via script
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Mar 2008 21:19:13 -0500
Angela wrote:
I have a text file called C:\Temp\USERS.TXT (which the format can be
changed
if needed), that has the following (UserLogonName, UPN format):
User1, @mydomain.com
User2, @mydomain.com
User3, @mydomain.com
User4, @mydomain.com
User5, @mydomain.com
User6, @mydomain.com
I want to be able to change the UPN listing (in some cases it's not
present
at all for users) that appears next to the "User logon name" on the
Account
properties for those users in a script. I can edit a script to change this
for a user but in this case I want to be able to read in the information
from
a file, can this be done editing this script? Or do I have to do it
manually?
Set objUser = GetObject _
("LDAP://cn=User1,dc=NA,dc=mydomain,dc=com";)
objUser.Put "userPrincipalName", "MyerKen@xxxxxxxxxxxx"
objUser.Put "sAMAccountName", "MyerKen01"
objUser.Put "userWorkstations","wks1,wks2,wks3"
objUser.SetInfo
Your text file has two values per line, delimited with a comma. If the first
value is the NT name of the user (the "pre-Windows 2000 logon name"), you
can use the NameTranslate object to convert to the Distinguished Name (as
indicated by Anthony Houssa). However, if the first value is the "User logon
name" shown on the "Profile" tab of the user properties dialog in ADUC, then
we have a problem. This attribute is not required to have a value, and you
indicate that some of your users do not have a value assigned. This is the
value of the userPrincipalName attribute of the user object. The
NameTranslate object can convert the userPrincipalName to the Distinguished
Name, but only if there is a value, and the value uniquely identifies the
object in AD.
If the first value in your text file is the "Common Name" of the user, this
is the value of the cn attribute. This does not uniquely identify the user
in AD. The Common Name must be unique in the container or OU, but there can
be several users in the domain with same Common Name. If you know that the
values of the cn attribute are unique, and you know that all users are in
the same container or OU, you can use code similar to your example. However,
note in your example that you assume the user is in the root of the domain,
not in any container or OU. Is this really true?
We need to know if the first value on each line of the file is the:
1. NT name of the user, also called the "pre-Windows 2000 logon name" (on
the "Profile" tab of ADUC), which is the value of the sAMAccountName
attribute.
2. The Common Name of the user, which is the value of the cn attribute.
3. The "User logon name" on the "Profile" tab of ADUC, which is the value of
the userPrincipalName (with the @mydomain.com appended).
If the value is 2 (Common Name), we need to either know where in AD all the
objects reside (perhaps in the "cn=Users" container), or we need to know
that the values uniquely identify the users, so we can use ADO to search AD
for the users. If the value is 2 (userPrincipalName), we can only modify
users that don't need modification because they already have the correct
value assigned. We need some way to identify (find) the user in Active
Directory.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Follow-Ups:
- Re: Editing users UPN via script
- From: Angela
- Re: Editing users UPN via script
- Prev by Date: Re: Add ScriptPath to AD user - [WP]
- Next by Date: Re: Error 8007007E WScript.Network Wscript.CreateObject
- Previous by thread: Re: Editing users UPN via script
- Next by thread: Re: Editing users UPN via script
- Index(es):
Relevant Pages
|
