Re: Global modification of user accounts

---

• From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 6 Mar 2007 12:42:03 -0600

---

A VBScript program to clear the msNPAllowDialin attribute for all users in
the domain is below. This affects all users, including Administrator. If
anyone needs to have dialin allowed (or denied), reconfigure them after
running this:
========
Option Explicit

Dim objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strDN, objUser

Const ADS_PROPERTY_CLEAR = 1

' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire domain.
strBase = "<LDAP://"; & strDNSDomain & ">"

' Search for all users with any value for msNPAllowDialin.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(msNPAllowDialin=*))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"

' Construct the LDAP query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
' Bind to the user object.
Set objUser = GetObject("LDAP://"; & strDN)
' Clear msNPAllowDialin attribute.
objUser.PutEx ADS_PROPERTY_CLEAR, "msNPAllowDialin", 0
' Save change.
objUser.SetInfo
Wscript.Echo "msNPAllowDialin cleared for " & objUser.sAMAccountName
adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


.

---

• References:
  • Re: Global modification of user accounts
    • From: Richard Mueller [MVP]

• Prev by Date: Re: Getting tokenGroups attribute
• Next by Date: Re: Execute order of Policies
• Previous by thread: Re: Global modification of user accounts
• Next by thread: Getting tokenGroups attribute
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)