| [ Team LiB ] |
|
21.4 Modifying Many User AccountsOnce you have created the user accounts in a domain, you will more than likely need to modify them at some point. The modifications may consist only of changing individual properties of a user, such as the description or name fields. In these cases, you can perform the change manually or write a command-line script as shown in the next section. In some situations, you will need to make a large number of changes to your user accounts, as would be the case if you changed the name of your login script and wanted to point all users at the new script. For Windows NT and even Active Directory domains, you can use the IADsContainer::Filter method to iterate through all the objects of a particular type. Thus, changing all users' login script is a pretty easy to do: Option Explicit
On Error Resume Next
Dim objDomain, objUser
Set objDomain = GetObject("WinNT://MYCORP")
objDomain.Filter = Array("User")
'**********************************************************************
' Iterate over each user and set the LoginScript
' Print an error if one occurs
'**********************************************************************
for each objUser in objDomain
objUser.LoginScript = "login-new.vbs"
objUser.SetInfo
if Err.Number <> 0 Then
Wscript.Echo objUser.Name & " error occurred"
Err.Clear
Else
Wscript.Echo objUser.Name & " modified"
End if
next
While the previous code is straightforward, it is also limiting. The only filter option you have is object type, such as all users, and no additional criteria are allowed. That is why in most cases with Active Directory domains, you will want to use ADO to find objects, as explained in Chapter 20. So for our next example, let's say that we want to change the login script for all users in the domain that have a department attribute equal to "Sales". Example 21-4 shows how this can be done using ADO. Example 21-4. Modifying the login script for all users in SalesOption Explicit
On Error Resume Next
Dim objConn, objComm, objRS, objUser
Dim strBase, strFilter, strAttrs, strScope
'**********************************************************************
'Set the ADO search criteria
'**********************************************************************
strBase = "<LDAP://dc=mycorp,dc=com>;"
strFilter = "(&(objectclass=user)(objectcategory=Person)(department=Sales));"
strAttrs = "ADsPath;"
strScope = "Subtree"
set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open
'**********************************************************************
'Need to enable Paging in case there are more than 1000 objects returned
'**********************************************************************
Set objComm = CreateObject("ADODB.Command")
Set objComm.ActiveConnection = objConn
objComm.CommandText = strBase & strFilter & strAttrs & strScope
objComm.Properties("Page Size") = 1000
Set objRS = objComm.Execute( )
While not objRS.EOF
Set objUser = GetObject( objRS.Fields.Item("ADsPath").Value )
objUser.LoginScript = "login-sales.vbs"
objUser.SetInfo
if Err.Number <> 0 Then
Wscript.Echo objUser.Name & " error occurred"
Err.Clear
Else
Wscript.Echo objUser.Name & " modified"
End if
objRS.MoveNext
Wend
Note that we enabled Paging by setting up an ADO Command option and set the "Page Size" property to 1,000. This will ensure that we get all matching records. If we did not set "Page Size", the maximum number of records returned would be whatever the administrative limit is for your Active Directory (the default is 1,000). |
| [ Team LiB ] |
|