Combining several scripts 2

[hotdog108]

Hi everybody,

I'm looking for some help on accomplishing the following:

using a single InputBox entry to prompt for the user name, to get the distinguished name and groups of the user. Then using that information to disable the account, move it to an OU, modify some attributes and remove all but Domain Users group. I have these functions in separate scripts which I need to simplify and combine into 1 script.

This is what I have so far:

[code:]
'this gets the user distinguished name
On Error Resume Next
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, objArgs, usr
Set objArgs = Wscript.Arguments
if objArgs.Count <> 1 Then Wscript.Echo "FindUser UserName - UserName required."
if objArgs.Count <> 1 Then Wscript.Quit
usr = "N"
sam = objArgs(0)
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & sam & "))"
strAttributes = "distinguishedName,sAMAccountName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
strSAM = objRecordSet.Fields("sAMAccountName")
usr = "Y"
Wscript.Echo strSAM & " """ & strDN & """"
objRecordSet.MoveNext
Loop
objConnection.Close
Set objConnection = Nothing
if usr = "N" Then Wscript.Echo "FindUser " & sam & " - NOT found."
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing
[/code]
------------------------------------------------------------
Then in a separate script I have:

[code:]
'this gets user groups
Set objUser = GetObject("LDAP://user name, OU info")
Set colGroups = objUser.Groups
For Each objGroup in colGroups
Wscript.Echo objGroup.CN
Next
[/code]
------------------------------------------------------------
using the values returned from above scripts, I want to then feed them into the strUserDN = "userdn" of the disable and move part of the script and into the Set objUser = GetObject _("LDAP://userdn") of the remove group memeberships part of the script.

I have a feeling I'm doing this wrong, but don't know where I'm going wrong, any help would be appreciated.

Thank you

 

[PScottC]

ADO objects are cool when you are dealing with a lot of results for a possible query, but for a single user you may want to look at the NameTranslate function... [URL unfurl="true"]http://www.rlmueller.net/NameTranslateFAQ.htm[/url] The code will end up shorter and may run faster since you don't have to spend time setting up ADO.

But, to answer your question... The way in which you are querying AD in your script, you should only receive one result. So... to combine the scripts, just insert the second script into the Do Until...Loop portion of your script. Quick and dirty, but will do the trick.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[bslintx]

you may want to consider using a .hta...it's a GUI representation of your vbs code...

i intentionally left out move to ou and remove functions...hopefully the way it's written...you can follow the logic...if not...let us know...good luck


save as FindUser.hta

<html>
<head>
    <title>User Account</title>
 <style>
  body{font-family:arial;font-size:12px;}
  table{font-family:arial;font-size:12px;500px;margin-top:20px;}
  td.memberof{background:white;width:100%;}
  div.memberof{height:100px;width:100%;overflow-y:auto;}
  span{font-weight:bold;}
 </style>
</head>

<Script Language="VBScript">

   Dim oConn
 
   Function OpenActiveDir
    Set oConn = CreateObject("ADODB.Connection")
    oConn.Provider = "ADsDSOObject"
    oConn.Open "Active Directory Provider"
   End Function

   Function ReturnRootPath()
    Set oRoot = GetObject("LDAP://rootDSE")
    ReturnRootPath = oRoot.Get("defaultNamingContext")           
   End Function
 
  
  Sub DisplayUserAccount(sSamAcctName)

   If Len(sSamAcctName) > 0 Then
   
     OpenActiveDir

     Set oRs = oConn.Execute("SELECT adspath " & _
                             "FROM 'LDAP://" & ReturnRootPath & "' " & _
                             "WHERE samAccountName='" & sSamAcctName & "'")

     If Not oRs.EOF Then
      Set oUserAccount = GetObject(oRs("adspath"))
      oMemberOf = oUserAccount.GetEx("memberOf")

      For each oGroup in oMemberOf
       sList = sList & oGroup & "<br>"
      Next
      
      sam.value = oUserAccount.samaccountname
      dn.value = oUserAccount.distinguishedname
      memberof.innerhtml = sList
     Else
      msgbox("No Records")  
     End If
   
     oConn.Close
     Set oConn = Nothing

   Else
    msgbox("No Logon Name Entered!")
   End If
   
  End Sub
    
  


</script>

<body bgcolor="buttonface">
  <span>Enter User Name:</span> <input name="sam_acct_name" maxlength="20">
                   <input type="button" onClick="DisplayUserAccount(sam_acct_name.value)" value="Search">


  <table border="1"> 
   <tr>
    <th align="right">Distinguished Name:</th>
    <td><input name="dn" size="100" readonly></td>
   </tr>
   <tr>
    <th align="right">Logon Name:</th>
    <td><input name="sam" size="25" readonly></td>
   </tr>
   <tr>
    <th colspan="2">Member Of:</th>
   </tr>
   <tr>
    <td colspan="2" class="memberof">
      <div class="memberof" id="memberof"></div>
    </td>
   </tr>
  </table>
</body>
</html>

 

[hotdog108]

Thank you both for your quick responses!!

ok, to add the remove user groups function I would add,

Sub RemoveGroups
  On Error Resume Next
  Const ADS_PROPERTY_DELETE = 4
   
  Set objUser = GetObject(oRs("adspath")) 
  oMemberOf = objUser.GetEx("memberOf")
   
For Each Group in oMemberOf
    Set objGroup = GetObject("LDAP://" & Group) 
    objGroup.PutEx ADS_PROPERTY_DELETE, _
        "member", Array(oRs("adspath"))
    objGroup.SetInfo
Next
End Sub

right? Do I have to worry about Domain Users group at all? This script doesn't return Domain User group, so does that mean the user won't be removed from it? and how do I get the groups to display group.security.company.com instead of CN=group,OU=security,DC=company,DC=com?

Thank you

 

[hotdog108]

Ok, so I've added a sub function under the Sub DisplayUserAccount(sSamAcctName) function in bslintx's script. Can someone please read it over and let me know if it'll work because I can only test it once due to company security policy.

Sub DisableUser
  On Error Resume Next
  Const ADS_PROPERTY_DELETE = 4
   
  Set oUserAccount = GetObject(oRs("adspath")) 
  oMemberOf = oUserAccount.GetEx("memberOf")
   
  For Each Group in oMemberOf
    Set objGroup = GetObject("LDAP://" & Group) 
    objGroup.PutEx ADS_PROPERTY_DELETE, _
        "member", Array(oRs("adspath"))
    objGroup.SetInfo

 Const ADS_UF_ACCOUNTDISABLE = 2 
 
 Set oUserAccount = GetObject(oRs("adspath")) 
      intUAC = oUserAccount.Get("userAccountControl")
  oUserAccount.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
  oUserAccount.SetInfo

 Const ADS_PROPERTY_CLEAR = 1  
 Const ADS_PROPERTY_UPDATE = 2
 Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

 Set oUserAccount = GetObject(oRs("adspath")) 
  oUserAccount.HideFromAddressBook = True
  oUserAccount.AccountExpirationDate = "today's date"
  oUserAccount.PutEx ADS_PROPERTY_CLEAR, "department", 0
  oUserAccount.PutEx ADS_PROPERTY_CLEAR, "mail", 0
  oUserAccount.PutEx ADS_PROPERTY_CLEAR, "telephoneNumber",0
  oUserAccount.PutEx ADS_PROPERTY_CLEAR, "scriptPath", 0
  oUserAccount.PutEx ADS_PROPERTY_CLEAR, "title", 0
  oUserAccount.PutEx ADS_PROPERTY_CLEAR, "company", 0
  oUserAccount.PutEx ADS_PROPERTY_UPDATE, "description", "AD Account Disabled (today's date)"
  oUserAccount.SetInfo

arrDirectReports = oUserAccount.GetEx("directReports")
If err.number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Quit
Else
    For Each strValue in arrDirectReports
        Set objUserSource = GetObject("LDAP://" & strValue)
        objUserSource.PutEx ADS_PROPERTY_CLEAR, "manager", 0  
  oUserAccount.SetInfo 
 
Set objOU = GetObject("LDAP://companyDisabledObjectsOU")
objOU.MoveHere "oUserAccount", vbNullString
 Next
End Sub

Thank you all kindly.