CREATING AN OU

Description

Creates a new organizational unit within Active Directory® directory service.

Script Code
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")

Set objOU = objDomain.Create("organizationalUnit", "ou=Management")

objOU.SetInfo

Creating an OU in an Existing OU

Description
Creates a new organizational unit (OU2) in an existing organizational unit (OU1).

Script Code
Set objOU1 = GetObject("LDAP://ou=OU1,dc=na,dc=fabrikam,dc=com")
Set objOU2 = objOU1.Create("organizationalUnit", "ou=OU2")
objOU2.SetInfo

Create User Account

Description
Creates a user account in Active Directory. This script only creates the account, it does not enable it.

Script Code

Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com")

Set objUser = objOU.Create("User", "cn=MyerKen")
objUser.Put "sAMAccountName", "myerken"
objUser.SetInfo

Creating 1,000 User Accounts

Description
Demonstration script that creates 1,000 user accounts (named UserNo1, UserNo2, UserNo3, etc.) in the Users
container in Active Directory. The script is useful for test scenarios that require multiple user accounts.

Script Code

Set objRootDSE = GetObject("LDAP://rootDSE")

Set objContainer = GetObject("LDAP://cn=Users," & _
objRootDSE.Get("defaultNamingContext"))
For i = 1 To 1000
Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
objLeaf.Put "sAMAccountName", "UserNo" & i
objLeaf.SetInfo
Next
WScript.Echo "1000 Users created."

Move a Group Within a Domain

Description

Moves a group account from the HR OU to the Users container.

Script Code
Set objOU = GetObject("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")
objOU.MoveHere "LDAP://cn=atl-users,ou=HR,dc=NA,dc=fabrikam,dc=com", _vbNullString

Change Computer Account Attributes

Description
Demonstration script that changes the location attribute for a computer account in Active Directory® directory
service.

Script Code

Set objComputer = GetObject _

("LDAP://CN=atl-dc-01,CN=Computers,DC=fabrikam,DC=com")
objComputer.Put "location", "Building 37, Floor 2, Room 2133"
objComputer.SetInfo

Change User Account Attributes

Description
Configures user account attributes found on the General Properties page of the user account object in Active
Directory Users and Computers.

Script Code

Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.Put "givenName", "Ken"
objUser.Put "initials", "E."
objUser.Put "sn", "Myer"
objUser.Put "displayName", "Myer, Ken"
objUser.Put "physicalDeliveryOfficeName", "Room 4358"
objUser.Put "telephoneNumber", "(425) 555-1211"
objUser.Put "mail", "myerken@fabrikam.com"
objUser.Put "wWWHomePage", "http://www.fabrikam.com"
objUser.PutEx ADS_PROPERTY_UPDATE, _
"description", Array("Management staff")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"otherTelephone", Array("(800) 555-1212", "(425) 555-1213")
objUser.PutEx ADS_PROPERTY_UPDATE, _
"url", Array("http://www.fabrikam.com/management")
objUser.SetInfo

Change User Password

Description
Changes the password for a user. Requires you to know the user's previous password.

Script Code

Set objUser = GetObject _

("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.ChangePassword "i5A2sj*!", "jl3R86df"
CHANGING THE LOCAL ADMINISTRATOR PASSWORD
Description
Binds to the local Administrator account on the computer MyComputer, and changes the password for the
account to testpassword

Script Code
strComputer = "MyComputer"
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")
objUser.SetPassword "testpassword"
objUser.SetInfo

Configure Organization Properties for a User Account

Description
Configures organization information for the MyerKen Active Directory user account. The script also assigns
MyerKen as the manager for LewJudy and AkersKim

Script Code
Set objUser = GetObject _
("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.Put "title", "Manager"
objUser.Put "department", "Executive Management Team"
objUser.Put "company", "Fabrikam"
objUser.Put "manager", _
"cn=AckermanPilar,OU=Management,dc=NA,dc=fabrikam,dc=com"
objUser.SetInfo
Set objUser01 = GetObject _
("LDAP://cn=LewJudy,OU=Sales,dc=NA,dc=fabrikam,dc=com")
Set objUser02 = GetObject _
("LDAP://cn=AckersKim,OU=Sales,dc=NA,dc=fabrikam,dc=com")
objUser01.Put "manager", objUser.Get("distinguishedName")
objUser02.Put "manager", objUser.Get("distinguishedName")
objUser01.SetInfo
objUser02.SetInfo

Create a Computer Account

Description
Creates and enables a computer account in Active Directory, which must be used by an Administrator when
adding a workstation to the domain.

Script Code

strComputer = "atl-pro-001"
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Computers," & _
objRootDSE.Get("defaultNamingContext"))
Set objComputer = objContainer.Create("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo

Delete a Computer Account

Description
Deletes an individual computer account in Active Directory.

Script Code

strComputer = "atl-pro-040"
Set objComputer = GetObject("LDAP://CN=" & strComputer & _
",CN=Computers,DC=fabrikam,DC=com")
objComputer.DeleteObject(0)

Determine User Account Status

Description
Identifies whether a user account is enabled or disabled.

Script Code

Set objUser = GetObject _

("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")

If objUser.AccountDisabled = FALSE Then

WScript.echo "The account is enabled."
Else
WScript.echo "The account is disabled."
End If

Determine When an Account Expires

Description
Returns the expiration date for a user account.

Script Code

On Error Resume Next

Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")

dtmAccountExpiration = objUser.AccountExpirationDate

If err.number = -2147467259 Or _
dtmAccountExpiration = "1/1/1970" Then
WScript.echo "No account expiration specified"
Else
WScript.echo "Account expiration:" & _
objUser.AccountExpirationDate
End If

Disable a User Account

Description
Disables a user account.

Script Code

Const ADS_UF_ACCOUNTDISABLE = 2

Set objUser = GetObject _

("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")

objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE

objUser.SetInfo

Enable a User Account

Description
Enables a user account.

Script Code

Set objUser = GetObject _

("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountDisabled = FALSE
objUser.SetInfo

Disable the User Cannot Change Password Option

Description
Disables the User Cannot Change Password option, allowing the user to change their password.

Script Code

Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6

Const CHANGE_PASSWORD_GUID = _
"{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
arrTrustees = Array("nt authority\self", "everyone")
For Each strTrustee In arrTrustees
For Each ace In objDACL
If(LCase(ace.Trustee) = strTrustee) Then
If((ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
(LCase(ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
objDACL.RemoveAce ace
End If
End If
Next
Next
objUser.Put "nTSecurityDescriptor", objSD
objUser.SetInfo

Enabling a User to Logon at Any Time

Description
Configures the MyerKen Active Directory user account so that the user can logon at any time on any day of
the week.

Script Code
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "logonHours", 0
objUser.SetInfo
Enumerate Computer Accounts in Active Directory
Description
Returns the name and location for all the computer accounts in Active Directory.

Script Code

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=fabrikam,DC=com' " _
& "where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value
Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value
objRecordSet.MoveNext
Loop

Enumerate Installed Hot Fixes

Description
Returns a list of all the hot fixes installed on a computer.

Script Code

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colQuickFixes = objWMIService.ExecQuery _
("Select * from Win32_QuickFixEngineering")
For Each objQuickFix in colQuickFixes
Wscript.Echo "Computer: " & objQuickFix.CSName
Wscript.Echo "Description: " & objQuickFix.Description
Wscript.Echo "Hot Fix ID: " & objQuickFix.HotFixID
Wscript.Echo "Installation Date: " & objQuickFix.InstallDate
Wscript.Echo "Installed By: " & objQuickFix.InstalledBy
Next

Enumerate Installed Software

Description
Returns a list of software that was installed on a computer using Windows Installer.
Script Code

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objTextFile = objFSO.CreateTextFile("c:\scripts\software.tsv", True)
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSoftware = objWMIService.ExecQuery _
("Select * from Win32_Product")
objTextFile.WriteLine "Caption" & vbtab & _
"Description" & vbtab & "Identifying Number" & vbtab & _
"Install Date" & vbtab & "Install Location" & vbtab & _
"Install State" & vbtab & "Name" & vbtab & _
"Package Cache" & vbtab & "SKU Number" & vbtab & "Vendor" & vbtab _
& "Version"
For Each objSoftware in colSoftware
objTextFile.WriteLine objSoftware.Caption & vbtab & _
objSoftware.Description & vbtab & _
objSoftware.IdentifyingNumber & vbtab & _
objSoftware.InstallDate2 & vbtab & _
objSoftware.InstallLocation & vbtab & _
objSoftware.InstallState & vbtab & _
objSoftware.Name & vbtab & _
objSoftware.PackageCache & vbtab & _
objSoftware.SKUNumber & vbtab & _
objSoftware.Vendor & vbtab & _
objSoftware.Version
Next
objTextFile.Close

Enumerating All Domain Controllers

Description
Returns a list of all the domain controllers in the fabrikam.com domain.

Script Code

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select distinguishedName from 'LDAP://cn=Configuration,DC=fabrikam,DC=com' " _
& "where objectClass='nTDSDSA'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo "Computer Name: " & objRecordSet.Fields("distinguishedName").Value
objRecordSet.MoveNext
Loop
Join Computer to a Domain
Description
Joins a computer to a domain and creates the computer's account in Active Directory.

Script Code

Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
strDomain = "FABRIKAM"
strPassword = "ls4k5ywA"
strUser = "shenalan"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain & "\" & strUser, _
NULL, _
JOIN_DOMAIN + ACCT_CREATE)

Move a Computer Account

Description
Moves a computer account from the Computers container in Active Directory to an OU.

Script Code

Set objNewOU = GetObject("LDAP://OU=Finance,DC=fabrikam,DC=com")

Set objMoveComputer = objNewOU.MoveHere _
("LDAP://CN=atl-pro-03,CN=Computers,DC=fabrikam,DC=com", "CN=atl-pro-03")

Move a User Account

Description

Moves a user account from one OU to another.

Script Code
Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com")
objOU.MoveHere _
"LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullString
Rename a Computer and Computer Account
Description
Renames a computer and its corresponding Active Directory computer account. Requires Windows XP or
Windows Server 2003, and must be run on the local computer.

Script Code

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colComputers
err = ObjComputer.Rename("WebServer")
Wscript.Echo err
Next

Require a Password Change

Description
Forces a user to change their password the next time they logon.

Script Code

Set objUser = GetObject _

("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
objUser.Put "pwdLastSet", 0
objUser.SetInfo

Reset a Computer Account Password

Description
Resets a computer account password in Active Directory.

Script Code

Set objComputer = GetObject("LDAP://CN=atl-dc-01,CN=Computers,DC=Reskit,DC=COM")

objComputer.SetPassword "atl-dc-01$"

Retrieve Account Properties

Description
Retrieves user account attributes found on the Account page of the user account object in Active Directory
Users and Computers.

Script Code

On Error Resume Next

Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo

strUserPrincipalName = objUser.Get("userPrincipalName")
strSAMAccountName = objUser.Get("sAMAccountName")
strUserWorkstations = objUser.Get("userWorkstations")

Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")

objDomain.GetInfoEx Array("dc"), 0
strDC = objDomain.Get("dc")

WScript.echo "userPrincipalName: " & strUserPrincipalName

WScript.echo "sAMAccountName: " & strSAMAccountName
WScript.echo "UserWorkstations: " & strUserWorkstations
WScript.echo "dc: " & strDC
 

Retrieve Organization Information

Description
Retrieves user account attributes found on the Organization page of the user account object in Active
Directory Users and Computers.

Script Code

On Error Resume Next

Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
strTitle = objUser.Get("title")
strDepartment = objUser.Get("department")
strCompany = objUser.Get("company")
strManager = objUser.Get("manager")
strDirectReports = _
objUser.GetEx("directReports")
WScript.echo "title: " & strTitle
WScript.echo "department: " & strDepartment
WScript.echo "company: " & strCompany
WScript.echo "manager: " & strManager
For Each strValue in strDirectReports
WScript.echo "directReports: " & strValue
Next

Retrieve System Information

Description
Uses WMI to retrieve the same data found in the System Information applet.

Script Code
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colSettings
Wscript.Echo "OS Name: " & objOperatingSystem.Name
Wscript.Echo "Version: " & objOperatingSystem.Version
Wscript.Echo "Service Pack: " & _
objOperatingSystem.ServicePackMajorVersion _
& "." & objOperatingSystem.ServicePackMinorVersion
Wscript.Echo "OS Manufacturer: " & objOperatingSystem.Manufacturer
Wscript.Echo "Windows Directory: " & _
objOperatingSystem.WindowsDirectory
Wscript.Echo "Locale: " & objOperatingSystem.Locale
Wscript.Echo "Available Physical Memory: " & _
objOperatingSystem.FreePhysicalMemory
Wscript.Echo "Total Virtual Memory: " & _
objOperatingSystem.TotalVirtualMemorySize
Wscript.Echo "Available Virtual Memory: " & _
objOperatingSystem.FreeVirtualMemory
Wscript.Echo "OS Name: " & objOperatingSystem.SizeStoredInPagingFiles
Next
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colSettings
Wscript.Echo "System Name: " & objComputer.Name
Wscript.Echo "System Manufacturer: " & objComputer.Manufacturer
Wscript.Echo "System Model: " & objComputer.Model
Wscript.Echo "Time Zone: " & objComputer.CurrentTimeZone
Wscript.Echo "Total Physical Memory: " & _
objComputer.TotalPhysicalMemory
Next
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_Processor")
For Each objProcessor in colSettings
Wscript.Echo "System Type: " & objProcessor.Architecture
Wscript.Echo "Processor: " & objProcessor.Description
Next
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_BIOS")
For Each objBIOS in colSettings
Wscript.Echo "BIOS Version: " & objBIOS.Version
Next

Create a Local Group on a Computer

Description
Creates a local group named FinanceUsers on a computer named MyComputer.

Script Code
strComputer = "MyComputer"
Set objComputer = GetObject("WinNT://" & strComputer & ",computer")
Set objGroup = objComputer.Create("group", "FinanceUsers")
objGroup.SetInfo

Creating a Global Group

Description
Creates a new global security group -- atl-users02 -- within Active Directory® directory service.

Script Code

Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com")

Set objGroup = objOU.Create("Group", "cn=atl-users02")
objGroup.Put "sAMAccountName", "atl-users02"
objGroup.SetInfo

Deleting a Group from Active Directory

Description
Deletes a group named atl-users from the HR organizational unit in the hypothetical domain fabrikam.com.

Script Code

Set objOU = GetObject("LDAP://ou=hr, dc=fabrikam,dc=com")

objOU.Delete "group", "cn=atl-users"

Create a Network Share

Description
Creates a shared folder named FinanceShare, setting the maximum number of simultaneous connections to
25, and adding a share description.

Script Code

Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 25
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objNewShare = objWMIService.Get("Win32_Share")
errReturn = objNewShare.Create _
("C:\Finance", "FinanceShare", FILE_SHARE, _
MAXIMUM_CONNECTIONS, "Public share for the Finance group.")
Wscript.Echo errReturn 

Modify a Network Share

Description
Accesses a shared folder named FinanceShare, changes the maximum number of simultaneous connections
to 50, and provides a new share description.
Script Code

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colShares = objWMIService.ExecQuery _
("Select * from Win32_Share Where Name = 'FinanceShare'")
For Each objShare in colShares
errReturn = objShare.SetShareInfo(50, _
"Public share for HR administrators and the Finance Group.")
Next
Wscript.Echo errReturn

Publish a Shared Folder

Description
Publishes a shared folder in Active Directory, assigning the folder a description and three keywords.
Script Code

Set objComputer = GetObject _

("LDAP://OU=Finance, DC=fabrikam, DC=com")
Set objShare = objComputer.Create("volume", "CN=FinanceShare")
objShare.Put "uNCName", "\\atl-dc-02\FinanceShare"
objShare.Put "Description", "Public share for users in the Finance group."
objShare.Put "Keywords", Array("finance", "fiscal", "monetary")
objShare.SetInfo