3
Aug/100

VB Script: Copy Active Directory Group Members

VB Script that copies all members of Group A to Group B. Requires 2 Arguments (Source Group Name, Destination Group Name)

?Download ADS_CopyGroupMembers.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

Set objSystemInfo = CreateObject("ADSystemInfo") 
strDomain = objSystemInfo.DomainShortName
 
strSGroupDN = GetObjectDN(WScript.Arguments(0), strDomain)
strDGroupDN = GetObjectDN(WScript.Arguments(1), strDomain)
 
WScript.Echo ""
WScript.Echo "     Source Group: " & strSGroupDN 
WScript.Echo "Destination Group: " & strDGroupDN 
WScript.Echo ""
 
set dicSeenGroupMember = CreateObject("Scripting.Dictionary")
set objDGroup = GetObject("LDAP://" & strDGroupDN)
 
CopyMembers "LDAP://" & strSGroupDN, dicSeenGroupMember
 
Function CopyMembers (strGroupADsPath, dicSeenGroupMember)
	set objGroup = GetObject(strGroupADsPath)
	WScript.Echo "Adding Users to " & WScript.Arguments(1)
	for each objMember In objGroup.Members
		On Error Resume Next
		If (objDGroup.Add("LDAP://" & objMember.distinguishedName)) Then
			WScript.Echo "  " & objMember.displayName & " (Already Member)"
		Else 
			WScript.Echo "  " & objMember.displayName
		End If
	next
End Function
 
Function GetObjectDN(strObject, strDomain)
	Const ADS_NAME_INITTYPE_GC = 3
	Const ADS_NAME_TYPE_1779 = 1
	Const ADS_NAME_TYPE_NT4 = 3
 
	Dim objNameTranslate
	Dim strObjectDN
 
	On Error Resume Next : Err.Clear
	Set objNameTranslate = CreateObject("NameTranslate")
 
	objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
	objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strObject
	strObjectDN = objNameTranslate.Get(ADS_NAME_TYPE_1779)
	If Err.Number <> 0 Then
		strObjectDN = ""
	End If
 
	Set objNameTranslate = Nothing
	On Error Goto 0
	GetObjectDN = strObjectDN
End Function
Print This Post
(2 votes, average: 5.00 out of 5)
Loading ... Loading ...
83 views
Filed under: Command Line Tools, Management, Microsoft Active Directory, Microsoft Windows, Script Repository, VBScript
No Comments
18
Feb/100

Get Service Pack Levels of Servers via Active Directory

Script that queries Active Directory to retrieve Service Pack Levels (In this example only from Windows Server 2003 Machines)
Modify the strContainer variable to your requirements.

?Download GetServicePacks.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

 
On Error Resume Next
 
Const ADS_SCOPE_SUBTREE = 2
strContainer = "DC=yourdomain,DC=com"
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = ("ADsDSOObject")
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = _
  "SELECT CN, operatingSystem, operatingSystemVersion, operatingSystemServicePack FROM 'LDAP://" & strContainer & "' " _
   & "WHERE objectCategory='computer' AND operatingSystem = 'Windows Server 2003' "
Set objRecordSet = objCommand.Execute
objRecordSet.Sort = "CN"
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
  Wscript.Echo objRecordSet.Fields("CN").Value & "," & objRecordSet.Fields("operatingSystem").Value & "," & objRecordSet.Fields("operatingSystemVersion").Value & "," 
  & objRecordSet.Fields("operatingSystemServicePack").Value
  objRecordSet.MoveNext
Loop
Print This Post
(1 votes, average: 5.00 out of 5)
Loading ... Loading ...
244 views
Filed under: Command Line Tools, Management, Microsoft Active Directory, Microsoft Windows, Script Repository, VBScript
No Comments
30
Jul/092

Ping and verify access to multiple Computers in AD

Here’s a Powershell script that queries Active Directory for Computers and then starts to Ping them and tries to access the C$ Share on each Computer. Finally it generates an Excel sheet with the Result.
Note: If you’d like to check for access rights, run the script using an Account that should have access rights on the Client Computers.

Modify the Directory entry path to suit your environment.

?Download CheckComputers.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

trap [System.Management.Automation.MethodInvocationException]{
    write-host ("ERROR: " + $_) -Foregroundcolor Red;
	Continue
	}
 
$erroractionpreference = "SilentlyContinue"
 
$strCategory = "computer"
 
$objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://OU=Laptops,OU=Computers,dc=yourdomain,dc=com")
 
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("(objectCategory=$strCategory)")
 
$colProplist = "name","description"
foreach ($i in $colPropList) {
    $objSearcher.PropertiesToLoad.Add($i)
    }
 
$colResults = $objSearcher.FindAll()
$count = 1
$total = $colResults.count
$arrComputers = @{}
 
 
 
foreach ($strComputer in $colResults) {
    $ping = new-object System.Net.NetworkInformation.Ping
    $name = $strComputer.Properties.name
    $description = $strComputer.Properties.description
 
	write-progress -id 1 -activity  "Checking Computer $name $description ($count / $total )" -status "Getting IP address" #-percentComplete 
 
	Try {
	$ip = ([System.Net.Dns]::GetHostAddresses("$name"))
 
	write-progress -id 1 -activity  "Checking Computer $name $description ($count / $total )" -status "IP: $ip" 
 
	sleep 1
	}
	Catch {
	    echo "Cannot handle the error: $_"
    	#throw $_
	}
 
	write-progress -id 1 -activity  "Checking Computer $name $description ($count / $total )" -status "Pinging" #-percentComplete 
 
	Try {
	$Reply = $ping.send($strComputer.Properties.name)
	}
	Catch {
		$Reply = "Failed"
	    echo "Cannot handle the error: $_"
    	#throw $_
	}	
 
    if ($Reply.status –eq “Success”) {
		write-progress -id 1 -activity  "Checking Computer $name $description ($count / $total )" -status "Checking Access"
        if (Test-Path "\\$name\C$") {
			$arrComputerAccess += $strComputer.Properties.name
			}
		else {
			$arrComputerPing += $strComputer.Properties.name
			}		
        }
    else {
    $arrComputerOffline += $strComputer.Properties.name
    }
    $Reply = ""
    $count ++
    }
 
$a = New-Object -comobject Excel.Application
$a.visible = $True 
 
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
 
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Ping Status"
$c.Cells.Item(1,3) = "Access Check"
 
$d = $c.UsedRange
$d.Interior.ColorIndex = 48
$d.Font.ColorIndex = 1
$d.Font.Bold = $True
#$d.EntireColumn.AutoFit($True)
 
$intRow = 2
 
foreach ($Computer in $arrComputerOffline)
{
$c.Cells.Item($intRow, 1) = $Computer.ToUpper()
$c.Cells.Item($intRow, 2) = "Offline"
$intRow ++
}
 
foreach ($Computer in $arrComputerPing)
{
$c.Cells.Item($intRow, 1) = $Computer.ToUpper()
$c.Cells.Item($intRow, 2) = "Online"
$c.Cells.Item($intRow, 3) = "Failed"
$intRow ++
}
 
foreach ($Computer in $arrComputerAccess)
{
$c.Cells.Item($intRow, 1) = $Computer.ToUpper()
$c.Cells.Item($intRow, 2) = "Online"
$c.Cells.Item($intRow, 3) = "Passed"
$intRow ++
}
 
$d.EntireColumn.AutoFit()
Print This Post
(6 votes, average: 3.50 out of 5)
Loading ... Loading ...
638 views
Filed under: Management, Microsoft Active Directory, Microsoft Windows, Powershell, Script Repository
2 Comments
26
Jul/090

Unlock, Enable and Reset Password on a User Account in Active Directory via Script

JSscript that unlocks a User account in AD using the WinNT Provider.
Save as “UnlockAccount.js” or whatever you prefer and run “cscript UnlockAccount.js [Domain] [UserName] [Optional:Password]
Takes 2 Arguments (Domain Name, UserName,Optional:NewPassword)

?Download MT_UnlockAccount.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

UnlockAccount( WScript.Arguments(0), WScript.Arguments(1));
function UnlockAccount( domain, account)
{
  try 
  {
    var user = GetObject("WinNT://" + domain + "/" + account);
 
    if( user.AccountDisabled)
    {
      user.AccountDisabled = false;
      user.SetInfo();
      WScript.Echo("Account Enabled");
    }
    else  
    {
      WScript.Echo("Account was Enabled" );  
    }
 
    if( user.IsAccountLocked )  
    {
      user.IsAccountLocked = false;
      user.SetInfo();
      WScript.Echo("Account Unlocked");
    }
    else  
    {
      WScript.Echo("Account was not locked" );  
    }
 
 
    if (WScript.Arguments.Count() == 3)
    {
      user.SetPassword(WScript.Arguments(2));
      WScript.Echo("Password Updated");
    }
    else
    {
      WScript.Echo("Password not changed");
    }
  }
  catch( e ) 
  {
      WScript.Echo( "Error: " + e.description ); 
  }
}
Print This Post
(8 votes, average: 4.75 out of 5)
Loading ... Loading ...
1,164 views
Tagged as: , ,
No Comments
26
Jul/090

Microsoft Active Directory Topology Diagrammer

The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using ActiveX Data Objects (ADO), and then automatically generates a Visio diagram of your Active Directory and /or your Exchange 200x Server topology. The diagramms include domains, sites, servers, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.

Download: microsoft.com

MADTD

Print This Post
(2 votes, average: 5.00 out of 5)
Loading ... Loading ...
554 views
Tagged as: , , , ,
No Comments
Older Entries »

Links

Categories

Recent

Popular Posts

Archives