StevoFC.com » ADUC http://blog.stevofc.com The official blog of StevoFC Mon, 29 Nov 2010 14:07:03 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Unlock Users from Active Directory http://blog.stevofc.com/2010/01/15/unlock-user-from-active-directory/ http://blog.stevofc.com/2010/01/15/unlock-user-from-active-directory/#comments Sat, 16 Jan 2010 04:52:45 +0000 John http://blog.stevofc.com/?p=518 Adding on to my post about Extending Active Directory, here is another VBScript that can be added to your Active Directory environment to quickly unlock a user account.  If you have not done so, please read my post on Extending Active Directory Functionality first to grasp the how to add custom VBScripts to AD.

Unlock Script :

Copy the script below to a notepad document and save it as “unlock_user.vbs“, and remember to save a copy of this to your “NETLOGON” directory to your domain controller.  Doing so will replicate this VBScript to all of your other domain controllers should you have more than one in your domain.  I have attached the script in .txt form, in the event the blog’s formatting changes the appearance.  You can find the script’s link below.

Link:  Active Directory :: Unlock User

Const E_ADS_PROPERTY_NOT_FOUND = -2147463155

Set wshArguments = WScript.Arguments

Set objUser = GetObject(wshArguments(0))

If IsLockedOut(objUser) Then

objUser.Put “lockouttime”,”0″

objUser.SetInfo

MsgBox “The user has been unlocked – ” & objUser.sAMAccountName

Else

MsgBox “The user account is not locked – ” & objUser.sAMAccountName

End If

Function IsLockedOut(objUser)

on Error resume next

Set objLockout = objUser.get(“lockouttime” )

if Err.Number = E_ADS_PROPERTY_NOT_FOUND then

IsLockedOut = False

Exit Function

End If

On Error GoTo 0

if objLockout.lowpart = 0 And objLockout.highpart = 0 Then

IsLockedOut = False

Else

IsLockedOut = True

End If

End Function

When you are following the steps outlined in the “Extend Active Directory Functionality” post, use the following command to add this script to your context menu.

4,&Unlock User Account,\\stevofc.com\netlogon\unlock.user.vbs

Note:  Remember to change your domain name from what is listed in RED above to match your own domain.  As always, happy scripting!

]]> http://blog.stevofc.com/2010/01/15/unlock-user-from-active-directory/feed/ 1 Extending Active Directory Functionality http://blog.stevofc.com/2010/01/13/extending-active-directory-functionality/ http://blog.stevofc.com/2010/01/13/extending-active-directory-functionality/#comments Wed, 13 Jan 2010 23:12:40 +0000 John http://blog.stevofc.com/?p=440 Have you ever wished that you could change the functionality within the Active Directory Users and Computers (ADUC) snap in?

The following post will demonstrate how to extend the ADUC capabilities with VBScript and ADSIEdit.

The purpose of this post is to show how to build the groundwork and implement custom VBSscripts into the context menu of ADUC (see thumbnail below).

PREREQUISTITES
Before you can begin, there are two prerequties needed to extend the context menus.
  1. ADSIEdit.MSC :: (This can be installed from the Windows 2000/2003 Support Tools)
  2. An Active Directory account with “Enterprise Admins” permissions assigned to it.

VBScript
For this post, we will assume you have created a VBSscript named “Display_User.vbs”, and once done you have already moved/copied this script to the NETLOGON share of one of your domain controllers (DC).

On Error Resume Next

Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))

str1 = "Last Login: " & objUser.LastLogin
str2 = "Last Logoff: " & objUser.LastLogoff
str3 = "Last Failed Login: " & objUser.LastFailedLogin
str4 = "Logon Count: " & objUser.logonCount
str5 = "Bad Login Count: " & objUser.BadLoginCount
str6 = "Password Last Changed: " & objUser.PasswordLastChanged
str7 = "User Account Control: " & objUser.userAccountControl
str8 = "Login Script: " & objUser.scriptPath
str9 = "Account Created: " & objUser.whenCreated
str10 = "Account Last Modified: " & objUser.whenChanged

MsgBox str1 & vbCrLf & str2 & vbCrLf & str3 _
& vbCrLf & str4 & vbCrLf & str5 & vbCrLf & str6 _
& vbCrLf & str7 & vbCrLf & str8 & vbCrLf & str9 _
& vbCrLf & str10,,objUser.Name
Side Note: Because you placed the script in the NETLOGON share, the script will be replicated to all of your domain controllers should you have more than one.
Modify the ADUC Context Menu:
1. Open the ADSIEdit.MSC snap in (assuming you have already installed this) with the Active Directory credentials that have the necessary level of permissions and navigate to the path below.
CN=409,CN=DisplaySpecifies,CN=Configuration,DC=stevofc,DC=com
Side Note: Change the domain name listed in red with the domain name of your own.


2.  Right click the context object you would like to modify, and choose “Properties“.  For this post we will use the object, “CN=user-Display”.
3.  Double click on the first attribute, “adminContextMenu“, once you have the properties menu loaded.
4.  From the multi valued String Editor, enter the below string.
“3, &Display User Information,\\stevofc.com\netlogon\Display_User.vbs”
Remember to change the NETLOGON path to your own domain.
5.  Once complete, click “Add“, then click “OK“.  You are now done using the ADSIEdit.MSC tool.
6.  Now open your ADUC console (dsa.msc), and if you right click a user object you will now have the added filed inside the context menu (see screenshots below).
By using the above method, you can add any custom VBScript to your domain to make automating both simple or complex tasks with makes administration easier.
]]> http://blog.stevofc.com/2010/01/13/extending-active-directory-functionality/feed/ 4