CREATING AN OU Description Creates a new organizational unit within Active Directory directory service.

Script Code Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") Set objOU = objDomain.Create("organizationalUnit", "ou=Management") objOU.SetInfo

Creating an OU in an Existing OU Description Creates a new organizational unit (OU2) in an existing organizational unit (OU1). Script Code Set objOU1 = GetObject("LDAP://ou=OU1,dc=na,dc=fabrikam,dc=com") Set objOU2 = objOU1.Create("organizationalUnit", "ou=OU2") objOU2.SetInfo

Create User Account Description Creates a user account in Active Directory. This script only creates the account, it does not enable it. Script Code Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com") Set objUser = objOU.Create("User", "cn=MyerKen") objUser.Put "sAMAccountName", "myerken" objUser.SetInfo

Creating 1,000 User Accounts Description Demonstration script that creates 1,000 user accounts (named UserNo1, UserNo2, UserNo3, etc.) in the Users container in Active Directory. The script is useful for test scenarios that require multiple user accounts. Script Code Set objRootDSE = GetObject("LDAP://rootDSE") Set objContainer = GetObject("LDAP://cn=Users," & _ objRootDSE.Get("defaultNamingContext")) For i = 1 To 1000 Set objLeaf = objContainer.Create("User", "cn=UserNo" & i) objLeaf.Put "sAMAccountName", "UserNo" & i objLeaf.SetInfo Next WScript.Echo "1000 Users created."

Move a Group Within a Domain Description Moves a group account from the HR OU to the Users container. Script Code Set objOU = GetObject("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com") objOU.MoveHere "LDAP://cn=atl-users,ou=HR,dc=NA,dc=fabrikam,dc=com", _vbNullString

Change Computer Account Attributes Description Demonstration script that changes the location attribute for a computer account in Active Directory directory service. Script Code Set objComputer = GetObject _ ("LDAP://CN=atl-dc-01,CN=Computers,DC=fabrikam,DC=com") objComputer.Put "location", "Building 37, Floor 2, Room 2133" objComputer.SetInfo

Change User Account Attributes Description Configures user account attributes found on the General Properties page of the user account object in Active Directory Users and Computers. Script Code Const ADS_PROPERTY_UPDATE = 2 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.Put "givenName", "Ken" objUser.Put "initials", "E." objUser.Put "sn", "Myer" objUser.Put "displayName", "Myer, Ken" objUser.Put "physicalDeliveryOfficeName", "Room 4358" objUser.Put "telephoneNumber", "(425) 555-1211" objUser.Put "mail", "myerken@fabrikam.com" objUser.Put "wWWHomePage", "http://www.fabrikam.com" objUser.PutEx ADS_PROPERTY_UPDATE, _ "description", Array("Management staff") objUser.PutEx ADS_PROPERTY_UPDATE, _ "otherTelephone", Array("(800) 555-1212", "(425) 555-1213") objUser.PutEx ADS_PROPERTY_UPDATE, _ "url", Array("http://www.fabrikam.com/management") objUser.SetInfo

Change User Password Description Changes the password for a user. Requires you to know the user's previous password. Script Code Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.ChangePassword "i5A2sj*!", "jl3R86df"

CHANGING THE LOCAL ADMINISTRATOR PASSWORD Description Binds to the local Administrator account on the computer MyComputer, and changes the password for the account to testpassword Script Code strComputer = "MyComputer" Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user") objUser.SetPassword "testpassword" objUser.SetInfo

Configure Organization Properties for a User Account Description Configures organization information for the MyerKen Active Directory user account. The script also assigns MyerKen as the manager for LewJudy and AkersKim Script Code Set objUser = GetObject _ ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.Put "title", "Manager" objUser.Put "department", "Executive Management Team" objUser.Put "company", "Fabrikam" objUser.Put "manager", _ "cn=AckermanPilar,OU=Management,dc=NA,dc=fabrikam,dc=com" objUser.SetInfo Set objUser01 = GetObject _ ("LDAP://cn=LewJudy,OU=Sales,dc=NA,dc=fabrikam,dc=com") Set objUser02 = GetObject _ ("LDAP://cn=AckersKim,OU=Sales,dc=NA,dc=fabrikam,dc=com") objUser01.Put "manager", objUser.Get("distinguishedName") objUser02.Put "manager", objUser.Get("distinguishedName") objUser01.SetInfo objUser02.SetInfo

Create a Computer Account Description Creates and enables a computer account in Active Directory, which must be used by an Administrator when adding a workstation to the domain. Script Code strComputer = "atl-pro-001" Const ADS_UF_PASSWD_NOTREQD = &h0020 Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000 Set objRootDSE = GetObject("LDAP://rootDSE") Set objContainer = GetObject("LDAP://cn=Computers," & _ objRootDSE.Get("defaultNamingContext")) Set objComputer = objContainer.Create("Computer", "cn=" & strComputer) objComputer.Put "sAMAccountName", strComputer & "$" objComputer.Put "userAccountControl", _ ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT objComputer.SetInfo

Delete a Computer Account Description Deletes an individual computer account in Active Directory. Script Code strComputer = "atl-pro-040" Set objComputer = GetObject("LDAP://CN=" & strComputer & _ ",CN=Computers,DC=fabrikam,DC=com") objComputer.DeleteObject(0)

Determine User Account Status Description Identifies whether a user account is enabled or disabled. Script Code Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") If objUser.AccountDisabled = FALSE Then WScript.echo "The account is enabled." Else WScript.echo "The account is disabled." End If Determine When an Account Expires Description Returns the expiration date for a user account. Script Code On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") dtmAccountExpiration = objUser.AccountExpirationDate If err.number = -2147467259 Or _ dtmAccountExpiration = "1/1/1970" Then WScript.echo "No account expiration specified" Else WScript.echo "Account expiration:" & _ objUser.AccountExpirationDate End If Disable a User Account Description Disables a user account. Script Code Const ADS_UF_ACCOUNTDISABLE = 2 Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") intUAC = objUser.Get("userAccountControl") objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE objUser.SetInfo

Enable a User Account Description Enables a user account. Script Code Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.AccountDisabled = FALSE objUser.SetInfo Disable the User Cannot Change Password Option Description Disables the User Cannot Change Password option, allowing the user to change their password. Script Code Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const CHANGE_PASSWORD_GUID = _ "{ab721a53-1e2f-11d0-9819-00aa0040529b}" Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") Set objSD = objUser.Get("nTSecurityDescriptor") Set objDACL = objSD.DiscretionaryAcl arrTrustees = Array("nt authority\self", "everyone") For Each strTrustee In arrTrustees For Each ace In objDACL If(LCase(ace.Trustee) = strTrustee) Then If((ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _ (LCase(ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then objDACL.RemoveAce ace End If End If Next Next objUser.Put "nTSecurityDescriptor", objSD objUser.SetInfo Enabling a User to Logon at Any Time Description Configures the MyerKen Active Directory user account so that the user can logon at any time on any day of the week. Script Code Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "logonHours", 0 objUser.SetInfo

Enumerate Computer Accounts in Active Directory Description Returns the name and location for all the computer accounts in Active Directory. Script Code Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCOmmand.ActiveConnection = objConnection objCommand.CommandText = _ "Select Name, Location from 'LDAP://DC=fabrikam,DC=com' " _ & "where objectClass='computer'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value objRecordSet.MoveNext Loop Enumerate Installed Hot Fixes Description Returns a list of all the hot fixes installed on a computer. Script Code strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colQuickFixes = objWMIService.ExecQuery _ ("Select * from Win32_QuickFixEngineering") For Each objQuickFix in colQuickFixes Wscript.Echo "Computer: " & objQuickFix.CSName Wscript.Echo "Description: " & objQuickFix.Description Wscript.Echo "Hot Fix ID: " & objQuickFix.HotFixID Wscript.Echo "Installation Date: " & objQuickFix.InstallDate Wscript.Echo "Installed By: " & objQuickFix.InstalledBy Next

Enumerate Installed Software Description Returns a list of software that was installed on a computer using Windows Installer. Script Code Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.CreateTextFile("c:\scripts\software.tsv", True) strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colSoftware = objWMIService.ExecQuery _ ("Select * from Win32_Product")

objTextFile.WriteLine "Caption" & vbtab & _ "Description" & vbtab & "Identifying Number" & vbtab & _ "Install Date" & vbtab & "Install Location" & vbtab & _ "Install State" & vbtab & "Name" & vbtab & _ "Package Cache" & vbtab & "SKU Number" & vbtab & "Vendor" & vbtab _ & "Version" For Each objSoftware in colSoftware objTextFile.WriteLine objSoftware.Caption & vbtab & _ objSoftware.Description & vbtab & _ objSoftware.IdentifyingNumber & vbtab & _ objSoftware.InstallDate2 & vbtab & _ objSoftware.InstallLocation & vbtab & _ objSoftware.InstallState & vbtab & _ objSoftware.Name & vbtab & _ objSoftware.PackageCache & vbtab & _ objSoftware.SKUNumber & vbtab & _ objSoftware.Vendor & vbtab & _ objSoftware.Version Next objTextFile.Close

Enumerating All Domain Controllers Description Returns a list of all the domain controllers in the fabrikam.com domain. Script Code Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCOmmand.ActiveConnection = objConnection objCommand.CommandText = _ "Select distinguishedName from 'LDAP://cn=Configuration,DC=fabrikam,DC=com' " _ & "where objectClass='nTDSDSA'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF Wscript.Echo "Computer Name: " & objRecordSet.Fields("distinguishedName").Value objRecordSet.MoveNext Loop

Join Computer to a Domain Description Joins a computer to a domain and creates the computer's account in Active Directory. Script Code Const JOIN_DOMAIN = 1 Const ACCT_CREATE = 2 Const ACCT_DELETE = 4 Const WIN9X_UPGRADE = 16 Const DOMAIN_JOIN_IF_JOINED = 32 Const JOIN_UNSECURE = 64 Const MACHINE_PASSWORD_PASSED = 128 Const DEFERRED_SPN_SET = 256 Const INSTALL_INVOCATION = 262144 strDomain = "FABRIKAM" strPassword = "ls4k5ywA" strUser = "shenalan" Set objNetwork = CreateObject("WScript.Network") strComputer = objNetwork.ComputerName Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _ strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _ strComputer & "'") ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _ strPassword, _ strDomain & "\" & strUser, _ NULL, _ JOIN_DOMAIN + ACCT_CREATE) Move a Computer Account Description Moves a computer account from the Computers container in Active Directory to an OU. Script Code Set objNewOU = GetObject("LDAP://OU=Finance,DC=fabrikam,DC=com") Set objMoveComputer = objNewOU.MoveHere _ ("LDAP://CN=atl-pro-03,CN=Computers,DC=fabrikam,DC=com", "CN=atl-pro-03") Move a User Account Description Moves a user account from one OU to another. Script Code Set objOU = GetObject("LDAP://ou=sales,dc=na,dc=fabrikam,dc=com") objOU.MoveHere _ "LDAP://cn=BarrAdam,OU=hr,dc=na,dc=fabrikam,dc=com", vbNullString

Rename a Computer and Computer Account Description Renames a computer and its corresponding Active Directory computer account. Requires Windows XP or Windows Server 2003, and must be run on the local computer. Script Code strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colComputers = objWMIService.ExecQuery _ ("Select * from Win32_ComputerSystem") For Each objComputer in colComputers err = ObjComputer.Rename("WebServer") Wscript.Echo err Next Require a Password Change Description Forces a user to change their password the next time they logon. Script Code Set objUser = GetObject _ ("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com") objUser.Put "pwdLastSet", 0 objUser.SetInfo Reset a Computer Account Password Description Resets a computer account password in Active Directory. Script Code Set objComputer = GetObject("LDAP://CN=atl-dc-01,CN=Computers,DC=Reskit,DC=COM") objComputer.SetPassword "atl-dc-01$" Retrieve Account Properties Description Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers. Script Code On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfo strUserPrincipalName = objUser.Get("userPrincipalName") strSAMAccountName = objUser.Get("sAMAccountName") strUserWorkstations = objUser.Get("userWorkstations") Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") objDomain.GetInfoEx Array("dc"), 0 strDC = objDomain.Get("dc") WScript.echo WScript.echo WScript.echo WScript.echo "userPrincipalName: " & strUserPrincipalName "sAMAccountName: " & strSAMAccountName "UserWorkstations: " & strUserWorkstations "dc: " & strDC

Retrieve Organization Information Description Retrieves user account attributes found on the Organization page of the user account object in Active Directory Users and Computers. Script Code On Error Resume Next Set objUser = GetObject _ ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") objUser.GetInfo strTitle = objUser.Get("title") strDepartment = objUser.Get("department") strCompany = objUser.Get("company") strManager = objUser.Get("manager") strDirectReports = _ objUser.GetEx("directReports") WScript.echo "title: " & strTitle WScript.echo "department: " & strDepartment WScript.echo "company: " & strCompany WScript.echo "manager: " & strManager For Each strValue in strDirectReports WScript.echo "directReports: " & strValue Next Retrieve System Information Description Uses WMI to retrieve the same data found in the System Information applet. Script Code strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colSettings = objWMIService.ExecQuery _ ("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colSettings Wscript.Echo "OS Name: " & objOperatingSystem.Name Wscript.Echo "Version: " & objOperatingSystem.Version Wscript.Echo "Service Pack: " & _ objOperatingSystem.ServicePackMajorVersion _ & "." & objOperatingSystem.ServicePackMinorVersion Wscript.Echo "OS Manufacturer: " & objOperatingSystem.Manufacturer Wscript.Echo "Windows Directory: " & _ objOperatingSystem.WindowsDirectory Wscript.Echo "Locale: " & objOperatingSystem.Locale Wscript.Echo "Available Physical Memory: " & _ objOperatingSystem.FreePhysicalMemory Wscript.Echo "Total Virtual Memory: " & _ objOperatingSystem.TotalVirtualMemorySize Wscript.Echo "Available Virtual Memory: " & _ objOperatingSystem.FreeVirtualMemory Wscript.Echo "OS Name: " & objOperatingSystem.SizeStoredInPagingFiles Next

Set colSettings = objWMIService.ExecQuery _ ("Select * from Win32_ComputerSystem") For Each objComputer in colSettings Wscript.Echo "System Name: " & objComputer.Name Wscript.Echo "System Manufacturer: " & objComputer.Manufacturer Wscript.Echo "System Model: " & objComputer.Model Wscript.Echo "Time Zone: " & objComputer.CurrentTimeZone Wscript.Echo "Total Physical Memory: " & _ objComputer.TotalPhysicalMemory Next Set colSettings = objWMIService.ExecQuery _ ("Select * from Win32_Processor") For Each objProcessor in colSettings Wscript.Echo "System Type: " & objProcessor.Architecture Wscript.Echo "Processor: " & objProcessor.Description Next Set colSettings = objWMIService.ExecQuery _ ("Select * from Win32_BIOS") For Each objBIOS in colSettings Wscript.Echo "BIOS Version: " & objBIOS.Version Next Create a Local Group on a Computer Description Creates a local group named FinanceUsers on a computer named MyComputer. Script Code strComputer = "MyComputer" Set objComputer = GetObject("WinNT://" & strComputer & ",computer") Set objGroup = objComputer.Create("group", "FinanceUsers") objGroup.SetInfo Creating a Global Group Description Creates a new global security group -- atl-users02 -- within Active Directory directory service. Script Code Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com") Set objGroup = objOU.Create("Group", "cn=atl-users02") objGroup.Put "sAMAccountName", "atl-users02" objGroup.SetInfo

Deleting a Group from Active Directory Description Deletes a group named atl-users from the HR organizational unit in the hypothetical domain fabrikam.com. Script Code Set objOU = GetObject("LDAP://ou=hr, dc=fabrikam,dc=com") objOU.Delete "group", "cn=atl-users"

Create a Network Share Description Creates a shared folder named FinanceShare, setting the maximum number of simultaneous connections to 25, and adding a share description. Script Code Const FILE_SHARE = 0 Const MAXIMUM_CONNECTIONS = 25 strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set objNewShare = objWMIService.Get("Win32_Share") errReturn = objNewShare.Create _ ("C:\Finance", "FinanceShare", FILE_SHARE, _ MAXIMUM_CONNECTIONS, "Public share for the Finance group.") Wscript.Echo errReturn

Modify a Network Share Description Accesses a shared folder named FinanceShare, changes the maximum number of simultaneous connections to 50, and provides a new share description. Script Code strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colShares = objWMIService.ExecQuery _ ("Select * from Win32_Share Where Name = 'FinanceShare'") For Each objShare in colShares errReturn = objShare.SetShareInfo(50, _ "Public share for HR administrators and the Finance Group.") Next Wscript.Echo errReturn

Publish a Shared Folder

Description Publishes a shared folder in Active Directory, assigning the folder a description and three keywords. Script Code
Set objComputer = GetObject _ ("LDAP://OU=Finance, DC=fabrikam, DC=com") Set objShare = objComputer.Create("volume", "CN=FinanceShare") objShare.Put "uNCName", "\\atl-dc-02\FinanceShare" objShare.Put "Description", "Public share for users in the Finance group." objShare.Put "Keywords", Array("finance", "fiscal", "monetary") objShare.SetInfo