> Subject: RE: Any tools/scripts to change user logon profile
> automatically?
> From: "Ken L" <[EMAIL PROTECTED]>
> Date: Mon, 28 Jul 2003 06:01:42 +0000
>
> Neil,
> The company attribute is the one that differentiate the 300
> from 600 users.. Thanks again..
Righto...
The company attribute is only available via the LDAP provider (ie not
available, as you'd probably expect, through the WinNT provider).
Actually, it's not listed in my ADSI scripting book, but I just tried it
through a test script, and you can access it just fine.
I don't know how much you know about scripting, and I don't want to
insult your intelligence with anything - but I'll highlight the steps
you'll need to script, and supply examples of how to do it.
Firstly with an AD domain, and given you'll need to use the LDAP
provider for some attributes you want to access, you'll need to
establish the naming context of the domain in LDAP parlance. I normally
access the rootdse object, and use that so that I don't need to hard
code it into scripts... so:-
< start of vbscript / ADSI example... >
Dim objRootDSE
Dim strNamingContext
set objRootDSE=getobject("LDAP://rootdse";)
strNamingContext=objRootDSE.get("defaultnamingcontext")
set objectRootDSE=nothing
< end of vbscript / ADSI example... >
So strNamingContext will have the relevant naming context for your
domain in LDAP parlance (eg it will contain something like
"DC=company,DC=com").
Next thing you'll want to do is evaluate all users within the AD
hierarchy. I'm assuming that you don't have any container / OU starting
point, with which to be selective, so you'll simply have to recurse and
filter on user type objects. So...
(note the above example already shows how to establish the naming
context of the domain, and puts it into a string, so we'll assume we
already have it, in the named variable above...)
< start of vbscript / ADSI example... >
call recursepath(strNamingContext)
sub recursepath(ADPath)
Dim objContainer,objContainerUser,objSubOU,objUser
' Open the passed container - give that this could be at the root of the
domain, or some
' OU below this, we cannot actually assume it is an OU to start with.
' Note we don't evaluate true containers - so the default location for
users (the users container)
' will NOT be evaluated - something to note, if the actual users to be
processed are in
' this container, or could be...
set objContainer=getobject("LDAP://"&ADPath)
' set a filter for the user objects in this container...
objContainer.filter=array("user")
' evaluate all the user type objects (filtered in the previous line) in
this container ONLY
for each objContainerUser in objContainer
' establish an actual open object to the user object
set objUser=getobject("LDAP://"&objContainerUser.name&","&ADPath)
' going here will have to be whatever processing we actually want to do
on the user...
set objUser=nothing
next
' set a filter to evaluate OUs below the current container / OU...
set objContainer.filter=array("organizationalunit")
' evaluate all OUs in the current container / OU...
for each objSubOU in objContainer
' recursively call this same subroutine with the OU name we've just
discovered...
call recursepath(objSubOU,name&","&ADPath)
next
set objContainer=nothing
end sub
< end of vbscript / ADSI example... >
So this bit evaluates any users below the domain and in any OU
hierarchy. Note - as mentioned in the comments in this script example,
it doesn't process any containers - so the default "users" container is
ignored, and any users in this container won't be processed.
The last bit you have to do is simple make some conditional logic on
whatever it is you want to include in the "company" attribute, and then
set what you want in the loginscript attribute (it was this you wanted
to change, wasn't it?). Note: both these items could be passed arguments
to the script, or merely hard=coded in - I'll just hard-code some
vanilla examples.
So from the above examples, we've established the naming context, and
are processing any user objects from the domain root downwards that are
in OUs... we have an open object to the current user we are processing,
called "objUser"...
< start of vbscript / ADSI example... >
if objUser.company="CompanyA" then
objUser.loginscript="loginscriptA.cmd"
objUser.setinfo
end if
< end of vbscript / ADSI example... >
Note the "objUser.setinfo" is the line that actually updates the user.
I could have simply written one big example that actually did all that
you want, but I don't truly think it helps techies, simply to write one
big fate accompli - rather I think it's more long term help to show what
needs to be done, with examples of how to do it - then you still learn
something because you actually have to put all the bits together and get
some understanding of what the scripts doing, as opposed to merely
editing strings in scripts to personalise it to your implementation.
And nobody is paying me to write you one big script to do the job - I'm
all about helping others to do stuff and sharing information, but not
doing everything for them ;-)
Hope this helps
Neil
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************
------
You are subscribed as [EMAIL PROTECTED]
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english
To unsubscribe send a blank email to [EMAIL PROTECTED]
