KenM <[EMAIL PROTECTED]> wrote on 09/05/2008 09:32:53 PM:
> Can you post your script so we can see what it is doing.
Sure. It's a bit long, tho, and I'm sure it will line break wrongly ...
@ECHO OFF
SETLOCAL EnableDelayedExpansion
TITLE %0
FOR /F "TOKENS=2-5 DELIMS=/ " %%D IN ('DATE /T') DO SET
@TODAY=%%F%%D%%E& SET @TODAY_EXP=%%F-%%D-%%E
FOR /F "TOKENS=1-3 DELIMS=:. " %%T IN ('ECHO %TIME: =0%') DO SET
@NOW=%%T%%U%%V
SET @[EMAIL PROTECTED]
SET @StartingTimeStamp=%DATE% at %TIME%
FOR /F "TOKENS=1-4 DELIMS=/ " %%I IN ('DATE /T') DO (
SET DayOfWeek=%%I
SET Month=%%J
SET Day=%%K
SET Year=%%L
)
SET _JoeWare="\\Path\to\JoeWare Tools"
SET _XCALCS="\\Path\to\XCACLS tools"
SET _LDAP-Base=
SET _Offset=3
SET _UserPath=^\users^\
SET _FirstName=
SET _LastName=
SET _LoginName=
SET _HomeFolder=
SET _ActiveOrNot=
SET _CurrentStatus=
SET _Server=
SET _User=********
SET _Pass=********
:DoIt
SET _Server=My-Server-Name
SET _FilePath=^\^\%_Server%%_UserPath%
@ECHO .
@ECHO Server now being analyzed is %_Server%
@ECHO .
IF EXIST %_Server%-Users-HomeFolders.txt DEL
%_Server%-Users-HomeFolders.txt
IF EXIST %_Server%-Users-Active-NotMoved.TXT DEL
%_Server%-Users-Active-NotMoved.TXT
IF EXIST %_Server%-Users-NonActive-NotMoved.TXT DEL
%_Server%-Users-NonActive-NotMoved.TXT
@ECHO These are the Home Folders of the users at %_Server%.
>HomeFoldersOf-%_Server%-Users.txt
@ECHO . >>HomeFoldersOf-%_Server%-Users.txt
@ECHO These are users who are active employees, and have a
HomeFolder on server %_Server%. >%_Server%-Users-Active-NotMoved.TXT
@ECHO . >>%_Server%-Users-Active-NotMoved.TXT
@ECHO These are users who are DISABLED/NON-ACTIVE who have Home
Folders on server %_Server%. >%_Server%-Users-NonActive.TXT
@ECHO . >>%_Server%-Users-NonActive.TXT
@ECHO Starting ... [EMAIL PROTECTED]
DIR /B %_FilePath% >%_Server%-HomeFolders.txt
FOR /F %%B IN (%_Server%-HomeFolders.txt) DO (
%_JoeWare%\adfind -b
"DC=wrk,DC=ads,DC=pha,DC=phila,DC=gov" -nodn -nolabel -list -csv
-nocsvheader -f sAMAccountName=%%B givenName sn sAMAccountName
homeDirectory userAccountControl>>%_Server%-Users-HomeFolders.txt
)
@ECHO
--------------------------------------------------------------------
:ParseMe
FOR /F "DELIMS=, TOKENS=1-6" %%B IN
(%_Server%-Users-HomeFolders.txt) DO (
SET _FirstName=%%C
SET _LastName=%%D
SET _LoginName=%%E
SET _HomeFolder=%%F
SET _ActiveOrNot=%%G
IF /I %%G EQU "514" (SET _CurrentStatus="No Longer
Employed") ELSE (SET _CurrentStatus="Active")
@ECHO !_LastName!, !_FirstName! HomeFolder=
!_HomeFolder!, HomeServer= !_HomeServer!, Status= !_CurrentStatus!
FOR /F "DELIMS=\ TOKENS=1" %%W in
("!_HomeFolder:~%_Offset%!") DO SET _HomeServer=%%W
IF /I !_ActiveOrNot! EQU "514" (
REM
REM User account is DISABLED, so these should be ex-employees
REM
@ECHO %_LastName%, %_FirstName% -- Status is
%_CurrentStatus% >>%_Server%-Users-NonActive.TXT
IF /I "%_HomeServer%" NEQ "%_Server%" (
@ECHO . . . . . . . Home Folder moved!
SET _HomeDir=%_FilePath%!_LoginName!
) ELSE (
SET _HomeDir=!_HomeFolder!
)
CSCRIPT %_XCALCS%\XCACLS.VBS !_HomeDir! /SERVER
!_Server!
@PAUSE
) ELSE (
REM
REM User is ACTIVE
REM
IF /I "%_HomeServer%" NEQ "%_Server%" (
REM
REM These active pople have a "homeFolder" attribute that says another
server, so this must be an old leftover home directory, that should be
moved
REM
SET _HomeDir=%_FilePath%!_LoginName!
@ECHO .
@ECHO Home folder moved*** !_FirstName!
!_LastName!, HomeFolder= !_HomeDir! on server !_HomeServer!
@ECHO !_LastName!, !_FirstName!
HomeFolder= !_HomeFolder!, HomeServer= !_HomeServer!, Status=
!_CurrentStatus! >>!_Server!-Users-Active-Moved.TXT
@ECHO .
) ELSE (
REM
REM These are users who are active, and have a _homeDirectory attribute
that points to the server in question
REM
REM @ECHO %_LastName%, %_FirstName% Status=
%_CurrentStatus% >>%_Server%-Users-Active-NotMoved.TXT
@ECHO .
)
)
)
@ECHO
--------------------------------------------------------------------
@ECHO .
SET @EndingTimeStamp=%DATE% at %TIME%
@ECHO Ending ... [EMAIL PROTECTED]
@ECHO .
:EOF
> Also why are you taking ownership, If these folders were created
> using the users home drive path in ADUC then the local admins should
> have access and your can just run the script as a users who is in
> the local admins group.
Well, no. The only accounts with access (usually) are the user. Local
admins removed from security at upper level (i.e., E:\Users), and no
inheritence for sub-folders specified. Otherwise, anyone who is a local
admin (such as a Domain Admin) could access any files, and that's a No-No.
:-)
> On Fri, Sep 5, 2008 at 2:30 PM, <[EMAIL PROTECTED]> wrote:
>
> OK, so I have a script that lists all the user directories on a
> server. Since the user directory is also the login for the user, I
> can query AD (using ADFIND) and extract out user details. If a user
> account that owns said folder is disabled, I want to take ownership
> of it, and then move it to a different folder. This is all done
> using a shell script (CMD, not VBScript, not PowerShell)
>
> So this is all working .. almost. :-) I am trying to call the
> XCACLS.VBS script to do the actual take ownership part (since the
> command line .EXE utility is supposed to have problems). As a test,
> all I am doing is listing ownership of the folders in question. And
> again, that all works ... to a point. Almost invariably, the script
> will just stop, and it is always on the return from the call to
> execute XCACLS.VBS. I know this, because I put a PAUSE statement
> after each call to XCACLS,VBS, and when the script stops, all I see
> is the output from XCACLS.VBS, and not my pause statement.
>
> Thoughts? Clues? Hints? Pointers? Any other groveling help word I've
> overlooked?
>
> Server I am running this against is Win2000 (I will also, later, run
> it against Win2003 fileservers). I am running this from a WinXP Pro
> SP3 workstation. The version of the XCACLS.VBS I am using is "
> XCACLS.VBS (Version: 5.2)". I run this by using CSCRIPT.
>
> Thanks
>
> --
> Michael Leone
> Network Administrator, ISM
> Philadelphia Housing Authority
> 2500 Jackson St
> Philadelphia, PA 19145
> Tel: 215-684-4180
> Cell: 215-252-0143
> <mailto:[EMAIL PROTECTED]>
>
>
>
>
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
