My company is affected with the same virus.
Am not an expert in VBscript. Could you please guide me on how i can utilize
this script and where to apply it.
All the account in the company are getting unlocked.
Your assistance is highly appreciated.
Regards...
Basil A. Ansari
"Richard Mueller [MVP]" wrote:
Quote:
>
> "John Renkar" <jrenkar@xxxxxx> wrote in message
> news:uolclhacJHA.1532@xxxxxx Quote:
> > We have been hit by the W32.Downadup.B virus. While we are removing it
> > from our network, our users are bing locked out. I patched together the
> > following script from some sample on the Microsoft site. It is not
> > working. Any suggestions as to what is wrong and how to get it to work?
> >
> > *********
> > On Error Resume Next
> >
> > Const ADS_SCOPE_SUBTREE = 2
> >
> > Set objConnection = CreateObject("ADODB.Connection")
> > Set objCommand = CreateObject("ADODB.Command")
> > objConnection.Provider = "ADsDSOObject"
> > objConnection.Open "Active Directory Provider"
> > Set objCommand.ActiveConnection = objConnection
> >
> > objCommand.Properties("Page Size") = 1000
> > objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
> >
> > objCommand.CommandText = _
> > "SELECT * FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='user'"
> > Set objRecordSet = objCommand.Execute
> >
> > objRecordSet.MoveFirst
> > Do Until objRecordSet.EOF
> > Set objUser = GetObject ("LDAP://cn=" & objRecordSet.Fields("Name").Value
> > & ",dc=NA,dc=fabrikam,dc=com")
> >
> > objUser.IsAccountLocked = False
> > objUser.SetInfo
> > objRecordSet.MoveNext
> > Loop
> > *********
>
> I assume you substituted the DNS name of your domain for
> "dc=fabrikam,dc=com". You should specify the specific attributes you want to
> retrieve. It makes more sense to retrieve distinguishedName. Also, the
> filter should be "objectCategory = 'person' and objectClass = 'user'". For
> example:
>
> objCommand.CommandText = _
> "SELECT distinguishedName FROM 'LDAP://dc=fabrikam,dc=com' " _
> & "WHERE objectCategory = 'person' AND objectClass = 'user'"
>
> Then when you bind to the user object:
>
> Set objUser = GetObject("LDAP://" &
> objRecordset.Fields("distinguishedName").Value)
>
> Finally, I would recommend not using "On Error Resume Next" throughout the
> script. It makes troubleshooting very difficult. The only part that might
> raise an error is where the accounts are unlocked (you may lack permission).
> I would suggest using LDAP syntax. For example this should work:
> ==========
> Option Explicit
>
> Dim objRootDSE, strDNSDomain, adoConnection
> Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
> Dim strDN, objUser
>
> ' Determine DNS domain name.
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> ' Use ADO to search Active Directory.
> Set adoConnection = CreateObject("ADODB.Connection")
> adoConnection.Provider = "ADsDSOObject"
> adoConnection.Open "Active Directory Provider"
>
> Set adoRecordset = CreateObject("ADODB.Recordset")
> adoRecordset.ActiveConnection = adoConnection
>
> ' Search entire domain.
> strBase = "<LDAP://" & strDNSDomain & ">"
>
> ' Filter on all user objects.
> strFilter = "(&(objectCategory=person)(objectClass=user))"
>
> ' Comma delimited list of attribute values to retrieve.
> strAttributes = "distinguishedName"
>
> ' Construct the LDAP query.
> strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
>
> ' Run the query.
> adoRecordset.Source = strQuery
> adoRecordset.Open
>
> ' Enumerate the resulting recordset.
> Do Until adoRecordset.EOF
> ' Retrieve values.
> strDN = adoRecordset.Fields("distinguishedName").Value
> strDN = Replace(strDN, "/", "\/")
> Set objUser = GetObject("LDAP://" & strDN)
> On Error Resume Next
> objUser.IsAccountLocked = False
> objUser.SetInfo
> If (Err.Number <> 0) Then
> Wscript.Echo "Unable to unlock " & strDN
> End If
> On Error GoTo 0
> adoRecordset.MoveNext
> Loop
>
> ' Clean up.
> adoRecordset.Close
> adoConnection.Close
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>