Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Misc Newsgroups > VB Script

Vista - Script to add computer in Active Directory to all users in an OU

Reply
 
Old 11-05-2008   #1 (permalink)
jnet77


 
 

Script to add computer in Active Directory to all users in an OU

I have a group of students in an OU group that I wanted to give permission to
logon to a new computer we have added. My hope was that there would be a
group policy object that would allow me to do this - but no luck - so I wrote
the script below with the help of the Scripting Guy articles.

It works great, the only problem is that if the computer is already listed
as one they can logon to, it will duplicate, but of course tell me that they
are already allowed to logon to it. I know what the issue is, I just don't
know the best way to correct the problem. Please take a look and let me know
if you have suggestions about how best to rewrite this to fix the problem.

Option Explicit

Dim strComputer, objUser, strWorkstations, arrNames, k, objOU

' Bind to user object.
Set objOU = GetObject _
("LDAP://OU=Students,OU=HS,DC=EXAMPLE,DC=LOCAL")
objOU.Filter = Array("user")

' Specify NetBIOS name of computer to add.
strComputer = "hsrm105s2"

For Each objUser in objOU
' Retrieve value of userWorkstations attribute.
strWorkstations = objUser.userWorkstations

' Check if new computer name already included.
arrNames = Split(strWorkstations, ",")
For k = 0 To UBound(arrNames)
If (LCase(strComputer) = LCase(arrNames(k))) Then
' This computer already included. Abort.
Wscript.Echo "User already allowed to logon to " & strComputer
End If
Next

' Append new computer name.
If (strWorkstations = "") Then
strWorkstations = strComputer
Else
strWorkstations = strWorkstations & "," & strComputer
End If

' Save new value.
objUser.userWorkstations = strWorkstations
objUser.SetInfo

Next

My System SpecsSystem Spec
Old 11-05-2008   #2 (permalink)
Richard Mueller [MVP]


 
 

Re: Script to add computer in Active Directory to all users in an OU


"jnet77" <jnet77@xxxxxx> wrote in message
news:7837427E-8CF7-47E5-BDC3-655680555057@xxxxxx
Quote:

>I have a group of students in an OU group that I wanted to give permission
>to
> logon to a new computer we have added. My hope was that there would be a
> group policy object that would allow me to do this - but no luck - so I
> wrote
> the script below with the help of the Scripting Guy articles.
>
> It works great, the only problem is that if the computer is already listed
> as one they can logon to, it will duplicate, but of course tell me that
> they
> are already allowed to logon to it. I know what the issue is, I just
> don't
> know the best way to correct the problem. Please take a look and let me
> know
> if you have suggestions about how best to rewrite this to fix the problem.
>
> Option Explicit
>
> Dim strComputer, objUser, strWorkstations, arrNames, k, objOU
>
> ' Bind to user object.
> Set objOU = GetObject _
> ("LDAP://OU=Students,OU=HS,DC=EXAMPLE,DC=LOCAL")
> objOU.Filter = Array("user")
>
> ' Specify NetBIOS name of computer to add.
> strComputer = "hsrm105s2"
>
> For Each objUser in objOU
> ' Retrieve value of userWorkstations attribute.
> strWorkstations = objUser.userWorkstations
>
> ' Check if new computer name already included.
> arrNames = Split(strWorkstations, ",")
> For k = 0 To UBound(arrNames)
> If (LCase(strComputer) = LCase(arrNames(k))) Then
> ' This computer already included. Abort.
> Wscript.Echo "User already allowed to logon to " & strComputer
> End If
> Next
>
> ' Append new computer name.
> If (strWorkstations = "") Then
> strWorkstations = strComputer
> Else
> strWorkstations = strWorkstations & "," & strComputer
> End If
>
> ' Save new value.
> objUser.userWorkstations = strWorkstations
> objUser.SetInfo
>
> Next
You neglect to abort when you find the computer name already in the list.
You could use:

arrNames = Split(strWorkstations, ",")
For k = 0 To UBound(arrNames)
If (LCase(strComputer) = LCase(arrNames(k))) Then
' This computer already included. Abort.
Wscript.Echo "User already allowed to logon to " & strComputer
Wscript.Quit ' <<-- new statement.
End If
Next

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


My System SpecsSystem Spec
Old 11-06-2008   #3 (permalink)
jnet77


 
 

Re: Script to add computer in Active Directory to all users in an

Richard,

Thanks for the response, and what you suggested is originally how the script
worked. The problem was, though, if I had 500 students and the 100th one
already had the computer, the script would end at student 100. That meant
the other 400 wouldn't get the new computer added.

I need the script to only not execute on a user when the computer is already
found, but then go on and move to the next user.

Your assistance in advance is appreciated.
My System SpecsSystem Spec
Old 11-06-2008   #4 (permalink)
Richard Mueller [MVP]


 
 

Re: Script to add computer in Active Directory to all users in an


"jnet77" <jnet77@xxxxxx> wrote in message
news:F13662A0-F432-4E68-BB30-5C86865C75E6@xxxxxx
Quote:

> Richard,
>
> Thanks for the response, and what you suggested is originally how the
> script
> worked. The problem was, though, if I had 500 students and the 100th one
> already had the computer, the script would end at student 100. That meant
> the other 400 wouldn't get the new computer added.
>
> I need the script to only not execute on a user when the computer is
> already
> found, but then go on and move to the next user.
>
> Your assistance in advance is appreciated.
Then one solution would be a boolean variable to indicate if the name is
found. For example (in part):
========
Dim blnFound

For Each objUser in objOU
' Retrieve value of userWorkstations attribute.
strWorkstations = objUser.userWorkstations

' Check if new computer name already included.
arrNames = Split(strWorkstations, ",")
blnFound = False
For k = 0 To UBound(arrNames)
If (LCase(strComputer) = LCase(arrNames(k))) Then
' This computer already included. Abort.
Wscript.Echo "User already allowed to logon to " & strComputer
blnFound = True
Exit For
End If
Next

If (blnFound = False) then
' Append new computer name.
If (strWorkstations = "") Then
strWorkstations = strComputer
Else
strWorkstations = strWorkstations & "," & strComputer
End If

' Save new value.
objUser.userWorkstations = strWorkstations
objUser.SetInfo
End If

Next
=========
Note that the "Exit For" statement exits from the inner "For" statement, not
the outer "For Each".

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


My System SpecsSystem Spec
Old 11-06-2008   #5 (permalink)
Stefan Kanthak


 
 

Re: Script to add computer in Active Directory to all users in an OU

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

Domain Name: NOSPAM.NET

Registrant [1418766]:
Brendhan, Hight dnsadmin (at) mdnhinc (dot) com
Mdnh Inc
4425 W Spring Mountain Rd
Suite 210
Las Vegas NV
89102 United States

Do you have the owners permission to use a subdomain of nospam.net?
Quote:

> You neglect to abort when you find the computer name already in the list.
> You could use:
>
> arrNames = Split(strWorkstations, ",")
> For k = 0 To UBound(arrNames)
> If (LCase(strComputer) = LCase(arrNames(k))) Then
An alternative solution which avoids both splitting and then
looping/searching through the array:

If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer & ",")) > 0) Then

Stefan

My System SpecsSystem Spec
Old 11-06-2008   #6 (permalink)
Richard Mueller [MVP]


 
 

Re: Script to add computer in Active Directory to all users in an OU


"Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
news:eBDhe1CQJHA.1168@xxxxxx
Quote:

> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
>
> Domain Name: NOSPAM.NET
>
> Registrant [1418766]:
> Brendhan, Hight dnsadmin (at) mdnhinc (dot) com
> Mdnh Inc
> 4425 W Spring Mountain Rd
> Suite 210
> Las Vegas NV
> 89102 United States
>
> Do you have the owners permission to use a subdomain of nospam.net?
No. When I started using it years ago it was suggested by "experts".
Quote:

>
Quote:

>> You neglect to abort when you find the computer name already in the list.
>> You could use:
>>
>> arrNames = Split(strWorkstations, ",")
>> For k = 0 To UBound(arrNames)
>> If (LCase(strComputer) = LCase(arrNames(k))) Then
>
> An alternative solution which avoids both splitting and then
> looping/searching through the array:
>
> If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer &
> ",")) > 0) Then
>
> Stefan
I thought of that, but decided against it because there could be a partial
match. For example, if strComputer is "Computer1" it could match with
"Computer11" and Computer12", etc. Your idea of appending commas doesn't
work if the computer is either the first or last in the list. Even though it
seems like more work, I decided the loop is more reliable.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


My System SpecsSystem Spec
Old 11-07-2008   #7 (permalink)
Stefan Kanthak


 
 

Re: Script to add computer in Active Directory to all users in an OU

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
Quote:

>
> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
> news:eBDhe1CQJHA.1168@xxxxxx
Quote:

>> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
Quote:
Quote:

>> Do you have the owners permission to use a subdomain of nospam.net?
>
> No. When I started using it years ago it was suggested by "experts".
Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
is appropriate IF permitted by the resp. newsmaster. Any other
"mangling" will lead to backscatter to uninvolved third parties.
Dont lay off your spam problem to others.
And don't forget to provide a VALID "Reply-To:".

Quote:
Quote:

>> If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer &
>> ",")) > 0) Then
Quote:

> I thought of that, but decided against it because there could be a partial
> match.
No! Both the comma-separated list of workstation names and the single
computer name are enclosed in commas. This guarantees a complete match
only.

Stefan

My System SpecsSystem Spec
Old 11-07-2008   #8 (permalink)
Stefan Kanthak


 
 

Re: Script to add computer in Active Directory to all users in an OU

"Al Dunbar" <alandrub@xxxxxx> wrote:
Quote:

>
> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
> news:OC10HoNQJHA.4256@xxxxxx
Quote:
Quote:

>> Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
>> is appropriate IF permitted by the resp. newsmaster. Any other
>> "mangling" will lead to backscatter to uninvolved third parties.
>> Dont lay off your spam problem to others.
>> And don't forget to provide a VALID "Reply-To:".
>
> For the benefit of most of us, could you indicate where these regulations
> are documented and explained?
<http://www.ietf.org/rfc/rfc822.txt> especially with

| 6.2. SEMANTICS
|
| A mailbox receives mail. [...]

<http://www.ietf.org/rfc/rfc1036.txt>

<http://www.ietf.org/rfc/rfc1855.txt>


The benefit of using your correct mailbox address is that even Joe
Average can reply to any message by simply hitting the [Reply] button.
Programs and machines (and even smart people.-) are quite dumb in
guessing where to send a message to if the address is syntactically
correct but semantically wrong.


Stefan

My System SpecsSystem Spec
Old 11-07-2008   #9 (permalink)
Al Dunbar


 
 

Re: Script to add computer in Active Directory to all users in an OU


"Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
news:OC10HoNQJHA.4256@xxxxxx
Quote:

> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
Quote:

>>
>> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
>> news:eBDhe1CQJHA.1168@xxxxxx
Quote:

>>> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
>
Quote:
Quote:

>>> Do you have the owners permission to use a subdomain of nospam.net?
>>
>> No. When I started using it years ago it was suggested by "experts".
>
> Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
> is appropriate IF permitted by the resp. newsmaster. Any other
> "mangling" will lead to backscatter to uninvolved third parties.
> Dont lay off your spam problem to others.
> And don't forget to provide a VALID "Reply-To:".
For the benefit of most of us, could you indicate where these regulations
are documented and explained?

/Al


My System SpecsSystem Spec
Reply

Thread Tools


Similar Threads
Thread Forum
Active Directory Users and Computers in 64 bit Vista Vista General
How to Verify Users are Disabled in Active Directory PowerShell
Active Directory: getting a list of users PowerShell
Active Directory users and computers snap-in Vista General
Critique my Active Directory script PowerShell


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46