Windows Vista Forums

Script to add computer in Active Directory to all users in an OU
  1. #1


    jnet77 Guest

    Script to add computer in Active Directory to all users in an OU

    I have a group of students in an OU group that I wanted to give permission to
    logon to a new computer we have added. My hope was that there would be a
    group policy object that would allow me to do this - but no luck - so I wrote
    the script below with the help of the Scripting Guy articles.

    It works great, the only problem is that if the computer is already listed
    as one they can logon to, it will duplicate, but of course tell me that they
    are already allowed to logon to it. I know what the issue is, I just don't
    know the best way to correct the problem. Please take a look and let me know
    if you have suggestions about how best to rewrite this to fix the problem.

    Option Explicit



    Dim strComputer, objUser, strWorkstations, arrNames, k, objOU

    ' Bind to user object.
    Set objOU = GetObject _
    ("LDAP://OU=Students,OU=HS,DC=EXAMPLE,DC=LOCAL")
    objOU.Filter = Array("user")

    ' Specify NetBIOS name of computer to add.
    strComputer = "hsrm105s2"

    For Each objUser in objOU
    ' Retrieve value of userWorkstations attribute.
    strWorkstations = objUser.userWorkstations

    ' Check if new computer name already included.
    arrNames = Split(strWorkstations, ",")
    For k = 0 To UBound(arrNames)
    If (LCase(strComputer) = LCase(arrNames(k))) Then
    ' This computer already included. Abort.
    Wscript.Echo "User already allowed to logon to " & strComputer
    End If
    Next

    ' Append new computer name.
    If (strWorkstations = "") Then
    strWorkstations = strComputer
    Else
    strWorkstations = strWorkstations & "," & strComputer
    End If

    ' Save new value.
    objUser.userWorkstations = strWorkstations
    objUser.SetInfo

    Next

      My System SpecsSystem Spec

  2. #2


    Richard Mueller [MVP] Guest

    Re: Script to add computer in Active Directory to all users in an OU


    "jnet77" <jnet77@xxxxxx> wrote in message
    news:7837427E-8CF7-47E5-BDC3-655680555057@xxxxxx

    >I have a group of students in an OU group that I wanted to give permission
    >to
    > logon to a new computer we have added. My hope was that there would be a
    > group policy object that would allow me to do this - but no luck - so I
    > wrote
    > the script below with the help of the Scripting Guy articles.
    >
    > It works great, the only problem is that if the computer is already listed
    > as one they can logon to, it will duplicate, but of course tell me that
    > they
    > are already allowed to logon to it. I know what the issue is, I just
    > don't
    > know the best way to correct the problem. Please take a look and let me
    > know
    > if you have suggestions about how best to rewrite this to fix the problem.
    >
    > Option Explicit
    >
    > Dim strComputer, objUser, strWorkstations, arrNames, k, objOU
    >
    > ' Bind to user object.
    > Set objOU = GetObject _
    > ("LDAP://OU=Students,OU=HS,DC=EXAMPLE,DC=LOCAL")
    > objOU.Filter = Array("user")
    >
    > ' Specify NetBIOS name of computer to add.
    > strComputer = "hsrm105s2"
    >
    > For Each objUser in objOU
    > ' Retrieve value of userWorkstations attribute.
    > strWorkstations = objUser.userWorkstations
    >
    > ' Check if new computer name already included.
    > arrNames = Split(strWorkstations, ",")
    > For k = 0 To UBound(arrNames)
    > If (LCase(strComputer) = LCase(arrNames(k))) Then
    > ' This computer already included. Abort.
    > Wscript.Echo "User already allowed to logon to " & strComputer
    > End If
    > Next
    >
    > ' Append new computer name.
    > If (strWorkstations = "") Then
    > strWorkstations = strComputer
    > Else
    > strWorkstations = strWorkstations & "," & strComputer
    > End If
    >
    > ' Save new value.
    > objUser.userWorkstations = strWorkstations
    > objUser.SetInfo
    >
    > Next
    You neglect to abort when you find the computer name already in the list.
    You could use:

    arrNames = Split(strWorkstations, ",")
    For k = 0 To UBound(arrNames)
    If (LCase(strComputer) = LCase(arrNames(k))) Then
    ' This computer already included. Abort.
    Wscript.Echo "User already allowed to logon to " & strComputer
    Wscript.Quit ' <<-- new statement.
    End If
    Next

    --
    Richard Mueller
    MVP Directory Services
    Hilltop Lab - http://www.rlmueller.net
    --



      My System SpecsSystem Spec

  3. #3


    jnet77 Guest

    Re: Script to add computer in Active Directory to all users in an

    Richard,

    Thanks for the response, and what you suggested is originally how the script
    worked. The problem was, though, if I had 500 students and the 100th one
    already had the computer, the script would end at student 100. That meant
    the other 400 wouldn't get the new computer added.

    I need the script to only not execute on a user when the computer is already
    found, but then go on and move to the next user.

    Your assistance in advance is appreciated.

      My System SpecsSystem Spec

  4. #4


    Richard Mueller [MVP] Guest

    Re: Script to add computer in Active Directory to all users in an


    "jnet77" <jnet77@xxxxxx> wrote in message
    news:F13662A0-F432-4E68-BB30-5C86865C75E6@xxxxxx

    > Richard,
    >
    > Thanks for the response, and what you suggested is originally how the
    > script
    > worked. The problem was, though, if I had 500 students and the 100th one
    > already had the computer, the script would end at student 100. That meant
    > the other 400 wouldn't get the new computer added.
    >
    > I need the script to only not execute on a user when the computer is
    > already
    > found, but then go on and move to the next user.
    >
    > Your assistance in advance is appreciated.
    Then one solution would be a boolean variable to indicate if the name is
    found. For example (in part):
    ========
    Dim blnFound

    For Each objUser in objOU
    ' Retrieve value of userWorkstations attribute.
    strWorkstations = objUser.userWorkstations

    ' Check if new computer name already included.
    arrNames = Split(strWorkstations, ",")
    blnFound = False
    For k = 0 To UBound(arrNames)
    If (LCase(strComputer) = LCase(arrNames(k))) Then
    ' This computer already included. Abort.
    Wscript.Echo "User already allowed to logon to " & strComputer
    blnFound = True
    Exit For
    End If
    Next

    If (blnFound = False) then
    ' Append new computer name.
    If (strWorkstations = "") Then
    strWorkstations = strComputer
    Else
    strWorkstations = strWorkstations & "," & strComputer
    End If

    ' Save new value.
    objUser.userWorkstations = strWorkstations
    objUser.SetInfo
    End If

    Next
    =========
    Note that the "Exit For" statement exits from the inner "For" statement, not
    the outer "For Each".

    --
    Richard Mueller
    MVP Directory Services
    Hilltop Lab - http://www.rlmueller.net
    --



      My System SpecsSystem Spec

  5. #5


    Stefan Kanthak Guest

    Re: Script to add computer in Active Directory to all users in an OU

    "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

    Domain Name: NOSPAM.NET

    Registrant [1418766]:
    Brendhan, Hight dnsadmin (at) mdnhinc (dot) com
    Mdnh Inc
    4425 W Spring Mountain Rd
    Suite 210
    Las Vegas NV
    89102 United States

    Do you have the owners permission to use a subdomain of nospam.net?

    > You neglect to abort when you find the computer name already in the list.
    > You could use:
    >
    > arrNames = Split(strWorkstations, ",")
    > For k = 0 To UBound(arrNames)
    > If (LCase(strComputer) = LCase(arrNames(k))) Then
    An alternative solution which avoids both splitting and then
    looping/searching through the array:

    If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer & ",")) > 0) Then

    Stefan


      My System SpecsSystem Spec

  6. #6


    Richard Mueller [MVP] Guest

    Re: Script to add computer in Active Directory to all users in an OU


    "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    news:eBDhe1CQJHA.1168@xxxxxx

    > "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
    >
    > Domain Name: NOSPAM.NET
    >
    > Registrant [1418766]:
    > Brendhan, Hight dnsadmin (at) mdnhinc (dot) com
    > Mdnh Inc
    > 4425 W Spring Mountain Rd
    > Suite 210
    > Las Vegas NV
    > 89102 United States
    >
    > Do you have the owners permission to use a subdomain of nospam.net?
    No. When I started using it years ago it was suggested by "experts".

    >

    >> You neglect to abort when you find the computer name already in the list.
    >> You could use:
    >>
    >> arrNames = Split(strWorkstations, ",")
    >> For k = 0 To UBound(arrNames)
    >> If (LCase(strComputer) = LCase(arrNames(k))) Then
    >
    > An alternative solution which avoids both splitting and then
    > looping/searching through the array:
    >
    > If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer &
    > ",")) > 0) Then
    >
    > Stefan
    I thought of that, but decided against it because there could be a partial
    match. For example, if strComputer is "Computer1" it could match with
    "Computer11" and Computer12", etc. Your idea of appending commas doesn't
    work if the computer is either the first or last in the list. Even though it
    seems like more work, I decided the loop is more reliable.

    --
    Richard Mueller
    MVP Directory Services
    Hilltop Lab - http://www.rlmueller.net
    --



      My System SpecsSystem Spec

  7. #7


    Stefan Kanthak Guest

    Re: Script to add computer in Active Directory to all users in an OU

    "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

    >
    > "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    > news:eBDhe1CQJHA.1168@xxxxxx

    >> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

    >> Do you have the owners permission to use a subdomain of nospam.net?
    >
    > No. When I started using it years ago it was suggested by "experts".
    Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
    is appropriate IF permitted by the resp. newsmaster. Any other
    "mangling" will lead to backscatter to uninvolved third parties.
    Dont lay off your spam problem to others.
    And don't forget to provide a VALID "Reply-To:".


    >> If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer &
    >> ",")) > 0) Then

    > I thought of that, but decided against it because there could be a partial
    > match.
    No! Both the comma-separated list of workstation names and the single
    computer name are enclosed in commas. This guarantees a complete match
    only.

    Stefan


      My System SpecsSystem Spec

  8. #8


    Stefan Kanthak Guest

    Re: Script to add computer in Active Directory to all users in an OU

    "Al Dunbar" <alandrub@xxxxxx> wrote:

    >
    > "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    > news:OC10HoNQJHA.4256@xxxxxx

    >> Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
    >> is appropriate IF permitted by the resp. newsmaster. Any other
    >> "mangling" will lead to backscatter to uninvolved third parties.
    >> Dont lay off your spam problem to others.
    >> And don't forget to provide a VALID "Reply-To:".
    >
    > For the benefit of most of us, could you indicate where these regulations
    > are documented and explained?
    <http://www.ietf.org/rfc/rfc822.txt> especially with

    | 6.2. SEMANTICS
    |
    | A mailbox receives mail. [...]

    <http://www.ietf.org/rfc/rfc1036.txt>

    <http://www.ietf.org/rfc/rfc1855.txt>


    The benefit of using your correct mailbox address is that even Joe
    Average can reply to any message by simply hitting the [Reply] button.
    Programs and machines (and even smart people.-) are quite dumb in
    guessing where to send a message to if the address is syntactically
    correct but semantically wrong.


    Stefan


      My System SpecsSystem Spec

  9. #9


    Al Dunbar Guest

    Re: Script to add computer in Active Directory to all users in an OU


    "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    news:OC10HoNQJHA.4256@xxxxxx

    > "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

    >>
    >> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    >> news:eBDhe1CQJHA.1168@xxxxxx

    >>> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
    >

    >>> Do you have the owners permission to use a subdomain of nospam.net?
    >>
    >> No. When I started using it years ago it was suggested by "experts".
    >
    > Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
    > is appropriate IF permitted by the resp. newsmaster. Any other
    > "mangling" will lead to backscatter to uninvolved third parties.
    > Dont lay off your spam problem to others.
    > And don't forget to provide a VALID "Reply-To:".
    For the benefit of most of us, could you indicate where these regulations
    are documented and explained?

    /Al



      My System SpecsSystem Spec

Script to add computer in Active Directory to all users in an OU problems?

Similar Threads
Thread Thread Starter Forum Replies Last Post
SBS users not in Active Directory ron SBS Server 5 13 Aug 2009
Active Directory users shank Server General 3 27 Jul 2009
Active Directory Users and Computers in 64 bit Vista David Lewis Vista General 6 28 Apr 2009
Active Directory: getting a list of users Marco Shaw PowerShell 4 04 Jul 2007
Critique my Active Directory script phappyman@gmail.com PowerShell 0 01 Dec 2006