|
 |  |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
01-08-2009
| #1 (permalink) |
| Guest | Bulk unlock user accounts We have been hit by the W32.Downadup.B virus. While we are removing it from our network, our users are bing locked out. I patched together the following script from some sample on the Microsoft site. It is not working. Any suggestions as to what is wrong and how to get it to work? ********* On Error Resume Next Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT * FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='user'" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF Set objUser = GetObject ("LDAP://cn=" & objRecordSet.Fields("Name").Value & ",dc=NA,dc=fabrikam,dc=com") objUser.IsAccountLocked = False objUser.SetInfo objRecordSet.MoveNext Loop ********* |
My System Specs |
|
01-08-2009
| #2 (permalink) | ||||||||||||
| Guest | Re: Bulk unlock user accounts "John Renkar" <jrenkar@xxxxxx> wrote in message news:uolclhacJHA.1532@xxxxxx
"dc=fabrikam,dc=com". You should specify the specific attributes you want to retrieve. It makes more sense to retrieve distinguishedName. Also, the filter should be "objectCategory = 'person' and objectClass = 'user'". For example: objCommand.CommandText = _ "SELECT distinguishedName FROM 'LDAP://dc=fabrikam,dc=com' " _ & "WHERE objectCategory = 'person' AND objectClass = 'user'" Then when you bind to the user object: Set objUser = GetObject("LDAP://" & objRecordset.Fields("distinguishedName").Value) Finally, I would recommend not using "On Error Resume Next" throughout the script. It makes troubleshooting very difficult. The only part that might raise an error is where the accounts are unlocked (you may lack permission). I would suggest using LDAP syntax. For example this should work: ========== Option Explicit Dim objRootDSE, strDNSDomain, adoConnection Dim strBase, strFilter, strAttributes, strQuery, adoRecordset Dim strDN, objUser ' Determine DNS domain name. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") ' Use ADO to search Active Directory. Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" Set adoRecordset = CreateObject("ADODB.Recordset") adoRecordset.ActiveConnection = adoConnection ' Search entire domain. strBase = "<LDAP://" & strDNSDomain & ">" ' Filter on all user objects. strFilter = "(&(objectCategory=person)(objectClass=user))" ' Comma delimited list of attribute values to retrieve. strAttributes = "distinguishedName" ' Construct the LDAP query. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" ' Run the query. adoRecordset.Source = strQuery adoRecordset.Open ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values. strDN = adoRecordset.Fields("distinguishedName").Value strDN = Replace(strDN, "/", "\/") Set objUser = GetObject("LDAP://" & strDN) On Error Resume Next objUser.IsAccountLocked = False objUser.SetInfo If (Err.Number <> 0) Then Wscript.Echo "Unable to unlock " & strDN End If On Error GoTo 0 adoRecordset.MoveNext Loop ' Clean up. adoRecordset.Close adoConnection.Close -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- | ||||||||||||
| My System Specs | |||||||||||||
|
02-15-2009
| #3 (permalink) | ||||||||||||||||||||||||
| Guest | Re: Bulk unlock user accounts My company is affected with the same virus. Am not an expert in VBscript. Could you please guide me on how i can utilize this script and where to apply it. All the account in the company are getting unlocked. Your assistance is highly appreciated. Regards... Basil A. Ansari "Richard Mueller [MVP]" wrote:
| ||||||||||||||||||||||||
| My System Specs | |||||||||||||||||||||||||
|
04-23-2009
| #4 (permalink) |
| Newbie | Re: Bulk unlock user accounts Hello everybody ! A very useful batch file that will solve your problem of bulk unlocking in all domain controllers in a domain and uses the Unlock tool from joeware freeware tools ( Free Tools ) ,is here : We have 5 domain controllers and we want to unlock all locked accounts in every dc with only one click. Open Notepad and paste the following code. Do the necessary changes in server names and save the text file with the extension '.bat' . Download the unlock.exe tool and put the 2 file in a folder. Run the batch file and everything should work ok. ---------START OF CODE:------------- cls @ECHO OFF unlock server1 * unlock server2 * unlock server3 * unlock server4 * unlock server5 * pause |
| My System Specs |
| |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| User Accounts at Logon vs User Accounts in Parental Control | spacejuicer | Vista General | 2 | 06-20-2008 03:40 PM |
| User Accounts, Switch User, Hibernate, Sleep, Restart | Leisa | Vista account administration | 4 | 06-16-2008 08:53 AM |
| user accounts don't show up on manage accounts | DavidDuffy | Vista account administration | 0 | 10-10-2007 06:30 PM |
| Standard user accounts can access files of other accounts??!! | Ralf | Vista account administration | 0 | 06-04-2007 05:53 AM |
| Unlock a file beeing used by another user | PowerShell | 4 | 05-30-2007 03:48 PM | |
Linear Mode
