"UselessUser" <UselessUser@xxxxxx> wrote in message
news:86D8D269-6620-4142-A7FF-5CAC72F4A2B6@xxxxxx
> Hi,
>
> I have run a dsquery against my AD for computer accounts with a stale
> password of 90 days. I now have this list of computers in a text file. I
> have
> noted the problems with piping the output from a dsquery direct to dsmove
> so
> I wrote a very basic vbscript (Not a good vbscripter) to read the list and
> do
> the move.
>
> Now before anyone replies I know I could probably have done a bind to AD
> and
> returned the adspath worked on that but I had no idea how to work the
> pwdlastset attribute to return 90 days ago (Any ideas?)... also I have
> seen a
> for delims script which looked interesting and I shall investigate it
> further
> but want to know whats wrong with my own script!!
>
> Here is my script...
>
> option explicit
>
> dim objOU, objFSO, objFile
> dim strComputerDN
>
> const ForReading = 1
> set objOU = GetObject("LDAP://ou=Disabled,dc=home,dc=local")
>
> set objFSO = CreateObject("Scripting.FileSystemObject")
> Set objFile = objFSO.OpenTextFile("C:\scripts\Computers.txt", ForReading)
>
> Do Until objFile.AtEndOfStream
> strComputerDN = objFile.ReadLine
> objOU.MoveHere "LDAP://" & strComputerDN, vbNullString
> Loop
>
> wscript.echo "All Computers Moved"
>
> To get this to work I had to do a find and replace on the text file to
> remove the " marks also... (Why is this?)
>
> Now this worked fine and moved all computers except 2. I discovered that
> these two computers had a distinguished name which contained two instances
> of
> the / character. I renamed the 2 OU's in question to not contain /
> (replaced
> them with a -) and edited my computers text file to put the - in and it
> runs
> fine..
>
> So my question is... I am not sure what the problem is with the slashes in
> the DN and would binding to the adspath have caused the same issue? As you have discovered, double quotes and forward slashes in DN values need
special handling. However, they can be escaped with the backslash, "\",
escape character. See this link for details, and a list of all characters
that need to be escaped:
http://www.rlmueller.net/CharactersEscaped.htm
For Example:
======
Do Until objFile.AtEndOfStream
strComputerDN = Trim(objFile.ReadLine)
If (strComputerDN <> = "") Then
strComputerDN = Replace(strComputerDN, """", "\""")
strComputerDN = Replace(strComputerDN, "/", "\/")
objOU.MoveHere "LDAP://" & strComputerDN, vbNullString
End If
Loop
====
I Trim blanks and skip blank lines, since it is so easy to have a blank line
at the end of a text file. Notice that the " character must be doubled
inside a quoted string. However, I'm surprised that your list of computer
DN's does not already escape the " character. Did you manually create the
list? Most ADSI methods display DN values with all of the characters
escaped, except the forward slash character, "/". I find this is the only
character I need to escape in my VBScript programs.
I have an example VBScript program that disables and moves computer objects
where the password as not been changed in a specified number of days. The
program is linked here:
http://www.rlmueller.net/MoveOldComputers.htm
The program demonstrates how to handle the pwdLastSet attribute. It uses ADO
to retrieve computer DN values. ADO escapes all characters except the "/".
The program includes a line to replace "/" with "\/". Details on converting
Integer8 attributes like pwdLastSet to date/time values linked here:
http://www.rlmueller.net/Integer8Attributes.htm
Finally, to find unused computer objects and deal with them, I recommend Joe
Richards' free oldcmp utility:
http://www.joeware.net/freetools/tools/oldcmp/index.htm
--
Richard Mueller
MVP Directory Services
Hilltop Lab -
http://www.rlmueller.net
--