Vista - User provisioning for mutilple forests via RDP

Hi,

I am working in a large enterprise environment with many AD forests from
different customers. To create/delete admin users in each environment
requires logging in to each environment manually. The user creation is then
done using a spreadsheet which generates dsadd commands for each environment.

I would like to automate this further by scripting a solution which uses a
password safe and RDP to automatically do the creation for each environment.
My initial thoughts are below:

1. Open the password safe which contains the account details/passwords for
each environment
2. Start script1 on admin PC
3. Script1 reads login details for each environment from password safe
4. Script1 connects via RDP to a server (i.e server1) in the first
environment using details gathered from password safe
5 RDP connection for each server is configured to run a script2 using the
start the following program on connection
6. Script2 copies spreadsheet with dsadd commands from admin pc to server1
via tsclient drive redirection feature
7. Users are created using dsadd commands - results logged
8. Script2 copies log file results back to Admin PC
9. Script2 script logs off server1
10. Script1 resumes after results are returned from script2 and repeats the
process with the next environment.

I would really appreciate some feedback about my idea and whether there is
already some existing code that I could use.

Thanks in advance!

Well I ploughed on regardless and I have now got a script which will read
from an excel file and create CMD files for users in each environment.

The script will then use RDP files to connect to each environment so you can
run the CMD files.

I would like to use a single mmc with remote desktops snapin installed
rather than a separate rdp file for each environment.

At this point I am a bit stuck. I started looking at the "MMC20.Application"
object to automate this but I found this quite fiddly as I had not used it
before and examples are thin on the ground.

Next I thought about using the .Net Microsoft.Management Console class which
looks a bit more user friendly. I think this would mean using Powershell but
I also didn't find any examples.

Any Ideas?

My draft script below

'
=============================================================================================
' automatedobjectcreation.vbs
'
' Modifications:
' Version Date Who What
' 1.0 22.01.2009 Goldstien Draft of script
'
'
' Description:
' The script performs the following tasks
'
' 1. Creates CMD files for creating objects within multiple active directory
environments. The CMD files contain dsadd (for W2K or above) or netuse (NT
environments) commands
' 2. Runs generated CMD files via RDP sessions (optional). Results are
logged to both remote environment and Admin PC
' 3. Archives CMD files following successful completion (optional)
'
' Requirements:
'
' 1. The script uses a special Excel file as input.
'
' 2. To automatically run the commands via RDP then an RDP connection for
each environment must be setup and copied to the script path
'
'
===============================================================================================================

'-----------------------------------------------------------------------------------
' Script setup
'-----------------------------------------------------------------------------------

'Script Information variables - version, name
Version="1.0"
Scriptname=Wscript.scriptName
Set ObjWshNetwork = WScript.CreateObject("WScript.Network")
strhostname=ObjWshNetwork.ComputerName
strachivefolder=ScriptPath&"Archive"

'set Constants

' Excel variables
strselectsheetname="Select_Domain"
straddsheetname="Object Details"
strshowexcel="Y"

' Set inputfilename to be searched through.
strinputfilename=ScriptPath&"Create User_Groups in Domain.xls"

' Change input file if argument is specified
Select Case WScript.Arguments.Count

Case 0
'No arguments specified use default filename
Case 1
set objArgs=WScript.arguments
strinputfilename= objArgs(0)
Case Else
'More than one argument -> Show Help and Quit Script
WScript.Echo "This script expects an XLS File as input."&VbCrLf&"You can
drag and drop the file into the script."
WScript.Quit

End Select

'Generate log file name
position=instr(Scriptname,".")
strLogFile=Left(Scriptname,Position) + "log"

' Open the log file for write access. Append to this file.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set fsout = objFSO.OpenTextFile(strLogFile, 8, True, 0)
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "File " & strLogFile & " cannot be opened"
Set objFSO = Nothing
Wscript.Quit
End If
On Error GoTo 0

' Write headers in LogFile
LogMessage fsout, VbCrLf & "Running Script: " + Wscript.ScriptName + "
Version " _
& version & VbCrLf & Date & " " & Time & VbCrLf
LogMessage fsout, "Using inputfile: " & strinputfilename &VbCrLf

'=======================================================================
'
' Part One - Loop through list of domains marked in List column with "x" and
copy dsadd commands for each domain
'
'=======================================================================

'strpart
strpart="1"

' Setup random seed value for creating passwords
Randomize

'Initialize RDP array
Dim arrrdp ()

'Determine input file type via file extension (i.e XLS or TXT)
Position = instr(strinputfilename,".")
strFileTypeinput = ucase(Mid(strinputfilename,Position+1,3))

OpenInputFile
strinputfilename,strFileTypeinput,strselectsheetname,objinputfile

Booendoffile=False

'Start loop until all of input file is read
Do Until Booendoffile

'Read line of input file
ReadNewLine objinputfile

'If not end of file then get the details of the line
If Not booEndOfFile Then

strselectactivecell=objinputfile.activecell.address
'WScript.Echo strselectactivecell

'WScript.Echo "First column value is " & strselected
strlist = ucase(objinputfile.activecell.offset(0,-1).Value)
'WScript.Echo "Second column value is " & strlist
strselecteddomain= UCase(objinputfile.activecell.value)
strobjectcreationdn=(objinputfile.activecell.offset(0,1).Value)
strdomaintype=(objinputfile.activecell.offset(0,2).Value)
WScript.Echo strdomaintype
If strdomaintype="" Then
strdomaintype="Windows 2000 or above"
Else
strdomaintype="Windows NT"
End If
'WScript.Echo strselecteddomain

'Check if domain is included in the list to process by checking for an 'X'
If strlist="X" Then

'setup outputfile for addcommands
stroutputfile=strhostname&"_"&strselecteddomain&".cmd"
Set objoutputfile = objfso.OpenTextFile(stroutputfile,2, True)
inttotaloutput=inttotaloutput+1

' debug line - choose to stop or continue
'strlineno="136"
'selectactiontype actiontype,strpart,strlineno

'Get dsadd commands for domain
objinputfile.sheets(straddsheetname).Activate

If (Err.Number <> 0) Then
'WScript.Echo "Check Sheet Name in Excel"
wscript.Echo " ERROR - Activating Excel Sheet- check name"
EndScript
End If

'Put the cursor in the starting cell
objinputfile.ActiveSheet.range("C1").Activate

'copy boolean value
origbooendoffile=booendoffile
booendoffile=False

Do Until booendoffile

'Read dsadd line of input file
ReadNewLine objinputfile

If Not booEndOffile Then

strselected = ucase(objinputfile.activecell.offset(0,-2).value)

'Check if there is an 'X' in the first column

If strselected="X" Then

'WScript.Echo " Getting details to generate dsadd commands"
'get details to generate dsadd commands
strteam=objinputfile.activecell.offset(0,-1).value
strcn=objinputfile.activecell.value
strupn1andsam=objinputfile.activecell.offset(0,1).value
strupnsuffix=objinputfile.activecell.offset(0,2).value
strfirstname=objinputfile.activecell.offset(0,3).value
strlastname=objinputfile.activecell.offset(0,4).value
strdescription=objinputfile.activecell.offset(0,5).value
strpassword=objinputfile.activecell.offset(0,6).value

Select Case strpassword

Case ""
strpassword=rndPasswd
WScript.Echo strpassword
objinputfile.activecell.offset(0,6).value=strpassword

Case Else
wscript.echo "Password already exists in sheet"

End Select

Select Case strdomaintype

Case "Windows NT"
WScript.Echo "Windows NT"
straddcommand="net user " & strupn1andsam & " " & strpassword &
" /fullname:" & Chr(34)& strfirstname _
& " " & strlastname & Chr(34) & " /comment:"& Chr(34) & strteam
& Chr(34) & " /expires:never /add /domain"

Case Else

'Generate dsadd command
straddcommand="dsadd user "& Chr(34) & "CN=" & strcn & "," &
strobjectcreationdn & Chr (34) _
& " -upn " &strupn1andsam&strupnsuffix& " -samid " &
strupn1andsam & " -fn " & strfirstname _
& " -ln " & strlastname & " -display " & Chr (34) & strfirstname
& " " & strlastname & Chr(34) _
& " -pwd " & strpassword & " -mustchpwd yes -desc " &
strdescription

End Select

WScript.Echo straddcommand

'Write current entry to output file
objoutputfile.writeline straddcommand

End If

End If

Loop

booendofFile=origbooendoffile

strsummary=strsummary & stroutputfile & VbCrLf

strrdpfile=strselecteddomain&".rdp"

'Add rdp file to array
ReDim preserve arrrdp(n)
arrrdp(n)=strrdpfile
n=n+1

objoutputfile.Close

'Activate select sheet to continue first loop
objinputfile.sheets(strselectsheetname).Activate

'Put the cursor in the correct position
objinputfile.ActiveSheet.range(strselectactivecell).Activate

End If

End If

Loop

'=======================================================================
'
'Part two - Launch RDP session to run commands
'
'=======================================================================

'Constants
intWindowStyle = 1 'show window
bWaitOnReturn = True 'do not wait untill program is finished

strAnswer=Msgbox("Run RDP commands?",321)

Select Case stranswer

Case 1

For Each strrdpsession In arrrdp
'WScript.Echo strrdpsession

'Prompt to continue
strAnswer=Msgbox("This script will now launch " & strrdpsession & " to run
the dsadd commands",321)

Select Case stranswer

Case 1
Set objWShell = CreateObject("Wscript.Shell")
objWShell.Run "mstsc "& strrdpsession, intWindowStyle, bWaitOnReturn

Case 2
wscript.Echo "Skipped " & strrdpsession

End Select

Next

Case 2


End Select



'Run Endscript subroutine
EndScript

'------------------------------------------------------------------------------------------
'Functions and subroutines
'-----------------------------------------------------------------------------------------

Function ScriptPath()
ScriptPath = Left(WScript.ScriptFullName, _
Len(WScript.ScriptFullName) - Len(WScript.ScriptName))
End Function

Function shortScriptPath()
shortScriptPath = Left(WScript.ScriptFullName, _
Len(WScript.ScriptFullName) - Len(WScript.ScriptName)-1)
End Function

Sub LogMessage(fsout, Msg)
'WScript.Echo msg
fsOut.WriteLine msg
End Sub

Sub OpenInputFile
(strinputfilename,strFileTypeinput,strselectsheetname,objinputfile)


Select Case strFileTypeinput


Case "XLS"
'Start EXCEL and do not display it to the user
Err.clear
Set objinputfile = WScript.CreateObject("EXCEL.application")
If (Err.Number <> 0) Then
wscript.echo " ERROR - Starting Excel - check Excel is installed and
working OK"
WScript.quit
End If

Case Else
LogMessage fsout, "Wrong file type for input - must use XLS"
WScript.Echo "ERROR - Must use an XLS file for input - please try
again! "
WScript.quit

End Select

'Set Excel as visible or hidden from user
Select Case strshowexcel

Case "Y","y"
objinputfile.Visible = True

Case "N","n"
objinputfile.Visible = False

End Select

'Open the input file
objinputfile.workbooks.open strinputfilename
If (Err.Number <> 0) Then
'WScript.Echo "Check FileName in Excel"
fsOut.Writeline Err.Number & " ERROR - Opening input file "&
strinputfilename & " - check name"
EndScript
End If

' Activate the worksheet
objinputfile.sheets(strselectsheetname).Activate
If (Err.Number <> 0) Then
'WScript.Echo "Check Sheet Name in Excel"
fsOut.Writeline Err.Number & " ERROR - Activating Excel Sheet- check
name"
EndScript
End If

' Put the cursor in the starting cell
objinputfile.ActiveSheet.range("B1").Activate

End Sub

Sub ReadNewLine (objinputfile)

objinputfile.activecell.offset(1, 0).Activate

' Empty cell means End Of File
If objinputfile.ActiveCell.Value = "" Then
booEndOfFile = True
End If

End Sub

Sub selectactiontype (stractiontype,strpart,strlineno)

stractiontype=InputBox ("Part " & strpart & " at Line " & strlineno & "
complete"&VbCrLf&VbCrLf& _
"Type C and click OK to continue"&VbCrLf&VbCrLf& _
"Type S and click OK to stop"&VbCrLf&VbCrLf,"Part " & strpart& " at
Line " & strlineno &" - Complete","S")

Select Case stractiontype

Case "C","c"
'continue script

Case "S","s"
'stop script
EndScript

Case Else
WScript.Echo "C or S not selected! Try again.."
selectactiontype stractiontype,strpart,strlineno

End Select

End Sub

Function rndPasswd
Upper_Chars =
array("A","B","C","D","E","F","G","H","I","K","L","M","N","P","Q","R","S","T","U","V","W","X","Y","Z")
Lower_Chars =
array("a","b","c","d","e","f","g","h","i","k","l","m","n","p","q","r","s","t","u","v","w","x","y","z")
Digits = array("2","3","4","5","6","8","9")

strPassword = ""
For i = 1 to 3
strPassword = strPassword & Upper_Chars(int(rnd()*24))
Next
For i = 1 to 3
strPassword = strPassword & Lower_Chars(int(rnd()*24))
Next
For i = 1 to 2
strPassword = strPassword & Digits(int(rnd()*7))
Next
rndPasswd = strPassword
End Function

Sub Archivecmds ()

'Create archive folder if not already existing for archiving commands
If objfso.FolderExists(strachivefolder) = True Then
Else
objFSO.CreateFolder strachivefolder
End If

'Setup
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'WScript.Echo shortScriptPath

Set colFiles = objWMIService.ExecQuery _
("ASSOCIATORS OF {Win32_Directory.Name='"&shortscriptpath&"'} Where " _
& "ResultClass = CIM_DataFile")

For Each objFile In colFiles
strDate = Left(objFile.CreationDate, 8)
strExtension = objFile.Extension
If strExtension = "cmd" Then
strobjfilename=objFile.FileName
WScript.Echo strobjfilename
strExtension = Replace(strExtension,"cmd", "log")
strNewName = strachivefolder & "\" & objFile.FileName & "_" & strDate
& "." & strExtension
WScript.Echo strNewName
'errResult = objFile.Rename(strNewName)
strNameCheck = Replace(strNewName, "\", "\\")

i = 1
Do While True
Set colFiles = objWMIService.ExecQuery _
("Select * from Cim_Datafile Where Name = '" & strNameCheck & "'")
If colFiles.Count = 0 Then
errResult = objFile.Rename(strNewName)
Exit Do
Else
i = i + 1
strNewName = strachivefolder & "\" & objFile.FileName & "_" _
& strDate & "_" & i & "." & "log"
strNameCheck = Replace(strNewName, "\", "\\")
End If
Loop
End If
Next

End Sub

Sub EndScript

'Close inputfiles
objinputfile.DisplayAlerts = False
'objinputfile.ActiveWorkbook.Close
'objinputfile.application.quit

' Write totals to log file.
fsout.WriteLine " "
fsout.WriteLine
"----------------------------------------------------------------------------"
fsout.WriteLine "Output files generated:
"
fsout.WriteLine
"----------------------------------------------------------------------------"
fsout.WriteLine strsummary
fsout.WriteLine
"----------------------------------------------------------------------------"

'Archive cmd files on local PC if required
'Prompt to continue
strAnswer=Msgbox(" Do you want to archive the cmd files to " &
strachivefolder & "?",321)

Select Case stranswer

Case 1
Archivecmds

Case 2
WScript.Echo " No archive required - cmd files located in " & ScriptPath

End Select

' Log message on screen and logfile
LogMessage fsout, VbCrLf&"Done. End of script " & Now
MsgBox "Done. End of script " + Wscript.scriptName + " See " + strLogFile +
" for results"
fsout.Close

'Display Log file in notepad
Set objWShell = CreateObject("Wscript.Shell")
objWShell.Run "notepad.exe " + strLogFile

'Clean up
Set objWShell = Nothing
Set objinputfile = Nothing
Set objoutputfile = Nothing
Set objFSO = Nothing
Set objRootDSE = Nothing

'Quit the script
WScript.Quit(Err.Number)

End Sub
"Goldstien" wrote:

Worked it out using MMC2 automation object. Nothing fancy but it seems to work.

Const TextMode = 1

Set objMMC = Wscript.CreateObject("MMC20.Application")
Set objDictionary = CreateObject("Scripting.Dictionary")
' Leave the MMC application in user control when this script ends.
objMMC.UserControl = 1
objDictionary.CompareMode = TextMode
arrdomains=Array("YOURRDPNAME1","YOURRDPNAME2","YOURRDPNAME3")

' Show the MMC application.
objMMC.Show

' Load msc which has remote deskops snapin added and your servers
objMMC.Load("C:\yourpath\yourmmc.msc")

' Retrieve the Document object. The Document object provides access
' to the ScopeNamespace and ActiveView objects.
Dim objDoc
Set objDoc = objMMC.Document

' Retrieve the ScopeNamespace object. The ScopeNamespace object
' will be used when navigating the scope tree.
Dim objSN
Set objSN = objDoc.ScopeNamespace

' Get the console root node.
Dim objRoot
Set objRoot = objDoc.RootNode

' Using the console Root Node, get the RDP node.
Dim objRDPNode
Set objRDPNode = objSN.GetChild(objRoot)

' Expand the RDP Node.
objSN.Expand(objRDPNode)

' Get the ActiveView, which is a View object.
' This object is used to access the list of nodes and column data.
Dim objView
Set objView = objDoc.ActiveView

' Get the first child node of the Event Viewer node.
On Error Resume Next
Dim objNode
Set objNode = Nothing
Set objNode = objSN.GetChild(objRDPNode)

If (objNode Is Nothing) then
' Unexpected condition.
Wscript.echo "Unable to get RDP child node."
'WScript.Echo " No more RDP nodes found "
endscript
End If

n=0

Dim objSib ' Used when moving to the next child (sibling) node.

' Loop through each RDP child nodes.
Do Until (objNode Is Nothing)

'Get name of node
strname=objNode.Name
Msgbox("Node name is " & strname & ". Checking against list")

'set found string
strnodefound="False"

'Cycle through array to check for match
for i = lbound(arrdomains) To UBound(arrdomains)

'Check if node name is found in array
if arrdomains(i) = strname Then
strnodefound="True"

If objDictionary.Exists(strname) Then
Wscript.Echo strname & " already added - please remove duplicate
domain name from RDP file before running the script again."
Endscript
Else

objDictionary.Add strname,n
n=n+1

'Expand the node to run the commands
MsgBox("Expanding node - run " & strname)
objSN.Expand(objNode)
' Set the active scope node to the child node.
objView.ActiveScopeNode = objNode

End If

Else

End If

Next

If strnodefound = "False" Then
MsgBox ("Node not found in array - " & strname)
End If

' Move to the next node
Set objSib = Nothing
Set objSib = objSN.GetNext(objNode)
Set objNode = objSib

Loop

'colItems = objDictionary.Items
'colkeys=objDictionary.Keys
'For Each strKey in colkeys
' Wscript.Echo strKey
'Next

Endscript


Sub Endscript
WScript.Echo " Done! "
Wscript.quit
End sub