|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
07-09-2009
| #1 (permalink) |
| | Make change to account unlock script? UserName = InputBox("Enter the user's login name that you want to unlock:") DomainName = InputBox("Enter the domain name in which the user account exists:") Set UserObj = GetObject("WinNT://"& DomainName &"/"& UserName &"") If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 UserObj.SetInfo If err.number = 0 Then Wscript.Echo "The Account Unlock Failed. Check that the account is, in fact, locked-out." Else Wscript.Echo "The Account Unlock was Successful" End if Instead of prompting for domain name to be typed in every time, I would like to chage it to assume the domain name is always domainname.local so all you need to do is enter the users name, not both user and domain. How can this be done? |
My System Specs |
|
07-09-2009
| #2 (permalink) |
| | Re: Make change to account unlock script? "Mygposts" <Mygposts@xxxxxx> wrote in message news:9B857331-BD26-4547-BC7A-364E47DDF4B9@xxxxxx Quote: > UserName = InputBox("Enter the user's login name that you want to > unlock:") > > DomainName = InputBox("Enter the domain name in which the user account > exists:") > > Set UserObj = GetObject("WinNT://"& DomainName &"/"& UserName &"") > If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 > UserObj.SetInfo > > If err.number = 0 Then > Wscript.Echo "The Account Unlock Failed. Check that the account is, in > fact, locked-out." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > > > > > Instead of prompting for domain name to be typed in every time, I would > like > to chage it to assume the domain name is always domainname.local so all > you > need to do is enter the users name, not both user and domain. > > How can this be done? hardcode the NetBIOS name of the domain. For example, in place of: DomainName = InputBox("Enter the domain name in which the user account exists:") Use: DomainName = "domainname" You do not use "domainname.local". Also, you could retrieve the NetBIOS name of the domain programmatically. There are several ways to do this, but the most straightforward might be as follows: Set objNetwork = CreateObject("Wscript.Network") DomainName = objNetwork.UserDomain Finally, you attempt to trap an error, but as written your script will halt if an error is raised. You need to temporarily disable normal error handling, with "On Error Resume Next". I would suggest: ========== Option Explicit Dim UserName, DomainName, objNetwork, UserObj UserName = InputBox("Enter the user's login name that you want to unlock:") Set objNetwork = CreateObject("Wscript.Network") DomainName = objNetwork.UserDomain Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) If (UserObj.IsAccountLocked = True) then On Error Resume Next UserObj.IsAccountLocked = False UserObj.SetInfo If (err.number = 0) Then Wscript.Echo "The Account Unlock Failed." Else Wscript.Echo "The Account Unlock was Successful" End if On Error GoTo 0 Else Wscript.Echo "Account not locked" End If ======= I also rearranged some steps, so you only invoke SetInfo when necessary. I also used True and False in place of -1 and 0, just for clarity, since the values are boolean. I used "Option Explicit" to make troubleshooting easier. I have an example VBScript program that determines if an account is locked out, then unlocks it if desired, that uses the LDAP provider. The program is linked here: http://www.rlmueller.net/IsUserLocked.htm Yes, the code is much longer, but I'll bet it is faster. Why? Because it uses the LDAP provider instead of the much slower WinNT provider. A lot of the extra code is required because the program prompts for the NT Name of the user, as does your program, but this must be converted to the Distinguished Name for the LDAP provider. The progam uses the NameTranslate object for this conversion, which is very efficient. The IsAccountLocked property method exposed by the LDAP provider does not work when determining if the user is locked out, so extra code is required to read the lockoutTime attribute, convert the huge number to a date, and then calculate if the domain lockoutDuration policy has expired. Yes, a lot of code, but this is all fast. The slowest step in all such programs is the steps that bind to objects in Active Directory. In both cases, there is only one such bind (where the programs bind to the user object), but binding with WinNT will be much slower than with LDAP. Note also, that while the IsAccountLocked property method exposed by LDAP cannot tell if the account is locked out, it can be used to unlock the account. Don't worry. As far as I know your program will work, and a slight delay doesn't matter. I just point out the differences. This is one case where the same operation using the LDAP provider takes many more steps. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
| My System Specs |
|
07-09-2009
| #3 (permalink) |
| | Re: Make change to account unlock script? I just tried your suggested script and it is able to unlock an account with it, but it has an error somewhere. It always displays "the account unlock failed" even when it is succesful. "Richard Mueller [MVP]" wrote: Quote: > > "Mygposts" <Mygposts@xxxxxx> wrote in message > news:9B857331-BD26-4547-BC7A-364E47DDF4B9@xxxxxx Quote: > > UserName = InputBox("Enter the user's login name that you want to > > unlock:") > > > > DomainName = InputBox("Enter the domain name in which the user account > > exists:") > > > > Set UserObj = GetObject("WinNT://"& DomainName &"/"& UserName &"") > > If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 > > UserObj.SetInfo > > > > If err.number = 0 Then > > Wscript.Echo "The Account Unlock Failed. Check that the account is, in > > fact, locked-out." > > Else > > Wscript.Echo "The Account Unlock was Successful" > > End if > > > > > > > > > > Instead of prompting for domain name to be typed in every time, I would > > like > > to chage it to assume the domain name is always domainname.local so all > > you > > need to do is enter the users name, not both user and domain. > > > > How can this be done? > Instead of prompting, if you want to assume the domain name, you can > hardcode the NetBIOS name of the domain. For example, in place of: > > DomainName = InputBox("Enter the domain name in which the user account > exists:") > > Use: > > DomainName = "domainname" > > You do not use "domainname.local". Also, you could retrieve the NetBIOS name > of the domain programmatically. There are several ways to do this, but the > most straightforward might be as follows: > > Set objNetwork = CreateObject("Wscript.Network") > DomainName = objNetwork.UserDomain > > Finally, you attempt to trap an error, but as written your script will halt > if an error is raised. You need to temporarily disable normal error > handling, with "On Error Resume Next". I would suggest: > ========== > Option Explicit > Dim UserName, DomainName, objNetwork, UserObj > > UserName = InputBox("Enter the user's login name that you want to unlock:") > > Set objNetwork = CreateObject("Wscript.Network") > DomainName = objNetwork.UserDomain > > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > If (UserObj.IsAccountLocked = True) then > On Error Resume Next > UserObj.IsAccountLocked = False > UserObj.SetInfo > > If (err.number = 0) Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > On Error GoTo 0 > Else > Wscript.Echo "Account not locked" > End If > ======= > I also rearranged some steps, so you only invoke SetInfo when necessary. I > also used True and False in place of -1 and 0, just for clarity, since the > values are boolean. I used "Option Explicit" to make troubleshooting easier. > > I have an example VBScript program that determines if an account is locked > out, then unlocks it if desired, that uses the LDAP provider. The program is > linked here: > > http://www.rlmueller.net/IsUserLocked.htm > > Yes, the code is much longer, but I'll bet it is faster. Why? Because it > uses the LDAP provider instead of the much slower WinNT provider. A lot of > the extra code is required because the program prompts for the NT Name of > the user, as does your program, but this must be converted to the > Distinguished Name for the LDAP provider. The progam uses the NameTranslate > object for this conversion, which is very efficient. The IsAccountLocked > property method exposed by the LDAP provider does not work when determining > if the user is locked out, so extra code is required to read the lockoutTime > attribute, convert the huge number to a date, and then calculate if the > domain lockoutDuration policy has expired. Yes, a lot of code, but this is > all fast. The slowest step in all such programs is the steps that bind to > objects in Active Directory. In both cases, there is only one such bind > (where the programs bind to the user object), but binding with WinNT will be > much slower than with LDAP. Note also, that while the IsAccountLocked > property method exposed by LDAP cannot tell if the account is locked out, it > can be used to unlock the account. > > Don't worry. As far as I know your program will work, and a slight delay > doesn't matter. I just point out the differences. This is one case where the > same operation using the LDAP provider takes many more steps. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > > |
| My System Specs |
|
07-09-2009
| #4 (permalink) |
| | Re: Make change to account unlock script? I made another change that I think fixed this error: If Not err.number Then Wscript.Echo "The Account Unlock was successful." Else Wscript.Echo "The Account Unlock failed" One last problem that remains is that it crashes if there is a typo in the user name. Is there a way to fix this so it reprompts for the user name to be entered it if fails to find the user name that was entered? "Mygposts" wrote: Quote: > I just tried your suggested script and it is able to unlock an account with > it, but it has an error somewhere. > It always displays "the account unlock failed" even when it is succesful. > > "Richard Mueller [MVP]" wrote: > Quote: > > > > "Mygposts" <Mygposts@xxxxxx> wrote in message > > news:9B857331-BD26-4547-BC7A-364E47DDF4B9@xxxxxx Quote: > > > UserName = InputBox("Enter the user's login name that you want to > > > unlock:") > > > > > > DomainName = InputBox("Enter the domain name in which the user account > > > exists:") > > > > > > Set UserObj = GetObject("WinNT://"& DomainName &"/"& UserName &"") > > > If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 > > > UserObj.SetInfo > > > > > > If err.number = 0 Then > > > Wscript.Echo "The Account Unlock Failed. Check that the account is, in > > > fact, locked-out." > > > Else > > > Wscript.Echo "The Account Unlock was Successful" > > > End if > > > > > > > > > > > > > > > Instead of prompting for domain name to be typed in every time, I would > > > like > > > to chage it to assume the domain name is always domainname.local so all > > > you > > > need to do is enter the users name, not both user and domain. > > > > > > How can this be done? > > Instead of prompting, if you want to assume the domain name, you can > > hardcode the NetBIOS name of the domain. For example, in place of: > > > > DomainName = InputBox("Enter the domain name in which the user account > > exists:") > > > > Use: > > > > DomainName = "domainname" > > > > You do not use "domainname.local". Also, you could retrieve the NetBIOS name > > of the domain programmatically. There are several ways to do this, but the > > most straightforward might be as follows: > > > > Set objNetwork = CreateObject("Wscript.Network") > > DomainName = objNetwork.UserDomain > > > > Finally, you attempt to trap an error, but as written your script will halt > > if an error is raised. You need to temporarily disable normal error > > handling, with "On Error Resume Next". I would suggest: > > ========== > > Option Explicit > > Dim UserName, DomainName, objNetwork, UserObj > > > > UserName = InputBox("Enter the user's login name that you want to unlock:") > > > > Set objNetwork = CreateObject("Wscript.Network") > > DomainName = objNetwork.UserDomain > > > > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > > If (UserObj.IsAccountLocked = True) then > > On Error Resume Next > > UserObj.IsAccountLocked = False > > UserObj.SetInfo > > > > If (err.number = 0) Then > > Wscript.Echo "The Account Unlock Failed." > > Else > > Wscript.Echo "The Account Unlock was Successful" > > End if > > On Error GoTo 0 > > Else > > Wscript.Echo "Account not locked" > > End If > > ======= > > I also rearranged some steps, so you only invoke SetInfo when necessary. I > > also used True and False in place of -1 and 0, just for clarity, since the > > values are boolean. I used "Option Explicit" to make troubleshooting easier. > > > > I have an example VBScript program that determines if an account is locked > > out, then unlocks it if desired, that uses the LDAP provider. The program is > > linked here: > > > > http://www.rlmueller.net/IsUserLocked.htm > > > > Yes, the code is much longer, but I'll bet it is faster. Why? Because it > > uses the LDAP provider instead of the much slower WinNT provider. A lot of > > the extra code is required because the program prompts for the NT Name of > > the user, as does your program, but this must be converted to the > > Distinguished Name for the LDAP provider. The progam uses the NameTranslate > > object for this conversion, which is very efficient. The IsAccountLocked > > property method exposed by the LDAP provider does not work when determining > > if the user is locked out, so extra code is required to read the lockoutTime > > attribute, convert the huge number to a date, and then calculate if the > > domain lockoutDuration policy has expired. Yes, a lot of code, but this is > > all fast. The slowest step in all such programs is the steps that bind to > > objects in Active Directory. In both cases, there is only one such bind > > (where the programs bind to the user object), but binding with WinNT will be > > much slower than with LDAP. Note also, that while the IsAccountLocked > > property method exposed by LDAP cannot tell if the account is locked out, it > > can be used to unlock the account. > > > > Don't worry. As far as I know your program will work, and a slight delay > > doesn't matter. I just point out the differences. This is one case where the > > same operation using the LDAP provider takes many more steps. > > > > -- > > Richard Mueller > > MVP Directory Services > > Hilltop Lab - http://www.rlmueller.net > > -- > > > > > > |
| My System Specs |
|
07-09-2009
| #5 (permalink) |
| | Re: Make change to account unlock script? You were correct about the error condition. I had it wrong. I should have used: If (err.number <> 0) Then Wscript.Echo "The Account Unlock Failed." Else Wscript.Echo "The Account Unlock was Successful" End if but your version works as well. You can also trap the error if the username is invalid. The code would be similar to below: ===== Option Explicit Dim UserName, DomainName, objNetwork, UserObj UserName = InputBox("Enter the user's login name that you want to unlock:") Set objNetwork = CreateObject("Wscript.Network") DomainName = objNetwork.UserDomain On Error Resume Next Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) If (Err.Number <> 0) Then On Error GoTo 0 If (UserObj.IsAccountLocked = True) then On Error Resume Next UserObj.IsAccountLocked = False UserObj.SetInfo If (err.number = 0) Then Wscript.Echo "The Account Unlock Failed." Else Wscript.Echo "The Account Unlock was Successful" End if On Error GoTo 0 Else Wscript.Echo "Account not locked" End If Else On Error GoTo 0 Wscript.Echo "User name " & UserName & " is invalid" End If ======== I like to restore normal error handling as soon as possible, with "On Error GoTo 0". But in this case, it might make sense to leave normal error handling disabled once UserName and DomainName are retrieved. I still restore normal error handling in case my Echo or If statements have an error, but this would work (if you have no typos): ===== Option Explicit Dim UserName, DomainName, objNetwork, UserObj UserName = InputBox("Enter the user's login name that you want to unlock:") Set objNetwork = CreateObject("Wscript.Network") DomainName = objNetwork.UserDomain On Error Resume Next Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) If (Err.Number <> 0) Then If (UserObj.IsAccountLocked = True) then UserObj.IsAccountLocked = False UserObj.SetInfo If (err.number = 0) Then Wscript.Echo "The Account Unlock Failed." Else Wscript.Echo "The Account Unlock was Successful" End if Else Wscript.Echo "Account not locked" End If Else Wscript.Echo "User name " & UserName & " is invalid" End If -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- "Mygposts" <Mygposts@xxxxxx> wrote in message news:BE46E2B9-3A05-4CCC-A671-A11AA72C2E14@xxxxxx Quote: >I made another change that I think fixed this error: > > If Not err.number Then > Wscript.Echo "The Account Unlock was successful." > Else > Wscript.Echo "The Account Unlock failed" > > One last problem that remains is that it crashes if there is a typo in the > user name. > Is there a way to fix this so it reprompts for the user name to be entered > it if fails to find the user name that was entered? > > "Mygposts" wrote: > Quote: >> I just tried your suggested script and it is able to unlock an account >> with >> it, but it has an error somewhere. >> It always displays "the account unlock failed" even when it is succesful. >> >> "Richard Mueller [MVP]" wrote: >> Quote: >> > >> > "Mygposts" <Mygposts@xxxxxx> wrote in message >> > news:9B857331-BD26-4547-BC7A-364E47DDF4B9@xxxxxx >> > > UserName = InputBox("Enter the user's login name that you want to >> > > unlock:") >> > > >> > > DomainName = InputBox("Enter the domain name in which the user >> > > account >> > > exists:") >> > > >> > > Set UserObj = GetObject("WinNT://"& DomainName &"/"& UserName &"") >> > > If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 >> > > UserObj.SetInfo >> > > >> > > If err.number = 0 Then >> > > Wscript.Echo "The Account Unlock Failed. Check that the account >> > > is, in >> > > fact, locked-out." >> > > Else >> > > Wscript.Echo "The Account Unlock was Successful" >> > > End if >> > > >> > > >> > > >> > > >> > > Instead of prompting for domain name to be typed in every time, I >> > > would >> > > like >> > > to chage it to assume the domain name is always domainname.local so >> > > all >> > > you >> > > need to do is enter the users name, not both user and domain. >> > > >> > > How can this be done? >> > >> > Instead of prompting, if you want to assume the domain name, you can >> > hardcode the NetBIOS name of the domain. For example, in place of: >> > >> > DomainName = InputBox("Enter the domain name in which the user >> > account >> > exists:") >> > >> > Use: >> > >> > DomainName = "domainname" >> > >> > You do not use "domainname.local". Also, you could retrieve the NetBIOS >> > name >> > of the domain programmatically. There are several ways to do this, but >> > the >> > most straightforward might be as follows: >> > >> > Set objNetwork = CreateObject("Wscript.Network") >> > DomainName = objNetwork.UserDomain >> > >> > Finally, you attempt to trap an error, but as written your script will >> > halt >> > if an error is raised. You need to temporarily disable normal error >> > handling, with "On Error Resume Next". I would suggest: >> > ========== >> > Option Explicit >> > Dim UserName, DomainName, objNetwork, UserObj >> > >> > UserName = InputBox("Enter the user's login name that you want to >> > unlock:") >> > >> > Set objNetwork = CreateObject("Wscript.Network") >> > DomainName = objNetwork.UserDomain >> > >> > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) >> > If (UserObj.IsAccountLocked = True) then >> > On Error Resume Next >> > UserObj.IsAccountLocked = False >> > UserObj.SetInfo >> > >> > If (err.number = 0) Then >> > Wscript.Echo "The Account Unlock Failed." >> > Else >> > Wscript.Echo "The Account Unlock was Successful" >> > End if >> > On Error GoTo 0 >> > Else >> > Wscript.Echo "Account not locked" >> > End If >> > ======= >> > I also rearranged some steps, so you only invoke SetInfo when >> > necessary. I >> > also used True and False in place of -1 and 0, just for clarity, since >> > the >> > values are boolean. I used "Option Explicit" to make troubleshooting >> > easier. >> > >> > I have an example VBScript program that determines if an account is >> > locked >> > out, then unlocks it if desired, that uses the LDAP provider. The >> > program is >> > linked here: >> > >> > http://www.rlmueller.net/IsUserLocked.htm >> > >> > Yes, the code is much longer, but I'll bet it is faster. Why? Because >> > it >> > uses the LDAP provider instead of the much slower WinNT provider. A lot >> > of >> > the extra code is required because the program prompts for the NT Name >> > of >> > the user, as does your program, but this must be converted to the >> > Distinguished Name for the LDAP provider. The progam uses the >> > NameTranslate >> > object for this conversion, which is very efficient. The >> > IsAccountLocked >> > property method exposed by the LDAP provider does not work when >> > determining >> > if the user is locked out, so extra code is required to read the >> > lockoutTime >> > attribute, convert the huge number to a date, and then calculate if the >> > domain lockoutDuration policy has expired. Yes, a lot of code, but this >> > is >> > all fast. The slowest step in all such programs is the steps that bind >> > to >> > objects in Active Directory. In both cases, there is only one such bind >> > (where the programs bind to the user object), but binding with WinNT >> > will be >> > much slower than with LDAP. Note also, that while the IsAccountLocked >> > property method exposed by LDAP cannot tell if the account is locked >> > out, it >> > can be used to unlock the account. >> > >> > Don't worry. As far as I know your program will work, and a slight >> > delay >> > doesn't matter. I just point out the differences. This is one case >> > where the >> > same operation using the LDAP provider takes many more steps. >> > >> > -- >> > Richard Mueller >> > MVP Directory Services >> > Hilltop Lab - http://www.rlmueller.net >> > -- >> > >> > >> > |
| My System Specs |
|
07-09-2009
| #6 (permalink) |
| | Re: Make change to account unlock script? Notice that I screwed up the logic with Err.Number again. My last example should be: ============ Option Explicit Dim UserName, DomainName, objNetwork, UserObj UserName = InputBox("Enter the user's login name that you want to unlock:") Set objNetwork = CreateObject("Wscript.Network") DomainName = objNetwork.UserDomain On Error Resume Next Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) If (Err.Number = 0) Then On Error GoTo 0 If (UserObj.IsAccountLocked = True) then On Error Resume Next UserObj.IsAccountLocked = False UserObj.SetInfo If (err.number <> 0) Then Wscript.Echo "The Account Unlock Failed." Else Wscript.Echo "The Account Unlock was Successful" End if On Error GoTo 0 Else Wscript.Echo "Account not locked" End If Else On Error GoTo 0 Wscript.Echo "User name " & UserName & " is invalid" End If ========= Sorry about that. Obviously, if Err.Number is 0, there was no error. If Err.Number has any other value, an error was raised. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in message news:O%23rsRtNAKHA.4432@xxxxxx Quote: > You were correct about the error condition. I had it wrong. I should have > used: > > If (err.number <> 0) Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > > but your version works as well. You can also trap the error if the > username is invalid. The code would be similar to below: > ===== > Option Explicit > Dim UserName, DomainName, objNetwork, UserObj > > UserName = InputBox("Enter the user's login name that you want to > unlock:") > > Set objNetwork = CreateObject("Wscript.Network") > DomainName = objNetwork.UserDomain > > On Error Resume Next > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > If (Err.Number <> 0) Then > On Error GoTo 0 > If (UserObj.IsAccountLocked = True) then > On Error Resume Next > UserObj.IsAccountLocked = False > UserObj.SetInfo > > If (err.number = 0) Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > On Error GoTo 0 > Else > Wscript.Echo "Account not locked" > End If > Else > On Error GoTo 0 > Wscript.Echo "User name " & UserName & " is invalid" > End If > ======== > I like to restore normal error handling as soon as possible, with "On > Error GoTo 0". But in this case, it might make sense to leave normal error > handling disabled once UserName and DomainName are retrieved. I still > restore normal error handling in case my Echo or If statements have an > error, but this would work (if you have no typos): > ===== > Option Explicit > Dim UserName, DomainName, objNetwork, UserObj > > UserName = InputBox("Enter the user's login name that you want to > unlock:") > > Set objNetwork = CreateObject("Wscript.Network") > DomainName = objNetwork.UserDomain > > On Error Resume Next > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > If (Err.Number <> 0) Then > If (UserObj.IsAccountLocked = True) then > UserObj.IsAccountLocked = False > UserObj.SetInfo > > If (err.number = 0) Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > Else > Wscript.Echo "Account not locked" > End If > Else > Wscript.Echo "User name " & UserName & " is invalid" > End If > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > "Mygposts" <Mygposts@xxxxxx> wrote in message > news:BE46E2B9-3A05-4CCC-A671-A11AA72C2E14@xxxxxx Quote: >>I made another change that I think fixed this error: >> >> If Not err.number Then >> Wscript.Echo "The Account Unlock was successful." >> Else >> Wscript.Echo "The Account Unlock failed" >> >> One last problem that remains is that it crashes if there is a typo in >> the >> user name. >> Is there a way to fix this so it reprompts for the user name to be >> entered >> it if fails to find the user name that was entered? >> >> "Mygposts" wrote: >> Quote: >>> I just tried your suggested script and it is able to unlock an account >>> with >>> it, but it has an error somewhere. >>> It always displays "the account unlock failed" even when it is >>> succesful. >>> >>> "Richard Mueller [MVP]" wrote: >>> >>> > >>> > "Mygposts" <Mygposts@xxxxxx> wrote in message >>> > news:9B857331-BD26-4547-BC7A-364E47DDF4B9@xxxxxx >>> > > UserName = InputBox("Enter the user's login name that you want to >>> > > unlock:") >>> > > >>> > > DomainName = InputBox("Enter the domain name in which the user >>> > > account >>> > > exists:") >>> > > >>> > > Set UserObj = GetObject("WinNT://"& DomainName &"/"& UserName &"") >>> > > If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 >>> > > UserObj.SetInfo >>> > > >>> > > If err.number = 0 Then >>> > > Wscript.Echo "The Account Unlock Failed. Check that the account >>> > > is, in >>> > > fact, locked-out." >>> > > Else >>> > > Wscript.Echo "The Account Unlock was Successful" >>> > > End if >>> > > >>> > > >>> > > >>> > > >>> > > Instead of prompting for domain name to be typed in every time, I >>> > > would >>> > > like >>> > > to chage it to assume the domain name is always domainname.local so >>> > > all >>> > > you >>> > > need to do is enter the users name, not both user and domain. >>> > > >>> > > How can this be done? >>> > >>> > Instead of prompting, if you want to assume the domain name, you can >>> > hardcode the NetBIOS name of the domain. For example, in place of: >>> > >>> > DomainName = InputBox("Enter the domain name in which the user >>> > account >>> > exists:") >>> > >>> > Use: >>> > >>> > DomainName = "domainname" >>> > >>> > You do not use "domainname.local". Also, you could retrieve the >>> > NetBIOS name >>> > of the domain programmatically. There are several ways to do this, but >>> > the >>> > most straightforward might be as follows: >>> > >>> > Set objNetwork = CreateObject("Wscript.Network") >>> > DomainName = objNetwork.UserDomain >>> > >>> > Finally, you attempt to trap an error, but as written your script will >>> > halt >>> > if an error is raised. You need to temporarily disable normal error >>> > handling, with "On Error Resume Next". I would suggest: >>> > ========== >>> > Option Explicit >>> > Dim UserName, DomainName, objNetwork, UserObj >>> > >>> > UserName = InputBox("Enter the user's login name that you want to >>> > unlock:") >>> > >>> > Set objNetwork = CreateObject("Wscript.Network") >>> > DomainName = objNetwork.UserDomain >>> > >>> > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) >>> > If (UserObj.IsAccountLocked = True) then >>> > On Error Resume Next >>> > UserObj.IsAccountLocked = False >>> > UserObj.SetInfo >>> > >>> > If (err.number = 0) Then >>> > Wscript.Echo "The Account Unlock Failed." >>> > Else >>> > Wscript.Echo "The Account Unlock was Successful" >>> > End if >>> > On Error GoTo 0 >>> > Else >>> > Wscript.Echo "Account not locked" >>> > End If >>> > ======= >>> > I also rearranged some steps, so you only invoke SetInfo when >>> > necessary. I >>> > also used True and False in place of -1 and 0, just for clarity, since >>> > the >>> > values are boolean. I used "Option Explicit" to make troubleshooting >>> > easier. >>> > >>> > I have an example VBScript program that determines if an account is >>> > locked >>> > out, then unlocks it if desired, that uses the LDAP provider. The >>> > program is >>> > linked here: >>> > >>> > http://www.rlmueller.net/IsUserLocked.htm >>> > >>> > Yes, the code is much longer, but I'll bet it is faster. Why? Because >>> > it >>> > uses the LDAP provider instead of the much slower WinNT provider. A >>> > lot of >>> > the extra code is required because the program prompts for the NT Name >>> > of >>> > the user, as does your program, but this must be converted to the >>> > Distinguished Name for the LDAP provider. The progam uses the >>> > NameTranslate >>> > object for this conversion, which is very efficient. The >>> > IsAccountLocked >>> > property method exposed by the LDAP provider does not work when >>> > determining >>> > if the user is locked out, so extra code is required to read the >>> > lockoutTime >>> > attribute, convert the huge number to a date, and then calculate if >>> > the >>> > domain lockoutDuration policy has expired. Yes, a lot of code, but >>> > this is >>> > all fast. The slowest step in all such programs is the steps that bind >>> > to >>> > objects in Active Directory. In both cases, there is only one such >>> > bind >>> > (where the programs bind to the user object), but binding with WinNT >>> > will be >>> > much slower than with LDAP. Note also, that while the IsAccountLocked >>> > property method exposed by LDAP cannot tell if the account is locked >>> > out, it >>> > can be used to unlock the account. >>> > >>> > Don't worry. As far as I know your program will work, and a slight >>> > delay >>> > doesn't matter. I just point out the differences. This is one case >>> > where the >>> > same operation using the LDAP provider takes many more steps. >>> > >>> > -- >>> > Richard Mueller >>> > MVP Directory Services >>> > Hilltop Lab - http://www.rlmueller.net >>> > -- >>> > >>> > >>> > > |
| My System Specs |
|
07-09-2009
| #7 (permalink) |
| | Re: Make change to account unlock script? Neither of those worked. The first one said it was successful even when I typed gibberish for the username and the second one gave and error as soon as I clicked on it: "Unexpected "End' "Richard Mueller [MVP]" wrote: Quote: > You were correct about the error condition. I had it wrong. I should have > used: > > If (err.number <> 0) Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > > but your version works as well. You can also trap the error if the username > is invalid. The code would be similar to below: > ===== > Option Explicit > Dim UserName, DomainName, objNetwork, UserObj > > UserName = InputBox("Enter the user's login name that you want to unlock:") > > Set objNetwork = CreateObject("Wscript.Network") > DomainName = objNetwork.UserDomain > > On Error Resume Next > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > If (Err.Number <> 0) Then > On Error GoTo 0 > If (UserObj.IsAccountLocked = True) then > On Error Resume Next > UserObj.IsAccountLocked = False > UserObj.SetInfo > > If (err.number = 0) Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > On Error GoTo 0 > Else > Wscript.Echo "Account not locked" > End If > Else > On Error GoTo 0 > Wscript.Echo "User name " & UserName & " is invalid" > End If > ======== > I like to restore normal error handling as soon as possible, with "On Error > GoTo 0". But in this case, it might make sense to leave normal error > handling disabled once UserName and DomainName are retrieved. I still > restore normal error handling in case my Echo or If statements have an > error, but this would work (if you have no typos): > ===== > Option Explicit > Dim UserName, DomainName, objNetwork, UserObj > > UserName = InputBox("Enter the user's login name that you want to unlock:") > > Set objNetwork = CreateObject("Wscript.Network") > DomainName = objNetwork.UserDomain > > On Error Resume Next > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > If (Err.Number <> 0) Then > If (UserObj.IsAccountLocked = True) then > UserObj.IsAccountLocked = False > UserObj.SetInfo > > If (err.number = 0) Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End if > Else > Wscript.Echo "Account not locked" > End If > Else > Wscript.Echo "User name " & UserName & " is invalid" > End If > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > "Mygposts" <Mygposts@xxxxxx> wrote in message > news:BE46E2B9-3A05-4CCC-A671-A11AA72C2E14@xxxxxx Quote: > >I made another change that I think fixed this error: > > > > If Not err.number Then > > Wscript.Echo "The Account Unlock was successful." > > Else > > Wscript.Echo "The Account Unlock failed" > > > > One last problem that remains is that it crashes if there is a typo in the > > user name. > > Is there a way to fix this so it reprompts for the user name to be entered > > it if fails to find the user name that was entered? > > > > "Mygposts" wrote: > > Quote: > >> I just tried your suggested script and it is able to unlock an account > >> with > >> it, but it has an error somewhere. > >> It always displays "the account unlock failed" even when it is succesful. > >> > >> "Richard Mueller [MVP]" wrote: > >> > >> > > >> > "Mygposts" <Mygposts@xxxxxx> wrote in message > >> > news:9B857331-BD26-4547-BC7A-364E47DDF4B9@xxxxxx > >> > > UserName = InputBox("Enter the user's login name that you want to > >> > > unlock:") > >> > > > >> > > DomainName = InputBox("Enter the domain name in which the user > >> > > account > >> > > exists:") > >> > > > >> > > Set UserObj = GetObject("WinNT://"& DomainName &"/"& UserName &"") > >> > > If UserObj.IsAccountLocked = -1 then UserObj.IsAccountLocked = 0 > >> > > UserObj.SetInfo > >> > > > >> > > If err.number = 0 Then > >> > > Wscript.Echo "The Account Unlock Failed. Check that the account > >> > > is, in > >> > > fact, locked-out." > >> > > Else > >> > > Wscript.Echo "The Account Unlock was Successful" > >> > > End if > >> > > > >> > > > >> > > > >> > > > >> > > Instead of prompting for domain name to be typed in every time, I > >> > > would > >> > > like > >> > > to chage it to assume the domain name is always domainname.local so > >> > > all > >> > > you > >> > > need to do is enter the users name, not both user and domain. > >> > > > >> > > How can this be done? > >> > > >> > Instead of prompting, if you want to assume the domain name, you can > >> > hardcode the NetBIOS name of the domain. For example, in place of: > >> > > >> > DomainName = InputBox("Enter the domain name in which the user > >> > account > >> > exists:") > >> > > >> > Use: > >> > > >> > DomainName = "domainname" > >> > > >> > You do not use "domainname.local". Also, you could retrieve the NetBIOS > >> > name > >> > of the domain programmatically. There are several ways to do this, but > >> > the > >> > most straightforward might be as follows: > >> > > >> > Set objNetwork = CreateObject("Wscript.Network") > >> > DomainName = objNetwork.UserDomain > >> > > >> > Finally, you attempt to trap an error, but as written your script will > >> > halt > >> > if an error is raised. You need to temporarily disable normal error > >> > handling, with "On Error Resume Next". I would suggest: > >> > ========== > >> > Option Explicit > >> > Dim UserName, DomainName, objNetwork, UserObj > >> > > >> > UserName = InputBox("Enter the user's login name that you want to > >> > unlock:") > >> > > >> > Set objNetwork = CreateObject("Wscript.Network") > >> > DomainName = objNetwork.UserDomain > >> > > >> > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > >> > If (UserObj.IsAccountLocked = True) then > >> > On Error Resume Next > >> > UserObj.IsAccountLocked = False > >> > UserObj.SetInfo > >> > > >> > If (err.number = 0) Then > >> > Wscript.Echo "The Account Unlock Failed." > >> > Else > >> > Wscript.Echo "The Account Unlock was Successful" > >> > End if > >> > On Error GoTo 0 > >> > Else > >> > Wscript.Echo "Account not locked" > >> > End If > >> > ======= > >> > I also rearranged some steps, so you only invoke SetInfo when > >> > necessary. I > >> > also used True and False in place of -1 and 0, just for clarity, since > >> > the > >> > values are boolean. I used "Option Explicit" to make troubleshooting > >> > easier. > >> > > >> > I have an example VBScript program that determines if an account is > >> > locked > >> > out, then unlocks it if desired, that uses the LDAP provider. The > >> > program is > >> > linked here: > >> > > >> > http://www.rlmueller.net/IsUserLocked.htm > >> > > >> > Yes, the code is much longer, but I'll bet it is faster. Why? Because > >> > it > >> > uses the LDAP provider instead of the much slower WinNT provider. A lot > >> > of > >> > the extra code is required because the program prompts for the NT Name > >> > of > >> > the user, as does your program, but this must be converted to the > >> > Distinguished Name for the LDAP provider. The progam uses the > >> > NameTranslate > >> > object for this conversion, which is very efficient. The > >> > IsAccountLocked > >> > property method exposed by the LDAP provider does not work when > >> > determining > >> > if the user is locked out, so extra code is required to read the > >> > lockoutTime > >> > attribute, convert the huge number to a date, and then calculate if the > >> > domain lockoutDuration policy has expired. Yes, a lot of code, but this > >> > is > >> > all fast. The slowest step in all such programs is the steps that bind > >> > to > >> > objects in Active Directory. In both cases, there is only one such bind > >> > (where the programs bind to the user object), but binding with WinNT > >> > will be > >> > much slower than with LDAP. Note also, that while the IsAccountLocked > >> > property method exposed by LDAP cannot tell if the account is locked > >> > out, it > >> > can be used to unlock the account. > >> > > >> > Don't worry. As far as I know your program will work, and a slight > >> > delay > >> > doesn't matter. I just point out the differences. This is one case > >> > where the > >> > same operation using the LDAP provider takes many more steps. > >> > > >> > -- > >> > Richard Mueller > >> > MVP Directory Services > >> > Hilltop Lab - http://www.rlmueller.net > >> > -- > >> > > >> > > >> > > > |
| My System Specs |
|
07-09-2009
| #8 (permalink) |
| | Re: Make change to account unlock script? "Mygposts" <Mygposts@xxxxxx> wrote Quote: > Neither of those worked. > The first one said it was successful even when I typed gibberish for the > username and the second one gave and error as soon as I clicked on it: > "Unexpected "End' True condition of an If/Then statement so that the True path is always on top, and the False path always follows after an Else. If you are not going to use the True path, preceed the If condition with Not: If <condition> Then <True path> Else <False path> End If Or If Not <condition> Then <code> End If If you remain consistant in that style, you are less likely to get confused with what code is going to execute under different conditions. Following that style, Richard's code looks like: '- - - Option Explicit Dim UserName, DomainName, objNetwork, UserObj UserName = InputBox("Enter the user's login name that you want to unlock:") Set objNetwork = CreateObject("Wscript.Network") DomainName = objNetwork.UserDomain On Error Resume Next Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) If Err.Number Then Wscript.Echo "User name " & UserName & " is invalid" Else If UserObj.IsAccountLocked Then UserObj.IsAccountLocked = False UserObj.SetInfo If Err.Number Then Wscript.Echo "The Account Unlock Failed." Else Wscript.Echo "The Account Unlock was Successful" End If Else Wscript.Echo "Account not locked" End If End If '- - - See if that does any better... LFS |
| My System Specs |
|
07-09-2009
| #9 (permalink) |
| | Re: Make change to account unlock script? The last one looks good so far. Thanks. "Larry Serflaten" wrote: Quote: > > "Mygposts" <Mygposts@xxxxxx> wrote Quote: > > Neither of those worked. > > The first one said it was successful even when I typed gibberish for the > > username and the second one gave and error as soon as I clicked on it: > > "Unexpected "End' > To add consistancy to your scripts, I would suggest you always use the > True condition of an If/Then statement so that the True path is always > on top, and the False path always follows after an Else. If you are not > going to use the True path, preceed the If condition with Not: > > If <condition> Then > <True path> > Else > <False path> > End If > > Or > > If Not <condition> Then > <code> > End If > > If you remain consistant in that style, you are less likely to get confused > with what code is going to execute under different conditions. Following > that style, Richard's code looks like: > '- - - > Option Explicit > Dim UserName, DomainName, objNetwork, UserObj > > UserName = InputBox("Enter the user's login name that you want to unlock:") > > Set objNetwork = CreateObject("Wscript.Network") > DomainName = objNetwork.UserDomain > > On Error Resume Next > Set UserObj = GetObject("WinNT://" & DomainName & "/" & UserName) > If Err.Number Then > Wscript.Echo "User name " & UserName & " is invalid" > Else > If UserObj.IsAccountLocked Then > UserObj.IsAccountLocked = False > UserObj.SetInfo > If Err.Number Then > Wscript.Echo "The Account Unlock Failed." > Else > Wscript.Echo "The Account Unlock was Successful" > End If > Else > Wscript.Echo "Account not locked" > End If > End If > '- - - > > > See if that does any better... > LFS > > > |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| [unlock.exe] Software Locked all Privilege and Unable to Unlock | Software | |||
| Help with Script to Change Logon Account of a Service | VB Script | |||
| Unlock The Supersecret Administrator Account For Vista | Vista News | |||
| make a logon script with powershell | PowerShell | |||
| Can someone make me a SR script? | Vista General | |||
