Archive

Archive for the ‘VBScript’ Category

LogonHours

July 22, 2009 Leave a comment

Below is a script to find any users who have logon hours restricted (i.e. not set to “Allow Any Time”)

 

Don’t forget to generate an objects.txt by doing a “dsquery –user –l 0 > objects.txt” as per any of my other scripts.

 

strtextfile = "objects.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)
On Error Resume Next

Do
strobject = objTextFile.ReadLine
strobject = Mid(strobject,2,Len(strobject)-2)

Set objObject = GetObject("LDAP://" & strObject)
arrLogonHours = objObject.Get("logonHours")
strName = objObject.Get("CN")

If arrLogonHours <> "" Then
‘wscript.echo (strName & " has had Logon Hours defined – checking to see if they have any set currently")

For i = 1 To LenB(arrLogonHours)
    strLogonArray = AscB(MidB(arrLogonHours, i, 1))
arrLogonArray = arrLogonArray & strLogonArray

strMidB = MidB(arrLogonHours, i, 1)

Next
if arrLogonArray <> "255255255255255255255255255255255255255255255255255255255255255" then
WScript.Echo (strName & " has Logon Hours defined – please investigate.")
end if

arrLogonArray = ""

End If

arrLogonHours = ""

Loop Until objtextfile.AtEndOfStream = True

Advertisements

OALGen will skip user entry ‘USER’ in address list "\Global Address List’ because the SMTP address " is invalid

October 13, 2008 2 comments

This old flame popped up again the other day. Now I seem to remember there was some pre-SP1 issues regarding this, however I wasn’t aware that post-SP1 you could still have problems.

Basically the OAB wont generate entries for users who’s "Email" field in AD is blank (or, in fact, not the same as the "Reply To" address in Exchange).

What do you do if you have multiple users who are incorrect, and you need to fix it (but don’t want to spend hours finding / fixing accounts one at a time)?

You script it of course.

DSQuery user (you may need the -limit flag) > objects.txt

Edit to remove the MS command crap (so that it starts @ your first user)

Save the following script as a vbs file (in the same folder as your objects.txt) and run.

‘ This code will output all users without a email address in AD who should have one.

‘ It will also change the address (if required)

‘ Writted by Stephen Croft from ANS

strtextfile = "objects.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)

Dim primary

strSMTP = "SMTP"

Do

strobject = objTextFile.ReadLine

strobject = Mid(strobject,2,Len(strobject)-2)

Set objObject = GetObject("LDAP://" & strObject)

on error resume next

‘Gets current Email AD Field?

intEmail = objObject.Get("mail")

‘Finds Primary Email Address from "proxyAddresses"

For Each EMail In objObject.GetEx("proxyAddresses")

primary = InStr(1,EMail,strSMTP,0)

If primary = 1 Then

Intproxy2 = Right(EMail,Len(EMail)-5)

End If

Next

‘Should the user have an address (i.e. is there a primary SMTP)?

If intProxy2 "" Then

‘Echos to command object that is blank, and correct email address.

If intEmail = "" Then

WScript.Echo strobject & " is blank, should be " & Intproxy2

‘Changes AD object (2 lines of code) to have Primary as AD Email

objObject.Put "mail", intProxy2

objObject.SetInfo
End if

Else

End If

‘Blanks all variables to keep it functioning properly

intEmail = ""

intProxy = ""

intProxy2 = ""

Loop Until objtextfile.AtEndOfStream = True

The bolded lines change the objects, probably best REM’ing these out and testing what it wants to change (and to what for that matter) by running it from a cmd prompt, and piping it into a output.txt of some sort.

And excuse my scripting, it’s not always the tidiest (but it works goddamn it!! 😛 )

Have fun 🙂

Categories: Exchange 2007, VBScript

Finding users who are not Inheriting Rights

October 6, 2008 Leave a comment

Got a request from a support company, they have found multiple users who are not inheriting rights from above. These users are random, and he wanted a quick way to find (and therefore fix) the users effected. Screenshot below of the checkbox the users have mysteriously "unchecked";

VBScript0.jpeg

So I created a little script that will check users to see if they are set to inherit or not.

First, create a new folder. Get a list of all users in your AD (or a specific OU) by doing the following;

VBScript1.jpeg

Now, create a VBScript file with the following content;

‘ This code will output all users who are currently NOT inhereting

‘ Security from above.

‘ Writted by Stephen Croft and Chris Stos-Gale from ANS

strtextfile = "objects.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)

Const SE_DACL_PROTECTED = 0 ‘ set to 0 to enable inheritance

Do

strobject = objTextFile.ReadLine

strobject = Mid(strobject,2,Len(strobject)-2)

Set objObject = GetObject("LDAP://" & strObject)

Set objntSD = objObject.Get("nTSecurityDescriptor")

intNTSDControl = objNtSD.Control

If objntSD.Control = 39940 Then

WScript.Echo strobject & " Needs Changing"

End if

Loop Until objtextfile.AtEndOfStream = True

And save in the same folder as your objects.txt file that the first part created.

Now, back to command prompt for the following;

VBScript2.jpeg

Where test.vbs is your vbs file you created (obviously).

This will create a output txt file (test.txt in this matter) that is Tab Seperated (for Excel import) of all users who are NOT inheriting rights from above.

To change them to be inheriting, either pick through the list manually, or edit the VBS script slightly as per below;

‘ This code will output all users who are currently NOT inhereting

‘ Security from above.

‘ Writted by Stephen Croft

strtextfile = "objects.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)

Const SE_DACL_PROTECTED = 0 ‘ set to 0 to enable inheritance

Do

strobject = objTextFile.ReadLine

strobject = Mid(strobject,2,Len(strobject)-2)

Set objObject = GetObject("LDAP://" & strObject)

Set objntSD = objObject.Get("nTSecurityDescriptor")

intNTSDControl = objNtSD.Control

If objntSD.Control = 39940 Then

intNTSDControl = intNTSDControl And SE_DACL_PROTECTED

objntSD.Control = intNTSDControl

objObject.Put "nTSecurityDescriptor", objntSD

objObject.SetInfo

End if

Loop Until objtextfile.AtEndOfStream = True

Obviously be careful with this, and don’t hold me responsible if it breaks anything!!!