Creating a Simple Script
Now that the benefits of creating a script for administration have been discussed, the next step is to create a script that modifies Active Directory.
Modifying the directory using scripts involves several parts. Without scripts, you can bring up the MMC and add the snap-in for modifying users and computers. After this is configured, you are able to select an object and modify the fields of the object online. If you perform this action, several items are taking place without your noting. First, the MMC snap-in is actually looking at the Active Directory schema. The schema includes the object names, the descriptive names, and the value or values for each object. As an example, if you open a user object and then look at the properties, there are many tabs of information. Looking at the General tab, there is the telephone number and email. Under the Address tab, you see the street, P.O. Box, state, and so on. With the descriptive name and the object name, you should be able to uniquely identify each field.
MMC Schema Snap-In
The Active Directory schema snap-in is available in the resource kit for Active Directory. This is found on the Server Install disc. You can install the resource kit by browsing the installation CD, going to the /support directory, and then the /tools directory, and then running 2000RSKT.MSI. 2000RSKT.MSI installs the Active Directory Schema snap-in that is used to look at the schema and to identify field names for modification.
A Simple Sample Script
Using the Active Directory schema snap-in and the Active Directory Users and Computers snap-in, you are able to look at the schema and view the fields for an object. A common practice is to change or modify the fields of an object. This example is designed to change fields for all the objects in an organizational unit (OU).
In this example, the business problem is that all the phone numbers and the addresses for all the users in a group have changed. There is a single switchboard number for the group and the office has changed locations for all the users in the GPLAB of Wadeware.
The Visual Basic script is designed to primitively modify the telephone number, street address, and zip code for all the users in the GPLAB OU. The state and city of the address have remained the same. To perform this task, the following script is created and named USERUPDATE.VBS.
REM userupdate.vbs
REM
REM
REM Subroutine Modify
REM passes object that is a point in the tree
REM
Sub ModifyUsers(oObject)
Dim oUser
For Each oUser in oObject
Select Case oUser.Class
Case "user"
oUser.Put "streetAddress","1 Pennsylvania Avenue "
ouser.Put "postalcode","98044"
oUser.Put "telephoneNumber", "425-555-6666"
oUser.SetInfo
End select
Next
End Sub
REM Main program
REM
REM
Dim oDomain
Set oDomain=GetObject("LDAP://OU=GPLAB,DC=w2k,DC=Wadeware,DC=com")
ModifyUsers(oDomain)
MsgBox "Complete"
WScript.QuitThis script contains a body and a subroutine. The main program defines the domain object with the Dim statement. This is initialized with the GetObject routine that uses Lightweight Directory Access Protocol (LDAP) to locate the OU. ModifyUsers is called, using a pointer, to the location in the Active Directory tree that is defined by the LDAP path in the GetObject call.
The ModifyUsers subroutine takes the pointer to the tree location, and for each user at that point in the tree, it modifies the street address, zip code, and telephone number.