Query on Windows Server 2003 and 2008

Query on Windows Server 2003 and 2008

Alexander Roberts

To create the new domain users, exchange accounts and shared drives in windows 2003 servers or win 2008 you may use some scripts, which will allow to keep on using the same for any new such entities, instead of going through the long procedure of creating these individually.

START WITH The following script without the serial numbers:

1. Dim StrOU, strUser, strDNSDomain, objCommand

2. Dim objRootLDAP, objGroup, objUser, strQuery

3. Dim strDN, objManager, strDateCreated

Now  Use ADO to get Active Directory information

1. Set objConnection = CreateObject("ADODB.Connection")

2. Set objCommand = CreateObject("ADODB.Command")

3. ObjConnection.Provider = "ADsDSOObject"

4. ObjConnection.Open "Active Directory Provider"

5. Set objCommand.ActiveConnection = objConnection

Again Get Time Zone Information from local computer

1.       dtmLatestLogon = #1/1/1601#

2.       dtmWhenCreated = #1/1/1601#

3.       strComputer = "."

4.       Set objWMIService = GetObject("winmgmts:" & strComputer & "rootcimv2")

5.       Set colTimeZones = objWMIService.ExecQuery("Select * From

6.       Win32_TimeZone")

7.       For Each objTimeZone in colTimeZones

8.       intTimeZoneBias = objTimeZone.Bias

9.       intDaylightBias = objTimeZone.DaylightBias

10.   Next

Now  Define User and Group Information

1.       '##### — Change These Values — #####

2.       strUser = "CN=TestUser," ' Name of existing AD user

3.       strOU = "OU=Test," ' Name of OU that user is in

4.       strGroup = "CN=Test Group," ' Name of existing group to add user to

5.       '##### — End Section — #####

Now  Check for Password Last Set and Password Expiration

1.       Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

2.       Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

3.       Const ONE_HUNDRED_NANOSECOND    = .000000100

4.       Const SECONDS_IN_DAY            = 86400

5.       intUserAccountControl = objUser.Get("userAccountControl")

6.       If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then ' LINE11

7.       WScript.Echo "The password does not expire."

8.       Else

9.       dtmValue = objUser.PasswordLastChanged

10.   If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then  ' LINE16

11.   WScript.Echo "The password has never been set."

12.   Else

13.   intTimeInterval = Int(Now – dtmValue)

14.   WScript.Echo "The password was last set on " & _

15.   DateValue(dtmValue) & " at " & TimeValue(dtmValue)  & vbCrLf &

16.   _

17.   "The difference between when the password was last" & vbCrLf &

18.   _

19.   "set and today is " & intTimeInterval & " days"

20.   End If

21.   Set objDomain = GetObject("LDAP://" & strDNSDomain)

22.   Set objMaxPwdAge = objDomain.Get("maxPwdAge")

23.   If objMaxPwdAge.LowPart = 0 Then

24.   WScript.Echo "The Maximum Password Age is set to 0 in the " & _

25.   "domain. Therefore, the password does not expire."

26.   Else

27.   dblMaxPwdNano = _

28.   Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)

29.   dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND

30.   ' LINE37

31.   dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)     ' LINE38

32.   WScript.Echo "Maximum password age is " & dblMaxPwdDays & "days"

33.   If intTimeInterval >= dblMaxPwdDays Then

34.   WScript.Echo "The password has expired."

35.   Else

36.   WScript.Echo "The password will expire on " & _

37.   DateValue(dtmValue + dblMaxPwdDays) & " (" & _

              Int((dtmValue + dblMaxPwdDays) – Now) & " days from today)."

38.   End If

39.   End If

40.   End If

41.   'Wscript.Quit

Now  Add User to a Group

1.       '##### — Uncomment the following lines to add user to group defined

2.       above — #####

3.       'Wscript.Echo "Adding " & objUser.DisplayName & " to the " & strGroup &

4.       " group…"

5.       'set objGroup = GetObject("LDAP://" & strGroup & strOU & strDNSDomain)

6.       'objGroup.add(objUser.ADSPath)

7.       '##### — End Section– #####

Copy these scripts in NOTEPAD ++, and save either individually or combine them by adding the extension .vbs

Now lets prepare a script for sharing a folder on the network.

Using the administrator log on to the domain controller

Look for the folder you want to share, and copy its complete path, and paste on NOTEPAD.

For example:

net use X: \mydomain.com\MyRoot which is the path of DFS root folder.

Now save this file with an extension of .bat. For example “sharefolder.bat”

Now we prepare to use these scripts automatically. For this purpose, click on start-Administrative tools.

50.   Click on Active Directory users and computers

51.   Now right click on the domain name for example. Mydomain.com, click on properties

52.   Go to Group Policy tab and click on new- name the new policy as MapNetworkDrive

53.   Now Click on Edit button .  In the opened snap in under User Configuration expand Windows Settings and select Scripts (Logon/Logoff).

54.   On the right pane double click on Logon script- click on properties box-add button-click on browse

55.   Now copy the sharefolder.bat, and paste it, click on open button,click on add a script box, press OK

56.   Now Close the opened snap-in.

57.   Now open the command prompt, and type “gpupdate/force” (without quotation) to update the group policy settings.

Same way by using the steps from serial 50 onward you can automate the scripts saved above with .vbs extension.

PT