Help needed with Script to change all users "mail" attribute in AD PLEASE.

Discussion in 'Scripting' started by Clubsprint, Aug 25, 2006.

  1. Clubsprint

    Clubsprint Guest

    G'day all
    What I'm trying to do is to take every user in AD and
    set the "mail" attribute. I want to pull the email address
    from their login details.
    So in the case of "Wily Coyote" I want to create his mail address from
    "givenName" and "sn" and the string @acme.com.au to end up as


    I've got some code that will list all the users under a OU,(see below)

    I've got the code to extract the "givenName" and "sn". (see below)

    I've got the code to write the "mail" attribute. (see below)

    My question is how do I put this all together get the user information to be
    applied
    one user at a time and make the change? I'm not sure how to hang it all
    together (other than I know I've got
    to dim and set variables and then use those to set the info)

    Mark



    Code for list all users
    START SCRIPT===================================
    On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    objCommand.CommandText = _
    "SELECT Name FROM 'LDAP://ou=users,dc=acme,dc=com,dc=au' WHERE
    objectCategory='user'"
    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
    Loop

    END SCRIPT===================================

    Code to extract "givenName" and "sn"
    START SCRIPT===================================
    strContainer = "ou=users"
    strName = "Wily Coyote"

    On Error Resume Next

    Set objRootDSE = GetObject("LDAP://rootDSE")
    If strContainer = "" Then
    Set objItem = GetObject("LDAP://" & _
    objRootDSE.Get("defaultNamingContext"))
    Else
    Set objItem = GetObject("LDAP://cn=" & strName & "," & strContainer & ","
    & _
    objRootDSE.Get("defaultNamingContext"))
    End If

    WScript.Echo VbCrLf & "** General Properties Page**"
    WScript.Echo "** (Single-Valued Attributes) **"
    strgivenName = objItem.Get("givenName")
    WScript.Echo "givenName: " & strgivenName
    strsn = objItem.Get("sn")
    WScript.Echo "sn: " & strsn
    END SCRIPT===================================

    Code to write "mail" attribute.
    START SCRIPT===================================

    strContainer = ""
    strName = "EzAdUser"

    Const ADS_PROPERTY_CLEAR = 1
    Const ADS_PROPERTY_UPDATE = 2
    Const ADS_PROPERTY_APPEND = 3
    Const ADS_PROPERTY_DELETE = 4

    '***********************************************
    '* Connect to an object *
    '***********************************************
    Set objRootDSE = GetObject("LDAP://rootDSE")
    If strContainer = "" Then
    Set objItem = GetObject("LDAP://" & _
    objRootDSE.Get("defaultNamingContext"))
    Else
    Set objItem = GetObject("LDAP://cn=" & strName & "," & strContainer & ","
    & _
    objRootDSE.Get("defaultNamingContext"))
    End If
    '***********************************************
    '* End connect to an object *
    '***********************************************

    WScript.Echo VbCrLf & "** General Properties Page**"
    WScript.Echo "** (Writing Single-Valued Attributes) **"
    objItem.Put "mail", "VALUE"
    objItem.SetInfo

    END SCRIPT===================================
     
    Clubsprint, Aug 25, 2006
    #1
    1. Advertisements

  2. Clubsprint

    Jimmy Guest

    are you just randomly populating the mail attribute in AD? or do you have an
    Exchange server in your org?
    if you have Exchange this should be done via recipient policies...
     
    Jimmy, Aug 25, 2006
    #2
    1. Advertisements

  3. Clubsprint

    WAM6187 Guest

    WAM6187, Aug 25, 2006
    #3
  4. Clubsprint

    Clubsprint Guest

    Hi Jimmy
    I'm not sure by what you mean by "just randomly populating the mail
    attribute".
    I wish to put the users actual email address in Active Directory so that I
    can
    use an LDAP query from my DMZ email gateway to authenticate incoming
    target email addresses. I currently have to use a manual list which I want
    to do away with.
    We use Domino/Notes.
    Mark
     
    Clubsprint, Aug 28, 2006
    #4
  5. Hi,

    You can use ADO to retrieve the values of the distinguishedName (DN),
    givenName, and sn attributes for all users. Because ADO cannot be used to
    modify attributes, you will need to bind to each user object, which is why
    you should retrieve the DN. In the loop where you enumerate these values for
    each user, bind to the user object (with the DN value), construct the new
    value for mail from givenName and sn, assign the new value to the mail
    attribute, and invoke the SetInfo method to save the changes. For example:
    ================
    Option Explicit

    Dim objRootDSE, strDNSDomain, adoCommand, adoConnection
    Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
    Dim strDN, strFirstName, strLastName, strMail, objUser

    ' Determine DNS domain name.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")

    ' Use ADO to search Active Directory.
    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection

    ' Search entire domain.
    strBase = "<LDAP://" & strDNSDomain & ">"

    ' Filter on all user objects.
    strFilter = "(&(objectCategory=person)(objectClass=user))"

    ' Comma delimited list of attribute values to retrieve.
    strAttributes = "distinguishedName,givenName,sn"

    ' Construct the LDAP query.
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the resulting recordset.
    Do Until adoRecordset.EOF
    ' Retrieve values.
    strDN = adoRecordset.Fields("distinguishedName").Value
    strDN = Replace(strDN, "/", "\/")
    strFirstName = adoRecordset.Fields("givenName").Value & ""
    strLastName = adoRecordset.Fields("sn").Value & ""
    If (strFirstName <> "") And (strLastName <> "") Then
    ' Construct value of mail attribute.
    strMail = strFirstName & "." & strLastName & "@acme.com.au"
    ' Bind to user object.
    Set objUser = GetObject("LDAP://" & strDN)
    ' Assign value to mail attribute.
    objUser.mail = strMail
    ' Save change.
    objUser.SetInfo
    End If
    adoRecordset.MoveNext
    Loop
    adoRecordset.Close
    adoConnection.Close

    ' Clean up.
    Set objRootDSE = Nothing
    Set adoCommand = Nothing
    Set adoConnection = Nothing
    Set adoRecordset = Nothing
    ==================
    I use LDAP syntax, but you can also use SQL syntax.
     
    Richard Mueller, Aug 28, 2006
    #5
  6. Clubsprint

    Clubsprint Guest

    As usual Richard you provide a wonderful bit of code that does
    everything I needed and will be valuable as a tool with some changes to
    do a bunch of other tasks. Thank you for adding the comments so I can work
    out
    what's happening in the script.
    I've not come across ADO so that bares some more investigation on my part.
    Thanks again
    Regards
    Mark
    Aus
     
    Clubsprint, Aug 29, 2006
    #6
  7. Richard Mueller, Aug 29, 2006
    #7
  8. Clubsprint

    neothwin Guest

    Hi,

    You can use "dsquery user" command to get all users and pipe to "dsget user"
    command to get information for given name and sn.
    Then use Excel or spreadsheet to generate email address.
    And use"dsmod user" command to update users with email address.

    Regards,
     
    neothwin, Dec 12, 2006
    #8
  9. Clubsprint

    asdf Guest

    So many groups you posted.

    -----------------

    Guess it does not matter.

    ---------------

    If all you understand is typying and computer collecting

    boxed stuff, it really does not.

    ***********************

    Buy yourself a real spare tire or tell your wife that you like her face.
     
    asdf, Dec 14, 2006
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.