modifying objects in ADAM ADSIEDIT

Discussion in 'Scripting' started by joey, Sep 30, 2008.

  1. joey

    joey Guest

    I need to constantly modify a few objects in ADAM ADSIEDIT manually by
    travelering the directory tree. How do I script this by just modifying the
    script and run it?
     
    joey, Sep 30, 2008
    #1
    1. Advertisements

  2. The first step is to identify the object to be modified in AD. You need the
    Distinguished Name (DN) of the object. If you have the NetBIOS name (the
    "pre-Windows 2000 logon" name of users) you can use the NameTranslate object
    to convert to the DN. A script can prompt for the NetBIOS name (also called
    the NT name) and convert to DN. The second step is to identify the attribute
    of the object to be modifed. A VBScript program can bind to the object in AD
    (using the DN) and assign a new value to the attribute (assuming a string
    attribute). Special techniques are required if the attribute is
    multi-valued, Integer8 (a 64-bit number representing a date), a byte array
    (like SID or GUID values), or generalized time values. If you only modify
    single-valued string attributes, the script could prompt for the name of the
    attribute (the LDAP display name), plus the new value. A VBScript example,
    using NameTranslate follows:
    =============
    ' Constants for the NameTranslate object.
    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1

    ' Retrieve DNS name of the domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")

    Set objTrans = CreateObject("NameTranslate")
    ' Initialize NameTranslate by locating the Global Catalog.
    objTrans.Init ADS_NAME_INITTYPE_GC, ""

    ' Use the NameTranslate object to find the NetBIOS name of the domain.
    objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
    strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
    ' Remove trailing backslash.
    strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

    ' Prompt for NetBIOS name of object in AD.
    strNTName = InputBox("Enter NetBIOS name of object to modify")

    ' Use Set method to specify NT format of name.
    ' Trap error if object not found.
    On Error Resume Next
    objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
    If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo strNTName & " not found in Active Directory"
    Wscript.Quit
    End If
    On Error GoTo 0

    ' Use the Get method to retrieve DN.
    strDN = objTrans.Get(ADS_NAME_TYPE_1779)
    ' Bind to the object.
    Set objADObject = GetObject("LDAP://" & strDN)

    ' Prompt for the attribute to modify.
    strAttribute = InputBox("Enter the LDAP Display Name of the attribute to
    modify")

    ' Prompt for the new attribute value.
    strValue = InputBox("Enter the new value to assign to the attribute")

    ' Assign the value.
    ' Trap the error if the value is invalid.
    On Error Resume Next
    objADObject.Put strAttribute, strValue
    objADObject.SetInfo
    If (Err.Number <> 0) Then
    Wscript.Echo "Failed to assign " & strValue & " to attribute " &
    strAttribute
    End If
    =======
    You can also use Joe Richards' admod utility. See this link:

    http://www.joeware.net/freetools/tools/admod/index.htm
     
    Richard Mueller [MVP], Sep 30, 2008
    #2
    1. Advertisements

  3. joey

    joey Guest

    what do you mean by netbios names in this case?

    The hostname of the machine?
     
    joey, Oct 1, 2008
    #3
  4. joey

    joey Guest

    how do I tell what the DN of the object is.

    Like I said this is ADAM. Even though the machine is in AD, Its ADAM
    installed locally onm this host. I need ot modify an attribute on the
    localhost not AD
     
    joey, Oct 1, 2008
    #4
  5. I don't use ADAM, but it appears that the major difference for scripting is
    that the binding string includes "LDAP://localhost:389/" in place of
    "LDAP://".

    However, it appears that objects in ADAM do not have a sAMAccountName
    attribute, which is the NetBIOS name I referred to. This means that you
    cannot use the NameTranslate object to convert a username (or userid, or NT
    user name, or "pre-Windows 2000 logon name", or NetBIOS name, or whatever
    you call sAMAccountName) into a DN. This means you must know the
    Distinguished Name of the object.

    The only alternative would be to search for an object that has a given
    Common Name (or perhaps displayName). This would be more work (code) and you
    would need to handle the situation where you find more than one such object.
    Only DN would uniquely identify the object (if there is no sAMAccountName
    attribute). If someone else knows better, please reply.

    This means my example must be as follows:
    ==========
    ' Prompt for NetBIOS name of object in AD.
    strName = InputBox("Enter DN of object to modify")

    Set objADObject = GetObject("LDAP://localhost:389/" & strName:

    ' Prompt for the attribute to modify.
    strAttribute = InputBox("Enter the LDAP Display Name of the attribute to
    modify")

    ' Prompt for the new attribute value.
    strValue = InputBox("Enter the new value to assign to the attribute")

    ' Assign the value.
    ' Trap the error if the value is invalid.
    On Error Resume Next
    objADObject.Put strAttribute, strValue
    objADObject.SetInfo
    If (Err.Number <> 0) Then
    Wscript.Echo "Failed to assign " & strValue & " to attribute " &
    strAttribute
    End If

    --
    Richard Mueller
    MVP Directory Services
    Hilltop Lab - http://www.rlmueller.net
    --

     
    Richard Mueller [MVP], Oct 1, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.