I know it sounds like something for WSH or VBS, but I don't have time to learn those at the moment.

Thank you.

-Shawn

[This message has been edited by Shawn (edited 08 June 2001).]

Having said that..... there has to be a command line tool that does the same.

Bryce

------------------
kix.isorg.net

Ok - if there wasn't a utility for doing it on Win2K, there is now ...

code:

---

break on

; RENAME USERID FOR WIN2K

$DOMAIN = "TASSIE"
$OLDUSERID = "SHAWN"
$NEWUSERID = "BRYCE"

$domain = olegetobject(0,"WinNT://$DOMAIN")

$user = val("&"+olecallfunc($domain,"getobject","ss","user","$OLDUSERID"))

$adspath = olegetproperty($user,"adspath")

$= olecallfunc($domain,"movehere","ss","$adspath","$NEWUSERID")

?"@SERROR"

exit

---

-Shawn

There is a command line tool Pedestal Software makes a product called NTsec. in this product is a tool "NTUSER.exe" and this has an account rename feature.

Bryce

PS, nope i don't work for Pedestal Software, just use and like their product.

Maybe with all the turmoil and change happening inside your company - I bet you "wished" you worked for Pedestal Software right now. Actually, with all those OSH stock options you've got - can't you retire by now - jeepers - 52week low of $2.87 - now trading at $16 a share - damn fine !

galdiano...

hope the above script helps your cause. It's an easy stretch to retieve the fullname from ADSI, like this ....

$fullname = olegetproperty($user,"fullname")

Then you can do some KiXtart string addition magic and bob's your uncle !

-Shawn

[This message has been edited by Shawn (edited 08 June 2001).]

Thank you.

$DOMAIN = "AISD"
$OLDUSERID = "hgaldiano"
$domain = olegetobject(0,"WinNT://$DOMAIN")
$user = val("&"+olecallfunc($domain,"getobject","ss","user","$OLDUSERID"))
$adspath = olegetproperty($user,"adspath")
$firstname = olegetproperty($user,"firstname")
$lastname = olegetproperty($user,"lastname")
$fullname = olegetproperty($user,"fullname")
$username = olegetproperty($user,"userid")
$Securityid = olegetproperty($user,"sid")
? $firstname
? $lastname
? $fullname
? $username
? $securityid

it was at $18 a share a few days ago!

------------------
kix.isorg.net

WinNT is the backward compatible "mixed-mode" support for NT4 in Active Directory (officially called Windows NT Service Provider) - no problems - are you running pure "native" Windows 2000 Active Directory ?

[I guess so based on the info your trying to retrieve]

-Shawn

Thanks...

Pure Windows 2000, bonus !

ok - let's start by zeroing in on your users. I'm not sure how your domain is organized but give this script a shot. It lists all the users in the "User" container (along with some of the properties your were trying to get at earlier) ...

You'll have to adjust the ADsPath in the olegetobject() function to match your domain... let's just see if we can get this script to work first. Then we can modify to start renaming users ...

code:

---

break on

$ou = olegetobject(0,"LDAP://CN=Users,DC=TASSIEDEV,DC=COM")

$enum = oleenumobject($ou)
$object = oleenumobject($ou,$enum)

while $object

 if olegetproperty($object,"class") = "user"

  $name = olegetproperty($object,"name")
  $firstname = olegetproperty($object,"firstname")
  $lastname = olegetproperty($object,"lastname")

  ?"$name, $firstname, $lastname"

 endif

 $object = oleenumobject($ou,$enum)

loop

exit

---

-Shawn

Thanks again.

Now on to tackle the other parts of the code...Any advisors/takers?

$ou = olegetobject(0,"LDAP://OU=x,OU=y,DC=domain,DC=net")

Suggest you create a test OU that contains bogus accounts with pre-populated populated firstnames and lastnames fields - then you can run your test scripts against that first ...

-Shawn

I've been able to do everything I wanted EXCEPT rename user objects. Still working on that and would appreciate any advice. Here is a working (though ROUGH) copy of the code. Once it is polished, I'll post the final copy:

GO.KIX
BREAK ON
$ou = olegetobject(0,"LDAP://OU=Admin,OU=texas,DC=texasisd,DC=net")
$enum = oleenumobject($ou)
$object = oleenumobject($ou,$enum)
; chr(34) = "
$q = chr(34)
; chr(36) = $
$d = chr(36)
use x: /del
use x: "\\aisd-texas\admin"
while $object
if olegetproperty($object,"class") = "user"
$name = olegetproperty($object,"name")
$firstname = olegetproperty($object,"firstname")
$lastname = olegetproperty($object,"lastname")
$flname = $firstname +" "+ $lastname
$nlen = len($name)
$tname = LTRIM(SUBSTR($name, 4, $nlen))
$newname = $q + $flname + $q
$sharename = $q +$flname + $d +$q
?
?"name=$name"
?"firstname=$firstname"
?"lastname=$lastname"
?"tname=$tname"
?"newname=$newname"
?"flname=$flname"
?"sharename=$sharename"
;*********************************************************************
; go1.kix
; Grant the user rights to his home directory
;*********************************************************************
run "xcacls \\aisd-texas\admin\$tname /e /g $tname:c /y"
Sleep 1
;*********************************************************************
; go2.kix
; Change the home directory name to Firstname Lastname format
;*********************************************************************
if $firstname = "" or $firstname =" " or $lastname = "" or $lastname = " "
?"Not renaming home directory $tname to $newname"
else
run "rename.bat $tname $newname"
Sleep 1
endif
;*********************************************************************
; go3.kix
; Share the home directory as Firstname Lastname$
;*********************************************************************
if $firstname = "" or $firstname =" " or $lastname = "" or $lastname = " "
?"Not sharing : $tname"
else
run "share.bat $sharename $newname"
sleep 1
endif
;*********************************************************************
; Give all the users the same login script
;*********************************************************************
run "cusrmgr -u $tname -m \\aisd-texas -n aisd.bat"
;*********************************************************************
; Change the userid to firstname lastname format
; This is only changing the pre-windows 2000 name for some reason
;*********************************************************************
; if $firstname = "" or $firstname =" " or $lastname = "" or $lastname = " "
; ?"Not renaming : $tname to $flname"
; else
; run "cusrmgr -u $tname -m \\aisd-texas -r $newname"
; sleep 1
; endif
endif
$object = oleenumobject($ou,$enum)
loop
exit
******************************
RENAME.BAT
x:
cd \
rename %1 %2
******************************
SHARE.BAT
cscript share.vbs /C /N %1 /P D:\Data\Admin\%2 /S AISD-TEXAS /t disk

wow - you're obviously well on your way - ok - here's the silver bullet - the real deal - the "full monty"

Please, please, please handle with care - double check your DN's and RDN's - but based on what i've seen so far, you seem to be very knowledgable with AD so let'er rip ...

code:

---

break on 

$OU_DN = "LDAP://OU=MYOU,DC=WHATEVER,DC=NET"
$USER_DN = "LDAP://CN=Shawn Tassie,OU=MYOU,DC=WHATEVER,DC=NET"
$NEW_RDN = "CN=Shawn"

$ou = olegetobject(0,"$OU_DN")

if $ou

 $= olecallfunc($ou,"movehere","ss","$USER_DN","$NEW_RDN")
 ?"@serror"

endif

exit

---

-Shawn

-Shawn

Thanks once again. I couldn't have gotten this far without your help.

Ok - so the above script is the "biggie" - it will rename the user object in Active Directory - the name that's displayed in the AD user manager list (aka the RDN or object name with the OU).

The UPN (aka User Principal Name, aka Windows 2000 logon name) and SamAccountName (aka Pre-Windows 2000 userid) are the other two. But because these names are properties of the user object (as opposed to a handle to the entire object) you might be able to take more of a "I don't have to get it right the first time" kinda attitude. I mean - you can easily repair any mistakes by just poking the object in AD user manager but the DN deserves some extra care.

Changing the other two names goes like this...

code:

---

break on 

$user = olegetobject(0,"LDAP://CN=John Doe,OU=MYOU,DC=WHATEVER,DC=NET")

if $user 

 $= oleputproperty($user,"userprincipalname","s","john.doe")
 $= oleputproperty($user,"samaccountname","s","jdoe")
 $= olecallfunc($user,"setinfo")

endif

exit

---

The first thing you might notice is that the UPN logonid doesn't contain the @WHATEVER.COM ending - you can leave it off and AD will just update the user logon name and keep the existing WHATEVER.COM postfix. Or you can specify that as well, like this ...

$= oleputproperty($user,"userprincipalname","s","john.doe@@whatever.com")

and that should get updated too (although I've never tried it).

Anyway - your script is looking excellent - good luck ...

-Shawn

[This message has been edited by Shawn (edited 16 June 2001).]