| dataspike |
| (Getting the hang of it) |
| 2005-08-26 08:05 PM |
|
Newbie Question (Write AD Object)
|
Well... I hope I can fully explain what I want to do.
I am getting ready to deploy a LCS (Live Communication Server) and want to add a SIP address to all my user objects in the AD Domain.
From some previous posts, I have found how to read the objects details, specifically the SIP address of a User.
Code:
$objSystemInfo = CreateObject("ADSystemInfo")
$strAuthDistinguishedName = "LDAP://" + $objSystemInfo.UserName
$UserObj = GetObject($strAuthDistinguishedName)
? "LCS SIP IM Address: " + $UserObj.Get("msRTCSIP-PrimaryUserAddress")
Sleep 10
However, I was wondering if it's even possible to WRITE the address if it's blank?
Any thoughts, comments would be great.
Thanks,
Chris
| Les |
| (KiX Master) |
| 2005-08-26 08:43 PM |
Re: Newbie Question (Write AD Object)
|
I have not tried but cannot see why not. What have you tried? You may need to use the PutEX method.
| dataspike |
| (Getting the hang of it) |
| 2005-08-26 08:47 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Les, don't mean to be a pain, but could you give me an example? I am totally new to this type of commands.
Chris
| Les |
| (KiX Master) |
| 2005-08-26 08:52 PM |
|
Re: Newbie Question (Write AD Object)
|
See Trouble setting a value to nothing ?
| dataspike |
| (Getting the hang of it) |
| 2005-08-26 09:06 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Dude... you freaking ROCK.
Code:
$UserObj.Put ("msRTCSIP-PrimaryUserAddress","address@@here.com")
$UserObj.setinfo
NTDOC
|
| (KiX Master) |
| 2005-08-26 09:24 PM |
|
|
Re: Newbie Question (Write AD Object)
|
Knowing what to actually search for in this case is difficult if you don't know any correct keywords to use as CLEAR/DELETE/BLANK/ADSI are not very helpful keywords for this.
Here are some links from a couple years ago where it came up.
http://www.kixtart.org/ubbthreads/showth...page=0&vc=1
http://www.kixtart.org/ubbthreads/showth...page=0&vc=1
Modifying Attributes with ADSI
ADS_PROPERTY_OPERATION_ENUM
| Les |
| (KiX Master) |
| 2005-08-26 10:16 PM |
|
Re: Newbie Question (Write AD Object)
|
Quote:
However, I was wondering if it's even possible to WRITE the address if it's blank?
I misconstrued. I thought you wanted to write a blank (nothing) address!
| dataspike |
| (Getting the hang of it) |
| 2005-08-26 11:21 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Thanks for the help guys...
Now I have one more question to kind of go along with this one. Is there a way to enumerate all of my users in a certain OU and add a value to their account?
Chris
| Les |
| (KiX Master) |
| 2005-08-27 01:43 AM |
|
Re: Newbie Question (Write AD Object)
|
Yes.
| Les |
| (KiX Master) |
| 2005-08-27 01:49 AM |
|
Re: Newbie Question (Write AD Object)
|
I suppose you want another example.
Code:
BREAK ON
$users = GetObject("LDAP://ou=Users,ou=bla,ou=yada,dc=company,dc=local")
$Users.filter = Split('user')
for each $user in $users
if $user.scriptpath <> ""
$loginscript="bla\"+ $user.scriptpath
if $user.scriptpath <> "$loginscript"
;$user.scriptpath = $loginscript
;$user.SetInfo
endif
endif
next
| dataspike |
| (Getting the hang of it) |
| 2005-08-29 08:33 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Thank you for the example... However it isn't working. This is the code that I am using. It'll say it changes it, but when I view it in AD, it's still blank.
Code:
$UserObj = GetObject("LDAP://ou=Employees,ou=Users,ou=Location,dc=Company,dc=com")
$UserObj.Filter = Split('user')
For Each $User in $UserObj
$Address = Lcase($User.sAMAccountName) + "@@mycompany.com"
? 'Current address is: ' + $User.Get("mail")
$User.put("mail",$Address)
$User.setinfo
? 'E-mail address is now set to: ' + $User.Get("mail")
Next
Sleep 10
Do I have to run it with elevated permissions?
HELP!!!!
|
NTDOC
|
| (KiX Master) |
| 2005-08-29 09:03 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Quote:
Do I have to run it with elevated permissions?
Yes, unless you've modified the AD rights (not recommended) normal users can not modify these settings.
| dataspike |
| (Getting the hang of it) |
| 2005-08-29 10:04 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Thanks for the response... Tried it with a "Domain Admin" level account and worked fine. I can change my account info, but not anyone elses.
Thanks!
|
NTDOC
|
| (KiX Master) |
| 2005-08-29 10:09 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Sure you can, but you need to supply THEIR name, not yours.
| dataspike |
| (Getting the hang of it) |
| 2005-08-29 10:42 PM |
|
|
|
Re: Newbie Question (Write AD Object)
|
I guess, I should clarify. Without using the "Domain Admin" level account, I could only modify my ".mail" setting. However using the code above when logged in with the elivated privileges, everything worked fine. I was able to change 195 accounts in like 5 seconds. Much, much easier.
But again, thanks for the help.
On to the next thread.
| Sealeopard |
| (KiX Master) |
| 2005-08-30 05:31 AM |
|
|
Re: Newbie Question (Write AD Object)
|
Might be time to learn a little bit about Windows security. You sound surprised that you need admin-level privileges to make changes to AD.
| dataspike |
| (Getting the hang of it) |
| 2005-08-30 07:47 AM |
|
|
|
Re: Newbie Question (Write AD Object)
|
Actually some of code, showed that the changes were made, but when I viewed the object in ADUC it contradicted the output from the code, I was just confused. But overall I do feel I have a good understanding, just new to this type of "development".
Thanks again for the help guys.
Chris
| Radimus |
| (KiX Supporter) |
| 2006-02-13 09:43 PM |
|
|
Re: Newbie Question (Write AD Object)
|
I love Search...
I just had to clear the logonscript value for several OUs of users...
Code:
break on
$OU = 'LDAP://domain/OU=Users, OU=aXX, DC=domain,DC=com'
For each $Item in GetObject($OU)
$cn = $Item.distinguishedName
$UP = GetObject("LDAP://"+$cn)
? $uP.FirstName +' '+ $uP.LastName +' '+$uP.scriptPath
if instr($uP.scriptPath,'smsls')
' changing'
$up.PutEx(1, "ScriptPath", "")
$up.setinfo
endif
$UP = 0
NEXT
| Les |
| (KiX Master) |
| 2006-02-14 12:22 AM |
|
Re: Newbie Question (Write AD Object)
|
Well... since you are showing me yours, I'll show you mine.
This was used to modify the current ScriptPath to reflect the OU medelled folder structure.
Code:
BREAK ON
$users = GetObject("LDAP://ou=Users,ou=FW,ou=yada,dc=bla,dc=local")
$Users.filter = Split('user')
for each $user in $users
if $user.scriptpath <> ""
$loginscript="FW\"+ $user.scriptpath
if $user.scriptpath <> $loginscript
? "Current Script for " +$user.name " is: " +$user.scriptpath+ " Modified to " +$loginscript
;$user.scriptpath = $loginscript
;$user.SetInfo
endif
endif
next