#50988 - 2001-10-31 06:30 PM
Re: ADSI
|
Anonymous
Anonymous
Unregistered
|
Thx for your speed reply Bryce  I'm working with NT 4.0 servers and Win2k clients w/ Kix 3.63...Here's what I'm trying to do:
1) Chk for home dir (hd); if HD does not exist, then create one (set as P: drive); if it exists=exit
2) Once HD is created, set HD attributes to @ldomain\Domain Admins and @userid FULL ACCESS.Per Shawn's gracious illustrations, yours and others, I came up with this: break on
; Set Variables $server = "@lserver"
$domain = "@ldomain"
$userfolder = "data"
$share_loc = "\\ + $server + \ + $userfolder"
$share_name = "@userid"
$share_maxusercount = 2
$homedirpath = $share_loc + @userid
$share_description = "@userid's home directory"
$file = "homedirs.txt" ;ADSI Chk
$lms = olegetobject ( 0, "WinNT://$server/lanmanserver" )
if $lms = 0
goto finish
Endif ;Chk for home directory existence
$homedirdrive = "P:"
$domain = olegetobject (0, "WinNT://$domain")
$domain.filter = "user",""
If $shareloc + @userid = ""
go to create
Else (MessageBox, "Home Directory Already Exists","")
EndIf :create $share = val ( "&" + olecallfunc ( $lms, "create", "ss", "fileshare", "$sharename" ) ) $rs = oleputproperty ( $share, "loc", "s", "$shareloc" )
$rs = oleputproperty ( $share, "maxusercount", "s", "$share_maxusercount" )
$rs = oleputproperty ( $share, "description", "s", "$share_description" ) $rs = olecallproc ( $share, "setinfo" )
if @error
?"Error @error : @serror"
goto finish
endif :finish if $share
$rs = olereleaseobject ( $share )
endif if $lms
$rs = olereleaseobject ( $lms )
endif Goto home ; Set Home Dir Attributes :home
$NUL = OPEN(1,$FILE,2)
$username = READLINE(1)
DO
if exist("$homedirpath")=0
md "$homedirpath"
if @error=0
$sm=sendmessage("$server","Home Directory created at $homedirpath for @userid")
SHELL "%comspec% /c echo y| cacls $homedirpath /t /c /g fdhc\@userid:c"
SHELL "%comspec% /c echo y| cacls $homedirpath /t /e /c /g "@ldomain\Domain Admins:f"
SHELL "%comspec% /c echo y| cacls $homedirpath /t /e /c /g "mis:f"
else
sendmessage("$server","Home Folder was NOT created at $homedir for @userid")
endif endif
? $USERNAME
$USERNAME = readline(1) until @error<>0
$nul = close(1) EXIT My questions are these:
1) Will this work, lol?
2) How would I go about outputing the results to a text file?
3) Do you have any suggestions to make this better? Thx for taking the time to help, it is greatly appreciated [ 31 October 2001: Message edited by: garion ]
|
|
Top
|
|
|
|
|
#50990 - 2001-10-31 06:46 PM
Re: ADSI
|
Anonymous
Anonymous
Unregistered
|
Whoops, sorry 3.63  Corrected in earlier post, thanks![ 31 October 2001: Message edited by: garion ]
|
|
Top
|
|
|
|
|
#50991 - 2001-10-31 08:41 PM
Re: ADSI
|
Anonymous
Anonymous
Unregistered
|
Thx for the heads up JPols! I edited that sect to now read:;Chk for home directory existence $homedir = olegetobject (0, "WinNT://$homedrivedir")
If Exist $homedir ; Homedir exists and will not be created
Else
Go to create
Else (MessageBox, "Home Directory Already Exists","")
EndIf Is that better?
|
|
Top
|
|
|
|
|
#50992 - 2001-11-01 10:40 AM
Re: ADSI
|
Anonymous
Anonymous
Unregistered
|
Hey guys.. I'm finally taknig the time to soak in this ADSI stuff and I must say that it has payed off tremendously already! Here's what we actively use at the moment (apart from checking if a user already exists before maknig an account and other small stuff), it's a script that monitors a couple of groups and reports any changes, and who made the changes. It's pretty crude because I wanted to finish it quickly but it works so.. any improvements are welcome by the way!
(but scripts with about three lines making this whole thing completely obsolete are less welcome.. *grin*) It uses two executables by the way, a command-line smtp-mailer and the ntreskit tool dumpel.exe (dump eventlog) code:
BREAK ON
$pad="c:\kix\GroupCheck"
$tools="$pad\tools"
$pdc="domain-pdc"
$CrLf=CHR(13)+CHR(10)
$pdcdown=0FUNCTION MakeIni($variable)
Dim $group
$group = GETOBJECT("WinNT://casema/$variable,group")
IF $group
$userarray=($group.members)
FOR EACH $member IN $userarray
$member=$member.name
$null=WRITEPROFILESTRING("$pad\CurrentUsers.ini","$variable","$member","1")
NEXT
ELSE
$pdcdown=1 GOTO sleeploop
ENDIF
ENDFUNCTION FUNCTION Compare($variable,$whattocheck,$event1,$event2)
$Current=SPLIT(READPROFILESTRING("$pad\CurrentUsers.ini","$variable",""),CHR(10),-1)
$Last=SPLIT(READPROFILESTRING("$pad\$whattocheck.ini","$variable",""),CHR(10),-1)
FOR EACH $elem IN $Current
IF $elem="" GOTO removed ENDIF
$found=0
FOR EACH $usr IN $Last
IF $elem=$usr $found=1 ENDIF
NEXT
IF $found<>1
$event=$event1
GOSUB dumplog
$Write=$Write+"User $elem Added To $variable by $admin"+$CrLf
ENDIF
NEXT
:removed
FOR EACH $elem IN $Last
IF $elem="" GOTO endcompare ENDIF
$found=0
FOR EACH $usr IN $Current
IF $elem=$usr $found=1 ENDIF
NEXT
IF $found<>1
$event=$event2
GOSUB dumplog
$Write=$Write+"User $elem Removed From $variable by $admin"+$CrLf
ENDIF
NEXT :dumplog
$user=""
SHELL '%comspec% /c $tools\dumpel -l security -m security -s $pdc -e $event | find /I "$variable" > $pad\output.txt'
$null=OPEN (2,output.txt)
DO
$regel=READLINE(2)
IF $regel="" GOTO enddumpfile ENDIF
$user= SIDTONAME(SUBSTR($regel,INSTR($regel,"S-1-5-21-123456789-123456789-123456789-"),46))
$user=SUBSTR($user,8,Len($user))
IF $user=$elem
$regelarr=SPLIT($regel," ",7)
$admin=SUBSTR($regelarr[6],8,Len($regelarr[6]))
ENDIF
UNTIL @error
IF $admin="" $admin = "Not Found" ENDIF
:enddumpfile
$null=CLOSE(2)
RETURN :endcompare
ENDFUNCTION FUNCTION MailSend()
$nul=OPEN(9,"$pad\mailfile.txt",5)
$nul=WRITELINE(9, $Write)
$nul=CLOSE(9)
SHELL '%comspec% /c $pad\tools\mail -s GroupCheck -r mailserver.com -a email@@domain.com < "$pad\mailfile.txt"'
DEL "$pad\mailfile.txt"
$write=""
ENDFUNCTION :start
$pdcdown=0 $NoGlobals=VAL(READPROFILESTRING("$pad\groupcheck.ini","Globals","Number"))
$NoLocals=VAL(READPROFILESTRING("$pad\groupcheck.ini","Locals","Number"))
FOR $counter=1 TO $NoGlobals
$globalcur=READPROFILESTRING("$pad\groupcheck.ini","Globals","$counter")
MakeIni($globalcur)
Compare($globalcur,LastUsers,"632","633")
NEXT
FOR $counter=1 TO $NoLocals
$localcur=READPROFILESTRING("$pad\groupcheck.ini","Locals","$counter")
MakeIni($localcur)
Compare($localcur,LastUsers,"636","637")
NEXT IF $write MailSend() ENDIF
DEL "$pad\Lastusers.ini"
SHELL '%comspec% /c REN $pad\CurrentUsers.ini LastUsers.ini' :sleeploop
$sleepcounter=100
WHILE $sleepcounter>0
CLS
"This Script detects changes in group-membership"
? "Time left untill next check: " $sleepcounter
IF $pdcdown=1 ? "PDC IS DOWN, NO CHECK DONE!" ENDIF
SLEEP 1
$sleepcounter=$sleepcounter-1
LOOP
GOTO start
Oh I almost forgot, the INIfile looks like this: I didn't bother to re-write the script to loop through each item in a section I still use my trusty old "Number=" key. Lazy o'l me...
[Globals]
Number=6
1=Domain Admins
2=MULTIPLEK
3=Data Admin Users
4=Policy Full
5=CrewU
6=Desktop admin [Locals]
Number=3
1=Administrators
2=Data Admin
3=Crew
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 483 anonymous users online.
|
|
|
