ge][: августа 2008

есть такая необходимость добавлять объекты определенного назначения или типа.. в группы...
например добавить все компьютеры начинающиеся на 22IVC в группы начинающиеся или содержащие IVC:

ну вот по такому случаю накидал небольшой скрипт :)

1) это для добавления объектов "Компьютеры" в группы

'-===================================================
const kErrorSuccess = 0
const KErrorFailure = 1
const ActionListObject = 1
const ActionAddObject = 2

main

sub main

dim strBaseDNObj
dim iScopeObj
dim strBaseDNGroup
dim iScopeGroup
dim strGroupMask
dim strObjMask
dim iRetval
dim iAction

strObjMask=""
StrGroupMask=""

iRetval = ParseCommandLine(iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask)

if iRetval = kErrorSuccess then

if strBaseDNObj="" then
set rootDSE = GetObject("LDAP://RootDSE")
strBaseDNObj = rootDSE.get("DefaultNamingContext")
end if

if strBaseDNGroup="" then
set rootDSE = GetObject("LDAP://RootDSE")
strBaseDNGroup = rootDSE.get("DefaultNamingContext")
end if

if iScopeObj = "" then
iScopeObj = 2
end if

if iScopeGroup = "" then
iScopeGroup = 2
end if

AddObjectToGroup iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask

end if

end sub

' Get Object List by Mask
sub AddObjectToGroup(iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask)

set con = CreateObject("ADODB.Connection")
con.Provider = "ADSDsoObject"
con.open("Active Directory Provider")
'Find Objects
set command_ = CreateObject("ADODB.Command")
command_.ActiveConnection = con
command_.CommandText = "select name, distinguishedName from 'LDAP://" & StrBaseDNObj & _
"' where ObjectCategory='computer' and name='"&strObjMask&"'"

command_.Properties("searchscope") = IScopeObj

set rc = CreateObject("ADODB.Recordset")
set rc = command_.execute

'Find Group
set command02 = CreateObject("ADODB.Command")
command02.ActiveConnection = con
command02.Commandtext = "select name, distinguishedName from 'LDAP://" & StrBaseDNGroup & _
"' where ObjectCategory='Group' and name='"&strGroupMask&"'"

command02.Properties("searchscope") = IScopeGroup

set rc02 = CreateObject("ADODB.Recordset")
set rc02 = command02.execute

while not (rc02.EOF)
set Group_ = GetObject("LDAP://" & rc02.Fields("distinguishedName").Value)
WScript.Echo "Group "& group_.name
WScript.Echo "-----------------------------------------------"
while not (rc.EOF)
set User_ = GetObject("LDAP://" & rc.Fields("distinguishedName").Value)
if Group_.ismember(User_.AdsPath)=false then
WScript.Echo user_.name & " isn't member of " & Group_.name
if iAction=ActionAddObject then
Group_.add(User_.AdsPath)
group_.SetInfo
end if
else WScript.Echo user_.name & " member of " & Group_.name
end if
rc.movenext()
wEnd
rc.MoveFirst()
rc02.movenext()
WScript.Echo ""
wEnd
end sub

'
' Parse the command line into it's components
'
function ParseCommandLine(iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask)

on error resume next

dim iIndex
iAction = ActionListObject
iIndex = 0

set oArgs = wscript.Arguments

while iIndex <> oArgs.Count
select case oArgs(iIndex)
case "-b1"
iIndex = iIndex + 1
strBaseDNObj = oArgs(iIndex)
case "-t1"
iIndex = iIndex + 1
iScopeObj = oArgs(iIndex)
case "-b2"
iIndex = iIndex + 1
strBaseDNGroup = oArgs(iIndex)
case "-t2"
iIndex = iIndex + 1
iScopeGroup = oArgs(iIndex)
case "-g"
iIndex = iIndex + 1
strGroupmask = oArgs(iIndex)
case "-m"
iIndex = iIndex + 1
strObjMask = oArgs(iIndex)
case "-a"
iAction = ActionAddObject
case "-?"
Usage(true)
exit function

case else
Usage(true)
exit function

end select

iIndex = iIndex + 1

wend

if Err = kErrorSuccess then

ParseCommandLine = kErrorSuccess

else

wscript.echo "Unable to parse command line, error 0x" & _
Hex(Err.Number) & ". " & Err.Description

ParseCommandLine = kErrorFailure

end if

end function

sub Usage(bExit)

wscript.echo "Usage: CompMaskAdd.vbs [-b1 base search dn] [-t1 search scope]"
wscript.echo " [-b2 base search dn] [-t2 search scope]"
wscript.echo " [-g group mask] [-m computer object mask]"
wscript.echo " [-a]"
wscript.echo ""
wscript.echo "Arguments:"
wscript.echo " -b1 - DN of base search for object. Default - default naming context"
wscript.echo " -t1 - search scope for object. 0 - base, 1 - one level, 2 - subtree. default - 2"
wscript.echo " -b2 - DN of base search for group. Default - default naming context"
wscript.echo " -t2 - search scope for group. 0 - base, 1 - one level, 2 - subtree. default - 2"
wscript.echo " -g - Mask of group. default - """
wscript.echo " -m - mask of computer. default - """
wscript.echo " -a - make change to group. if not specified list group and members"
wscript.echo " -? - display command usage"
wscript.echo ""

if bExit then
wscript.quit(1)
end if

end sub
'-==============================================

2) этот для добавления пользователей в группы

'-==============================================
const kErrorSuccess = 0
const KErrorFailure = 1
const ActionListObject = 1
const ActionAddObject = 2

main

sub main

dim strBaseDNObj
dim iScopeObj
dim strBaseDNGroup
dim iScopeGroup
dim strGroupMask
dim strObjMask
dim iRetval
dim iAction

strObjMask=""
StrGroupMask=""

iRetval = ParseCommandLine(iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask)

if iRetval = kErrorSuccess then

if strBaseDNObj="" then
set rootDSE = GetObject("LDAP://RootDSE")
strBaseDNObj = rootDSE.get("DefaultNamingContext")
end if

if strBaseDNGroup="" then
set rootDSE = GetObject("LDAP://RootDSE")
strBaseDNGroup = rootDSE.get("DefaultNamingContext")
end if

if iScopeObj = "" then
iScopeObj = 2
end if

if iScopeGroup = "" then
iScopeGroup = 2
end if

AddObjectToGroup iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask

end if

end sub

' Get Object List by Mask
sub AddObjectToGroup(iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask)

set con = CreateObject("ADODB.Connection")
con.Provider = "ADSDsoObject"
con.open("Active Directory Provider")
'Find Objects
set command_ = CreateObject("ADODB.Command")
command_.ActiveConnection = con
command_.CommandText = "select name, distinguishedName from 'LDAP://" & StrBaseDNObj & _
"' where ObjectCategory='User' and name='"&strObjMask&"'"

command_.Properties("searchscope") = IScopeObj

set rc = CreateObject("ADODB.Recordset")
set rc = command_.execute

'Find Group
set command02 = CreateObject("ADODB.Command")
command02.ActiveConnection = con
command02.Commandtext = "select name, distinguishedName from 'LDAP://" & StrBaseDNGroup & _
"' where ObjectCategory='Group' and name='"&strGroupMask&"'"

command02.Properties("searchscope") = IScopeGroup

set rc02 = CreateObject("ADODB.Recordset")
set rc02 = command02.execute

while not (rc02.EOF)
set Group_ = GetObject("LDAP://" & rc02.Fields("distinguishedName").Value)
WScript.Echo "Group "& group_.name
WScript.Echo "-----------------------------------------------"
while not (rc.EOF)
set User_ = GetObject("LDAP://" & rc.Fields("distinguishedName").Value)
if Group_.ismember(User_.AdsPath)=false then
WScript.Echo user_.name & " isn't member of " & Group_.name
if iAction=ActionAddObject then
Group_.add(User_.AdsPath)
group_.SetInfo
end if
else WScript.Echo user_.name & " member of " & Group_.name
end if
rc.movenext()
wEnd
rc.MoveFirst()
rc02.movenext()
WScript.Echo ""
wEnd
end sub

'
' Parse the command line into it's components
'
function ParseCommandLine(iAction, strBaseDNObj, iScopeObj, strBaseDNGroup, iScopeGroup, strGroupmask, strObjMask)

on error resume next

dim iIndex
iAction = ActionListObject
iIndex = 0

set oArgs = wscript.Arguments

while iIndex <> oArgs.Count
select case oArgs(iIndex)
case "-b1"
iIndex = iIndex + 1
strBaseDNObj = oArgs(iIndex)
case "-t1"
iIndex = iIndex + 1
iScopeObj = oArgs(iIndex)
case "-b2"
iIndex = iIndex + 1
strBaseDNGroup = oArgs(iIndex)
case "-t2"
iIndex = iIndex + 1
iScopeGroup = oArgs(iIndex)
case "-g"
iIndex = iIndex + 1
strGroupmask = oArgs(iIndex)
case "-m"
iIndex = iIndex + 1
strObjMask = oArgs(iIndex)
case "-a"
iAction = ActionAddObject
case "-?"
Usage(true)
exit function

case else
Usage(true)
exit function

end select

iIndex = iIndex + 1

wend

if Err = kErrorSuccess then

ParseCommandLine = kErrorSuccess

else

wscript.echo "Unable to parse command line, error 0x" & _
Hex(Err.Number) & ". " & Err.Description

ParseCommandLine = kErrorFailure

end if

end function

sub Usage(bExit)

wscript.echo "Usage: CompMaskAdd.vbs [-b1 base search dn] [-t1 search scope]"
wscript.echo " [-b2 base search dn] [-t2 search scope]"
wscript.echo " [-g group mask] [-m computer object mask]"
wscript.echo " [-a]"
wscript.echo ""
wscript.echo "Arguments:"
wscript.echo " -b1 - DN of base search for object. Default - default naming context"
wscript.echo " -t1 - search scope for object. 0 - base, 1 - one level, 2 - subtree. default - 2"
wscript.echo " -b2 - DN of base search for group. Default - default naming context"
wscript.echo " -t2 - search scope for group. 0 - base, 1 - one level, 2 - subtree. default - 2"
wscript.echo " -g - Mask of group. default - """
wscript.echo " -m - mask of computer. default - """
wscript.echo " -a - make change to group. if not specified list group and members"
wscript.echo " -? - display command usage"
wscript.echo ""

if bExit then
wscript.quit(1)
end if

end sub
'-==============================================

запускается все cscript'ом

-b1 - базовый DN с которого ищем компьютеры/пользователей
-b2 - базовый DN с которого ищем группы
-t1 и t2 - область поиска.. 0 - база (тоесть в этом контейнере).. 1- один уровень.. 2 - по дереву...
-g -маска группы
-m - маска компа/пользователя
-a - осуществить добавление пользователей/компов в группы , если не указан.. то просто вывести на экран найденных пользователей/компов и групп...

примеры использования..

возьмем пример с компами... сохраним первый скрипт в файл AddCompToGroupWithMask.vbs
запускаем : cscript AddCompToGroupWithMask.vbs -m "22IVC*" -g "*IVC*" -a
это добавление всех объектов компов начинающихся с 22IVC в группы содержащие в названии IVC.. по всему контексту именования по умолчанию (DefaulNamingContext.. можно узнать с помощью скрипта в предыдущем сообщении)...

можно например выполнить cscript AddCompToGroupWithMask.vbs -m "*" -g "*" -a (добавление всех компов.. во все группы... :))

Иногда бывает необходимо быстро просмотреть информацию о каталоге AD.. н-р.: версию схемы.. режим и т.д...

'--===============================================

'Author - efimov (ge][) gennady
'date last change: 2008-04-23

set rootDSE = GetObject("LDAP://RootDSE")
set schema_ = GetObject("LDAP://" + rootDSE.Get("dnsHostName") + "/" + rootDSE.Get("schemaNamingContext"))
WSCript.Echo ">>> currentTime: " + rootDSE.Get("currentTime")
WSCript.Echo ">>> subschemaSubentry: " + rootDSE.Get("subschemaSubentry")
WSCript.Echo ">>> dsServiceName: " + rootDSE.Get("dsServiceName")
WSCript.Echo ">>> namingContexts: "
Dim namingcontext
For Each Item In rootDSE.Get("namingContexts")
WSCript.Echo " " + Item
Next
WSCript.Echo ">>> defaultNamingContext: " + rootDSE.Get("defaultNamingContext")
WSCript.Echo ">>> schemaNamingContext: " + rootDSE.Get("schemaNamingContext")
WSCript.Echo ">>> rootDomainNamingContext: " + rootDSE.Get("rootDomainNamingContext")
WSCript.Echo ">>> supportedControl: "
For Each Item In rootDSE.Get("supportedControl")
WSCript.Echo " "+ Item
Next
WSCript.Echo ">>> supportedLDAPVersion: "
For Each Item In rootDSE.Get("supportedLDAPVersion")
WSCript.Echo " " + Item
Next
WSCript.Echo ">>> supportedLDAPPolicies: "
For Each Item In rootDSE.Get("supportedLDAPPolicies")
WSCript.Echo " "+Item
Next
WSCript.Echo ">>> highestCommittedUSN: " + rootDSE.Get("highestCommittedUSN")
WSCript.Echo ">>> supportedSASLMechanisms: "
For Each Item In rootDSE.Get("supportedSASLMechanisms")
WSCript.Echo " " + Item
Next
WSCript.Echo ">>> dnsHostName: " + rootDSE.Get("dnsHostName")
WSCript.Echo ">>> ldapServiceName: " + rootDSE.Get("ldapServiceName")
WSCript.Echo ">>> serverName: " + rootDSE.Get("serverName")
WSCript.Echo ">>> supportedCapabilities: "
For Each Item In rootDSE.Get("supportedCapabilities")
WSCript.Echo " " + Item
Next
WSCript.Echo ">>> isSynchronized: " + rootDSE.Get("isSynchronized")
WSCript.Echo ">>> isGlobalCatalogReady: " + rootDSE.Get("isGlobalCatalogReady")
WSCript.Echo ">>> domainFunctionality: "
Select Case rootDSE.Get("domainFunctionality")
Case 0
WSCript.Echo " "+rootDSE.Get("domainFunctionality") + " - (Windows 2000 Domain Mode)"
Case 1
WSCript.Echo " "+rootDSE.Get("domainFunctionality") +" - (Windows Server 2003 Interim Domain Mode)"
Case 2
WSCript.Echo " "+rootDSE.Get("domainFunctionality") +" - (Windows Server 2003 Domain Mode)"
Case 3
WSCript.Echo " "+rootDSE.Get("domainFunctionality") +" - (Windows Server 2008 Domain Mode)"
Case Else
WSCript.Echo " "+rootDSE.Get("domainFunctionality") +" - (Unknown Domain Mode)"
End Select
WSCript.Echo ">>> forestFunctionality: "
Select Case rootDSE.Get("forestFunctionality")
Case 0
WSCript.Echo " " + rootDSE.Get("forestFunctionality") + " - (Windows 2000 Forest Mode)"
Case 1
WSCript.Echo " " + rootDSE.Get("forestFunctionality") + " - (Windows Server 2003 Interim Forest Mode)"
Case 2
WSCript.Echo " " + rootDSE.Get("forestFunctionality") + " - (Windows Server 2003 Forest Mode)"
Case 3
WSCript.Echo " " + rootDSE.Get("forestFunctionality") + " - (Windows Server 2008 Forest Mode)"
Case Else
WSCript.Echo " " + rootDSE.Get("forestFunctionality") + " - (Unknown Forest Mode)"
End Select
WSCript.Echo ">>> domainControllerFunctionality: "
Select Case rootDSE.Get("domainControllerFunctionality")
Case 0
WSCript.Echo " " + rootDSE.Get("domainControllerFunctionality") + " - (Windows 2000 Mode)"
Case 2
WSCript.Echo " " + rootDSE.Get("domainControllerFunctionality") + " - (Windows Server 2003 Mode)"
Case 3
WSCript.Echo " " + rootDSE.Get("domainControllerFunctionality") + " - (Windows Server 2008 Mode)"
Case Else
WSCript.Echo " " + rootDSE.Get("domainControllerFunctionality") + " - (Unknown DC Mode)"
End Select
WSCript.Echo ">>> schemaVersion: "
Select Case schema_.Get("ObjectVersion")
Case 13
WSCript.Echo " " + CStr(schema_.Get("ObjectVersion")) + " - (Windows 2000 Server)"
Case 30
WSCript.Echo " " + CStr(schema_.Get("ObjectVersion")) + " - (Windows Server 2003)"
Case 31
WSCript.Echo " " + CStr(schema_.Get("ObjectVersion")) + " - (Windows Server 2003 R2)"
Case 44
WSCript.Echo " " + CStr(schema_.Get("ObjectVersion")) + " - (Windows Server 2008 (AD/DS))"
End Select
'--===============================================

Пример запуска:
файл ADMainInfo.vbs
команда: cscript.exe ADMainInfo.vbs

ge][

четверг, 7 августа 2008 г.

Добавление объекта(ов) AD в группу(ы)

основная информация о AD DS

четверг, 7 августа 2008 г.

Добавление объекта(ов) AD в группу(ы)

основная информация о AD DS

четверг, 7 августа 2008 г.