Chapter 4: User Management Code
Querying the User FullName Property Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT:// " & UserDomain & "/" & UserName & ",user") Response.Write User.Fullname
Setting a New Value for the User FullName Property Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewFullName UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewFullName = "New_Value_For_Full_Name_Field" Set User = GetObject("WinNT://" & UserDomain&"/"&UserName & ",user") User.Fullname = NewFullname User.SetInfo
Querying the Description Property Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.Description
Setting a New Value for the Description Property Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewDescription UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewDescription = "New_Value_For_Description_Field" Set User = GetObject("WinNT://" & UserDomain&"/"&UserName & ",user") User.Description = NewDescription User.SetInfo
Querying Individual Elements of a Comma-Delimited Description Field Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Delimiter Dim RetVal Dim FirstDelim Dim DescriptionLength Dim ParsedElement Dim TerminalCondition UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Delimiter = "" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") RetVal = User.Description StartPosition = 1 While TerminalCondition <> True FirstDelim = InStr(1, RetVal, Delimiter) If FirstDelim = 0 Then TerminalCondition = True Else DescriptionLength = Len(RetVal) ParsedElement = Left(RetVal, FirstDelim - 1) Response.Write Trim(ParsedElement) & "<BR>" RetVal = Right(RetVal, (DescriptionLength - FirstDelim)) End If Wend
Setting a New Value for a User Password Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewPassword UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewPassword = "Superm@n99" Set User = GetObject("WinNT://" & UserDomain &"/" &UserName & ",user") Call User.SetPassword(NewPassword) User.SetInfo
Changing a User Password Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewPassword Dim OldPassword UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewPassword = "Superm@n26" OldPassword = "B@tm@n74!" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Call User.ChangePassword(OldPassword, NewPassword) User.SetInfo
Querying the Value of a User Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") If (Flags And &H10000) <> 0 Then Response.Write "The specified user account is configured so that the password never expires." End If
Toggling a User Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") User.Put "UserFlags", (Flags Xor &H10000) User.SetInfo
Querying the User Must Change Password at Next Logon Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim PasswordExpired UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") PasswordExpired= User.Get("PasswordExpired") If PasswordExpired = 1 Then Response.Write "The user account is configured so that the password must be changed on next logon." Else Response.Write "The user will NOT be required to change the account password on next logon." End If
Setting a New Value for the User Must Change Password at Next Logon Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim PasswordExpired UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") User.Put "PasswordExpired", 1 User.SetInfo
Querying the User Cannot Change Password Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName&",user") Flags = User.Get("UserFlags") If (Flags And &H00040) <> 0 Then Response.Write "The specified user account is configured so that the password cannot be changed." End If
Setting the Value for the User Cannot Change Password Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://"&UserDomain&"/"&UserName & ",user") Flags = User.Get("UserFlags") User.Put "UserFlags", Flags OR &H00040 User.SetInfo
Toggling the Value for the User Cannot Change Password Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") User.Put "UserFlags", Flags XOR &H00040 User.SetInfo
Querying the Password Never Expires Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") If (Flags And &H10000) <> 0 Then Response.Write "The specified user account is configured so that the password never expires." End If
Setting the Password Never Expires Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") User.Put "UserFlags", Flags OR &H10000 User.SetInfo
Toggling the Password Never Expires Status Flag Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") User.Put "UserFlags", Flags XOR &H10000 User.SetInfo
Querying the Account Disabled Status Flag Using a VBScript Active Server Page and the AccountDisabled Property
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.AccountDisabled
Setting a New Value for the Account Disabled Status Flag Using a VBScript Active Server Page and the AccountDisabled Property
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") User.AccountDisabled = True User.SetInfo
Enumerating a Domain to Report all Disabled Accounts Using a VBScript Active Server Page
Dim Domain Dim DomainName Dim UserAccount Dim Counter Counter = 0 DomainName = "Domain_To_Manage" Set Domain = GetObject("WinNT://" & DomainName) Domain.Filter = Array("User") Response.Write "The following accounts are disabled in domain: " & Domain.Name & "<BR>" For Each UserAccount In Domain If UserAccount.AccountDisabled = True Then Response.Write UserAccount.Name & "<BR>" Counter = Counter + 1 End If Next If Counter = 1 Then Response.Write "Only 1 user account in the " & Domain.Name & " domain is disabled." & "<BR>" Else Response.Write Counter & " user accounts are disabled in the " & Domain.Name & " domain." & "<BR>" End If
Querying the Account Locked Out Status Flag Using a VBScript Active Server Page and the IsAccountLocked Property
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.IsAccountLocked
Unlocking a User Account Using a VBScript Active Server Page and the IsAccountLocked Property
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") If User.IsAccountLocked = True Then User.IsAccountLocked = False User.SetInfo End If
Resetting All Locked-Out User Accounts for a Domain Using a VBScript Active Server Page
Dim Domain Dim UserAccount Dim Counter Dim DomainName Counter = 0 DomainName = "Domain_To_Manage" Set Domain = GetObject("WinNT://" & DomainName) Domain.Filter = Array("User") For Each UserAccount In Domain If UserAccount.IsAccountLocked = True Then Response.Write UserAccount.Name & "<BR>" UserAccount.IsAccountLocked = False UserAccount.SetInfo Counter = Counter + 1 End If Next If Counter = 1 Then Response.Write "Only 1 user account in the " & Domain.Name & " domain was unlocked."&"<BR>" Else Response.Write Counter & " user accounts were unlocked in the " & Domain.Name & domain." & "<BR>" End If
Querying the User Profile Path Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.Profile
Setting a New User Profile Path Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewValue UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewValue = "New_User_Profile_Path" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") User.Profile = NewValue User.SetInfo
Querying the LoginScript Property Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.LoginScript
Setting the LoginScriptProperty Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewValue UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") NewValue = "NewLoginScript.CMD" User.LoginScript = NewValue User.SetInfo
Querying the Home Directory Path Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.HomeDirectory
Setting a New Home Directory Path Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewValue UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewValue = "New_Home_Directory_Path_Value" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") User.HomeDirectory = NewValue User.SetInfo
Querying the Home Directory Mapping Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.Get("HomeDirDrive")
Setting a New Home Directory Mapping Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewValue UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewValue = "New_Value_For_Home_Directory_Drive" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") User.Put("HomeDirDrive"), NewValue User.SetInfo
Querying User Logon Hours Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim TimeEntry Dim Restriction UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") For Each TimeEntry In User.LoginHours If TimeEntry < 255 Then Restriction = 1 Next If Restriction = 1 Then Response.Write "User account " & UserDomain & "\" & UserName & " has time restrictions placed upon it." Else Response.Write "There are no time restrictions affecting user account " & UserDomain & "\" & UserName & "." End If
Querying Login Workstations Using a VBScript Active Server Page
On Error Resume Next Dim User Dim UserName Dim UserDomain Dim Workstation UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") If User.LoginWorkstations = " " then For Each Workstation in User.LoginWorkstations Response.Write Workstation & "<BR>" Next Else Response.Write User.LoginWorkstations & "<BR>" End If
Adding a New Login Workstation to the LoginWorkstations Property Using a VBScript Active Server Page
On Error Resume Next Dim User Dim UserName Dim UserDomain Dim Workstation Dim NewElement() Dim i Dim NewValue UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewValue = "New_Machine_To_Add" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") If User.LoginWorkstations = "" Then For Each Workstation In User.LoginWorkstations i = UBound(NewElement) + 1 ReDim Preserve NewElement(i) NewElement(i) = Workstation Next i = UBound(NewElement) + 1 ReDim Preserve NewElement(i) NewElement(i) = NewValue User.LoginWorkstations = NewElement User.SetInfo Else User.LoginWorkstations = Array(NewValue) User.SetInfo End If
Removing an Existing Login Workstation from the LoginWorkstations Property Using a VBScript Active Server Page
On Error Resume Next Dim User Dim UserName Dim UserDomain Dim Workstation Dim NewElement() Dim i Dim NewValue UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" NewValue = "Machine_To_Remove" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") If User.LoginWorkstations = "" Then For Each Workstation In User.LoginWorkstations If NewValue <> Workstation Then i = UBound(NewElement) + 1 ReDim Preserve NewElement(i) NewElement(i) = Workstation End If Next User.LoginWorkstations = NewElement User.SetInfo Else If NewValue <> User.LoginWorkstations Then User.LoginWorkstations = Array(NewValue) Else User.LoginWorkstations = Array("") End If User.SetInfo End If
Querying the Account Expiration Date Using a VBScript Active Server Page
On Error Resume Next Dim User Dim UserName Dim UserDomain Dim AccountExpirationDate UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") AccountExpirationDate = User.AccountExpirationDate Response.Write AccountExpirationDate
Setting the Account Expiration Date Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim AccountExpirationDate UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") AccountExpirationDate = #mm/dd/yyyy# User.AccountExpirationDate = AccountExpirationDate User.SetInfo
Querying the Account Type Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") If (Flags And &H100) <> 0 Then Response.Write "Local Account" Else Response.Write "Global Account" End If
Configuring a Global Account as a Local Account Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") If (Flags And &H200) <> 0 Then User.Put "UserFlags", Flags Xor &H200 User.SetInfo Flags = User.Get("UserFlags") User.Put "UserFlags", Flags Xor &H100 User.SetInfo End If
Configuring a Local Account as a Global Account Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim Flags UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Flags = User.Get("UserFlags") If (Flags And &H100) <> 0 Then User.Put "UserFlags", Flags Xor &H100 User.SetInfo Flags = User.Get("UserFlags") User.Put "UserFlags", Flags Xor &H200 User.SetInfo End If
Querying the BadLoginCount Property Using a VBScript Active Server Page
On Error Resume Next Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.BadLoginCount
Querying LastLogin for a Given Machine Using a VBScript Active Server Page
On Error Resume Next Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.LastLogin
Querying LastLogoff for a Given Machine Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain& "/" & UserName & ",user") Response.Write User.LastLogoff
Querying PasswordMinimumLength for a User Account Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.PasswordMinimumLength
Querying PasswordRequired for a User Account Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Response.Write User.PasswordRequired
Setting PasswordRequired for a User Account Using a VBScript Active Server Page
Dim User Dim UserName Dim UserDomain Dim NewValue UserDomain = "Domain_To_Manage" UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") NewValue = New_Boolean_Value_For_PasswordRequired User.PasswordRequired = NewValue User.SetInfo
Querying User Password Age Using a VBScript Active Server Page
Dim Group Dim GroupName Dim GroupDomain Dim User GroupDomain = "Domain_To_Manage" GroupName = "Domain Admins" Set Group = GetObject("WinNT://" & GroupDomain & "/" & GroupName & ",group") For Each Member In Group.Members Set User = GetObject("WinNT://" & GroupDomain & "/" & Member.Name & ",user") If User.Get("PasswordAge") > 2592000 Then If (User.Get("UserFlags") And &H10000) = 0 Then Response.Write Member.Name & "<BR>" 'If you wish to perform a query only, comment out the following two lines: User.Put "PasswordExpired", CLng(1) User.SetInfo End If End If Next
Detecting Machines No Longer in the Resource Domain Using a VBScript Active Server Page
Dim Container Dim TargetDomain Dim Member Dim Computer TargetDomain = " Domain_In_Which_To_Find_Old_Machine_Accounts " Set Container = GetObject("WinNT://" & TargetDomain) Container.Filter = Array("Computer") For Each Member In Container Set Computer = GetObject("WinNT://" & TargetDomain & "/" & Member.Name & "$,user") If Computer.Get("PasswordAge") > 15552000 Then Response.Write Computer.AdsPath & " " & Computer.Get("PasswordAge") & "<BR>" End If Next