Microsoft places a tremendous amount of stock in the Microsoft Management Console (MMC) for Windows 2000 administration due to the ability to create custom snap-ins and utilize a common User Interface (UI) for all administrative functions. While the MMC makes great strides in the areas of usability and maintainablilty, it still doesn't allow you to perform tasks on large quantities of objects in the enterprise. Many administrators needing to perform ad hoc administration on thousands of machines (such as adding a new user domain global group to the Administrators local group on each machine in a domain) will find Visual Basic an ideal environment from which they can issue commands responsible for performing such tasks.
Just as Command-Shell scripting works well for automating administrative tasks, you can harness the power of the Visual Basic/ADSI development environment to execute ad hoc administrative tasks in the enterprise.
You can test a very simple bit of code that will allow you to enumerate all user accounts defined on a given machine. Although this is not an enterprise-wide code example, it demonstrates how an interactive administration session might use ADSI and VB.
Double-click the command button in your code test form. This enables you to write code for the command button's Click event.
Insert the indented code so that the code window looks similar to the following:
Private Sub cmdTest_Click() Dim User As IADsUser Dim Container As IADsContainer Dim ContainerName As String ContainerName = "Computer_Name" Set Container = GetObject("WinNT://" & ContainerName) Container.Filter = Array("User") For Each User In Container Debug.Print User.Name Next End Sub
Replace the ContainerName variable assignment with the NetBIOS name of a machine you want to enumerate. If the name of the target machine is DEVNYC8521, then the variable assignment would be
ContainerName = DEVNYC8521
Press F5 to run your code.
The Immediate Window displays the usernames of all defined accounts on the target machine.
Note
When enumerating local accounts on member servers and workstations, you can speed up the process significantly by adding the name of the resource domain in the binding string. The syntax to use for the preceding example is
ContainerName = "ResourceDomain/MachineName"
Although you are displaying the names of the user accounts in the Immediate Window for this exercise, you could easily replace the Debug.Print statement with an operation on each account, such as forcing the password to expire, and so on.
Additionally, you could add a domain enumeration function to enumerate each machine in a resource domain, locate the administrator account, and reset the password to a known value ” assuming you have rights to do so. This can be handy for revoking administrative rights for users who know the local administrator password on their NT workstation.
Imagine how much time you can save by using the Visual Basic development environment to issue commands that reach hundreds or even thousands of objects in a given domain. The next time you need to perform an action on a large number of objects, consider using ADSI in the Visual Basic IDE to perform the task.
Warning
With such an increase in power comes a significant increase in the risk you pose to your enterprise when developing new code. If you do not have a test environment in which to run your code, be extremely careful before using your code in a domain-wide operation that writes to a production namespace.
Top |