Using ADSI and Visual Basic Interactively

Microsoft places a tremendous amount of stock in the Microsoft Management Console (MMC) for Windows 2000 administration due to the ability to create custom snap-ins and utilize a common User Interface (UI) for all administrative functions. While the MMC makes great strides in the areas of usability and maintainablilty, it still doesn't allow you to perform tasks on large quantities of objects in the enterprise. Many administrators needing to perform ad hoc administration on thousands of machines (such as adding a new user domain global group to the Administrators local group on each machine in a domain) will find Visual Basic an ideal environment from which they can issue commands responsible for performing such tasks.

Just as Command-Shell scripting works well for automating administrative tasks, you can harness the power of the Visual Basic/ADSI development environment to execute ad hoc administrative tasks in the enterprise.

Exercise 2.2 Using the Visual Basic IDE as an Administrative Console

You can test a very simple bit of code that will allow you to enumerate all user accounts defined on a given machine. Although this is not an enterprise-wide code example, it demonstrates how an interactive administration session might use ADSI and VB.

1. Double-click the command button in your code test form. This enables you to write code for the command button's Click event.

2. Insert the indented code so that the code window looks similar to the following:

    Private Sub cmdTest_Click()      Dim User As IADsUser      Dim Container As IADsContainer      Dim ContainerName As String      ContainerName = "Computer_Name"      Set Container = GetObject("WinNT://" & ContainerName)      Container.Filter = Array("User")      For Each User In Container           Debug.Print User.Name      Next End Sub 

3. Replace the ContainerName variable assignment with the NetBIOS name of a machine you want to enumerate. If the name of the target machine is DEVNYC8521, then the variable assignment would be

    ContainerName = DEVNYC8521 

4. Press F5 to run your code.

The Immediate Window displays the usernames of all defined accounts on the target machine.

 ContainerName = "ResourceDomain/MachineName" 

Although you are displaying the names of the user accounts in the Immediate Window for this exercise, you could easily replace the Debug.Print statement with an operation on each account, such as forcing the password to expire, and so on.

Additionally, you could add a domain enumeration function to enumerate each machine in a resource domain, locate the administrator account, and reset the password to a known value ” assuming you have rights to do so. This can be handy for revoking administrative rights for users who know the local administrator password on their NT workstation.

Imagine how much time you can save by using the Visual Basic development environment to issue commands that reach hundreds or even thousands of objects in a given domain. The next time you need to perform an action on a large number of objects, consider using ADSI in the Visual Basic IDE to perform the task.