Modifying Directory Service Objects

Microsoft® Windows® 2000 Scripting Guide

« Previous | Next »   

Modifying an object is equivalent to writing an attribute to an existing object in Active Directory. If an attribute contains a value, modifying it will clear the existing value and replace it with a different value.

Typically, the type of modification you make to an object will depend on the type of object you want to modify and various characteristics of the attribute for example, whether the attribute holds a single value or multiple values. For simplicity, however, the following task descriptions illustrate how to write a single value to the same attribute in three different objects.

Modifying attributes of Active Directory objects involves three basic steps:

1. Connect to the Active Directory object you want to modify.
2. Modify one or more of the object s attributes.
3. Commit the change to Active Directory.

The goal of the three scripts in this section is to write an attribute to each of the objects created in "Creating Directory Service Objects" earlier in this chapter. The objects include the HR OU, the MyerKen user account, and the Atl-Users global group. The description attribute is contained in all three of these objects, so it is used as the attribute to modify.

Modifying an Attribute of an OU

The script in Listing 5.5 modifies the description attribute of the OU named HR in the na.fabrikam.com domain. The description attribute is assigned the value Human Resources. To carry out this task, the script performs the following steps:

1. Connect to the HR OU object in the na.fabrikam.com domain.

   In contrast with the create task, the HR OU is referred to as an object rather than a container because the task completed in this script is to write an attribute of an object.

2. Modify the object s attributes by assigning the description attribute the value Human Resources.
3. Commit the change to the OU in Active Directory.

Listing 5.5   Writing the description Attribute to an OU

1 2 3 

Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com") objOU.Put "description", "Human Resources" objOU.SetInfo

Modifying an Attribute of a User Account

The script in Listing 5.6 modifies the description attribute of the user account named MyerKen in the HR OU of the na.fabrikam.com domain. The description attribute is assigned the value HR employee. To carry out this task, the script performs the following steps:

1. Connect to the MyerKen user account object in the HR OU of the na.fabrikam.com domain.
2. Modify the object s attributes by assigning the description attribute the value HR employee.
3. Commit the change to the user account in Active Directory.

Listing 5.6   Writing the description Attribute to a User Account

1 2 3 4 

Set objUser = _     GetObject("LDAP://cn=MyerKen,ou=HR,dc=NA,dc=fabrikam,dc=com") objUser.Put "description", "HR employee" objUser.SetInfo

Modifying an Attribute of a Group

The script in Listing 5.7 modifies the description attribute of the group account named Atl-Users in the HR OU of the na.fabrikam.com domain. The description attribute is assigned the value of Atlanta users. To carry out this task, the script performs the following steps:

1. Connect to the Atl-Users group in the HR OU of the na.fabrikam.com domain.
2. Modify the object s attributes by assigning the description attribute the value Atlanta users.
3. Commit the change to the group in Active Directory.

Listing 5.7   Writing the description Attribute to a Group

1 2 3 4 

Set objOU = GetObject _     ("LDAP://cn=Atl-Users,ou=HR,dc=NA,dc=fabrikam,dc=com") objOU.Put "description", "Atlanta users" objOU.SetInfo

Important observations about the scripts in this section are:

• They perform the same basic steps: They connect to an Active Directory object, modify an attribute of the object, and write the change to the corresponding Active Directory object.
• They use the same method (Put) without regard to the class of object being modified.

Send us your feedback

« Previous | Next »