Home All Groups Group Topic Archive Search About

generic Domain(AD) connection

microsoft.public.windows.server.scripting


Author
11 Oct 2007 9:07 AM
mayoza
The following script returns the policy in the AD. Can you help me with one
thing, I dont want to supply the parameters like dc="?", I want the script to
run under the AD that the user is currently logon to.

---------------------
Const MIN_IN_DAY = 1440
Const SEC_IN_MIN = 60

Set objDomain = GetObject("WinNT://fabrikam")
Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com")

intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge")
intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge")
intLockOutObservationWindowSeconds =
objDomain.Get("LockoutObservationInterval")
intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval")
intMinPwdLength = objAds.Get("minPwdLength")

intPwdHistoryLength = objAds.Get("pwdHistoryLength")
intPwdProperties = objAds.Get("pwdProperties")
intLockoutThreshold = objAds.Get("lockoutThreshold")
intMaxPwdAgeDays = _
  ((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intMinPwdAgeDays = _
  ((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intLockOutObservationWindowMinutes = _
  (intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes"

If intLockoutDurationSeconds <> -1 Then
  intLockoutDurationMinutes = _
(intLockOutDurationSeconds/SEC_IN_MIN) & " minutes"
Else
  intLockoutDurationMinutes = _
    "Administrator must manually unlock locked accounts"
End If

WScript.Echo "maxPwdAge = " & intMaxPwdAgeDays
WScript.Echo "minPwdAge = " & intMinPwdAgeDays
WScript.Echo "minPwdLength = " & intMinPwdLength
WScript.Echo "pwdHistoryLength = " & intPwdHistoryLength
WScript.Echo "pwdProperties = " & intPwdProperties
WScript.Echo "lockOutThreshold = " & intLockoutThreshold
WScript.Echo "lockOutObservationWindow = " &
intLockOutObservationWindowMinutes
WScript.Echo "lockOutDuration = " & intLockoutDurationMinutes
---------

Author
11 Oct 2007 5:21 PM
Richard Mueller [MVP]
mayoza wrote;

Show quote
> The following script returns the policy in the AD. Can you help me with
> one
> thing, I dont want to supply the parameters like dc="?", I want the script
> to
> run under the AD that the user is currently logon to.
>
> ---------------------
> Const MIN_IN_DAY = 1440
> Const SEC_IN_MIN = 60
>
> Set objDomain = GetObject("WinNT://fabrikam")
> Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com")
>
> intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge")
> intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge")
> intLockOutObservationWindowSeconds =
> objDomain.Get("LockoutObservationInterval")
> intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval")
> intMinPwdLength = objAds.Get("minPwdLength")
>
> intPwdHistoryLength = objAds.Get("pwdHistoryLength")
> intPwdProperties = objAds.Get("pwdProperties")
> intLockoutThreshold = objAds.Get("lockoutThreshold")
> intMaxPwdAgeDays = _
>  ((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
> intMinPwdAgeDays = _
>  ((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
> intLockOutObservationWindowMinutes = _
>  (intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes"
>
> If intLockoutDurationSeconds <> -1 Then
>  intLockoutDurationMinutes = _
> (intLockOutDurationSeconds/SEC_IN_MIN) & " minutes"
> Else
>  intLockoutDurationMinutes = _
>    "Administrator must manually unlock locked accounts"
> End If
>
> WScript.Echo "maxPwdAge = " & intMaxPwdAgeDays
> WScript.Echo "minPwdAge = " & intMinPwdAgeDays
> WScript.Echo "minPwdLength = " & intMinPwdLength
> WScript.Echo "pwdHistoryLength = " & intPwdHistoryLength
> WScript.Echo "pwdProperties = " & intPwdProperties
> WScript.Echo "lockOutThreshold = " & intLockoutThreshold
> WScript.Echo "lockOutObservationWindow = " &
> intLockOutObservationWindowMinutes
> WScript.Echo "lockOutDuration = " & intLockoutDurationMinutes
> ---------

You can use the RootDSE object to retrieve the Distinguished Name of the
domain the current user authenticated to. If you need the NetBIOS domain
name for the WinNT provider as well, you can use the DomainShortName
property of the ADSystemInfo object. For example:
=========
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

Set objSysInfo = CreateObject("ADSystemInfo")
strNTDomain = objSysInfo.domainShortName

Set objAds = GetObject("LDAP://" & strDNSDomain)
Set objDomain = GetObject("WinNT://" & strNTDomain)

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
Author
12 Oct 2007 7:34 AM
mayoza
Thanks a lot.

Show quote
"Richard Mueller [MVP]" wrote:

> mayoza wrote;
>
> > The following script returns the policy in the AD. Can you help me with
> > one
> > thing, I dont want to supply the parameters like dc="?", I want the script
> > to
> > run under the AD that the user is currently logon to.
> >
> > ---------------------
> > Const MIN_IN_DAY = 1440
> > Const SEC_IN_MIN = 60
> >
> > Set objDomain = GetObject("WinNT://fabrikam")
> > Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com")
> >
> > intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge")
> > intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge")
> > intLockOutObservationWindowSeconds =
> > objDomain.Get("LockoutObservationInterval")
> > intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval")
> > intMinPwdLength = objAds.Get("minPwdLength")
> >
> > intPwdHistoryLength = objAds.Get("pwdHistoryLength")
> > intPwdProperties = objAds.Get("pwdProperties")
> > intLockoutThreshold = objAds.Get("lockoutThreshold")
> > intMaxPwdAgeDays = _
> >  ((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
> > intMinPwdAgeDays = _
> >  ((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
> > intLockOutObservationWindowMinutes = _
> >  (intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes"
> >
> > If intLockoutDurationSeconds <> -1 Then
> >  intLockoutDurationMinutes = _
> > (intLockOutDurationSeconds/SEC_IN_MIN) & " minutes"
> > Else
> >  intLockoutDurationMinutes = _
> >    "Administrator must manually unlock locked accounts"
> > End If
> >
> > WScript.Echo "maxPwdAge = " & intMaxPwdAgeDays
> > WScript.Echo "minPwdAge = " & intMinPwdAgeDays
> > WScript.Echo "minPwdLength = " & intMinPwdLength
> > WScript.Echo "pwdHistoryLength = " & intPwdHistoryLength
> > WScript.Echo "pwdProperties = " & intPwdProperties
> > WScript.Echo "lockOutThreshold = " & intLockoutThreshold
> > WScript.Echo "lockOutObservationWindow = " &
> > intLockOutObservationWindowMinutes
> > WScript.Echo "lockOutDuration = " & intLockoutDurationMinutes
> > ---------
>
> You can use the RootDSE object to retrieve the Distinguished Name of the
> domain the current user authenticated to. If you need the NetBIOS domain
> name for the WinNT provider as well, you can use the DomainShortName
> property of the ADSystemInfo object. For example:
> =========
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> Set objSysInfo = CreateObject("ADSystemInfo")
> strNTDomain = objSysInfo.domainShortName
>
> Set objAds = GetObject("LDAP://" & strDNSDomain)
> Set objDomain = GetObject("WinNT://" & strNTDomain)
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>

AddThis Social Bookmark Button

Post Other interesting topics
Xcalcs.vbs and inheritance
CSVDE Multiple group export..
Output PC Name, Serial #, IP, and , OS to CSV
List members of Global group in NT domain.
Need help with delete old files script