May 182011

Hi all,

Thought I’d do a post on some JS as I haven’t done much in a while.
Today, I will go over some windows script host objects that may come in useful.
First up –

Firstly we need to create the ActiveX Object in Javascript like so :

var wsh = new ActiveXObject(

Once this ActiveX Object is created, we can now use it to grab data from the computer using the properties of wsh.

var strCompName = wsh.computername;

That code snippet will store the NetBios computer name into strCompName, easy as pie.

If you have any questions or comments, please feel free to leave a comment below.

MSDN WSH.Neworking

May 162011

Just realised that I haven’t had any posts about ADSi errors that you may encounter.
Here is a link to the common errors : Link

Most of the time, you will run up against these errors when you are querying users or groups and they don’t exist or an attribute / property does not exist.
The script will tell you which line you’ve went wrong on, but rarely ever gives you an idea on how to solve the issue. That page will give you a quick idea on how to resolve it.

May 152011

I have recently come across a situation where I need to determine whether an account is locked or not.
Conveniently, the IADsUser interface provides a property that is exactly what I need !.
This little code block will return a true or false depending on whether the account is locked or not, with true representing a locked account.

var objUser = GetObject("LDAP://cn=user,ou=users,dc=example,dc=com");
var boolUsrLocked = objUser.isAccountLocked;
return boolUsrLocked;

Apr 302011

Hi all,

Just a follow up post to the last post regarding modifying users in AD via Javascript.
You need a Domain Name in the following code snippet –

objUserDN.Init(1,"DOMAIN NAME HERE");
objUserDN.Set(3,"DOMAIN NAME HERE\\"+strUsername);

Now what if you wanted to use the script for multiple domains without having to modify the code to change the domain name ?
You can use ActiveX with a Windows Script Host function to get the domain name as well !
To get it, you can simply use the following code snippet :

wshell=new ActiveXObject("");
var strDomain = wshell.userdomain;

With that code, strDomain will now contain the NetBIOS Domain name which is used here.

Apr 242011

Hi All,

I’ve been making a few scripts lately to modify a user using Javascript rather than VB.
I prefer working with Javascript as it suits my purpose a bit better as I can use variable size arrays to make it do what I want.

I start off with the Distinguished Name (DN) of the object, which can be obtained with :

function GetDN(strUsername) {
var rootdse = GetObject("LDAP://RootDSE");
var objUserDN = new ActiveXObject("NameTranslate");

objUserDN.Init(1,"DOMAIN NAME HERE");
objUserDN.Set(3,"DOMAIN NAME HERE\\"+strUsername);
strUserDN = objUserDN.get(1)
return strUserDN;

That code will get the DN of the user in question. Whether you integrate it into the script itself or use a function that is seperate from the main script is up to you.
I have used a function in this case.

I have posted a way to obtain the Domain Name for this script here.

After you have obtained the DN of the user, you will now need to create an object for the user so we can manipulate the user’s details.

var objUser = GetObject("LDAP://"+strUserDN);

We can now access the properties of the user via the objUser object.
To see what the properties contain already, you can use this :

var strUserDesc = objUser.description;

To modify any properties, the put method is used :

objUser.Put("description","This is the new description");
objUser.Put("profile","This is the new profile path");

The SetInfo method is used to commit changes into AD.
Hopefully no errors will come up when you try to commit the changes, and you have successfully modified a user using Javascript !.

All the properties can be found on the MSDN (reference 4).

Reference :
1. IADsNameTranslate Interface
3. ADS_NAME_TYPE_ENUM Enumeration
4. IADsUser Interface