May 192011
 

Hi all,

I covered this in another post, but thought I would make it separate to make it easier to find.

The following code block lets you get the distinguished name of the username that is passed into this function.


function GetDN(strUsername) {

var objUserDN = new ActiveXObject("NameTranslate");
objUserDN.Init(1,"< DOMAIN NAME HERE >");
objUserDN.Set(3,"< DOMAIN NAME HERE >\\"+strUsername);
strUserDN = objUserDN.get(1)
return strUserDN;
}

This codeblock does the following :

  1. Creates a new NameTranslate Object and binds objUserDN to it
  2. Initialises NameTranslate with the Init method with the ‘1’ setting the type of bind used, which is Domain in this case.
  3. Sets the type of translation used and the username to be translated by using the set method, the 3 specifies that the username that is input is in the NT format of “domain\User”
  4. Gets the Distinguished Name by using the Get method with a parameter of 1 which specifies that it should get the RFC 1779 formatted name.
  5. Returns the distinguished name

References :
ADS_NAME_INITTYPE_ENUM Enumeration
ADS_NAME_TYPE_ENUM Enumeration

Share
May 162011
 

Just realised that I haven’t had any posts about ADSi errors that you may encounter.
Here is a link to the common errors : Link

Most of the time, you will run up against these errors when you are querying users or groups and they don’t exist or an attribute / property does not exist.
The script will tell you which line you’ve went wrong on, but rarely ever gives you an idea on how to solve the issue. That page will give you a quick idea on how to resolve it.

Share
May 152011
 

I have recently come across a situation where I need to determine whether an account is locked or not.
Conveniently, the IADsUser interface provides a property that is exactly what I need !.
This little code block will return a true or false depending on whether the account is locked or not, with true representing a locked account.


var objUser = GetObject("LDAP://cn=user,ou=users,dc=example,dc=com");
var boolUsrLocked = objUser.isAccountLocked;
return boolUsrLocked;

Share
Apr 302011
 

Hi all,

Just a follow up post to the last post regarding modifying users in AD via Javascript.
You need a Domain Name in the following code snippet –


objUserDN.Init(1,"DOMAIN NAME HERE");
objUserDN.Set(3,"DOMAIN NAME HERE\\"+strUsername);

Now what if you wanted to use the script for multiple domains without having to modify the code to change the domain name ?
You can use ActiveX with a Windows Script Host function to get the domain name as well !
To get it, you can simply use the following code snippet :


wshell=new ActiveXObject("wscript.network");
var strDomain = wshell.userdomain;

With that code, strDomain will now contain the NetBIOS Domain name which is used here.

Share
Apr 242011
 

Hi All,

I’ve been making a few scripts lately to modify a user using Javascript rather than VB.
I prefer working with Javascript as it suits my purpose a bit better as I can use variable size arrays to make it do what I want.

I start off with the Distinguished Name (DN) of the object, which can be obtained with :

function GetDN(strUsername) {
var rootdse = GetObject("LDAP://RootDSE");
var objUserDN = new ActiveXObject("NameTranslate");

objUserDN.Init(1,"DOMAIN NAME HERE");
objUserDN.Set(3,"DOMAIN NAME HERE\\"+strUsername);
strUserDN = objUserDN.get(1)
return strUserDN;
}

That code will get the DN of the user in question. Whether you integrate it into the script itself or use a function that is seperate from the main script is up to you.
I have used a function in this case.

*Update*
I have posted a way to obtain the Domain Name for this script here.

After you have obtained the DN of the user, you will now need to create an object for the user so we can manipulate the user’s details.

var objUser = GetObject("LDAP://"+strUserDN);

We can now access the properties of the user via the objUser object.
To see what the properties contain already, you can use this :

var strUserDesc = objUser.description;

To modify any properties, the put method is used :

objUser.Put("description","This is the new description");
objUser.Put("profile","This is the new profile path");
objUser.SetInfo();

The SetInfo method is used to commit changes into AD.
Hopefully no errors will come up when you try to commit the changes, and you have successfully modified a user using Javascript !.

All the properties can be found on the MSDN (reference 4).

Reference :
1. IADsNameTranslate Interface
2. ADS_NAME_INITTYPE_ENUM Enumeration
3. ADS_NAME_TYPE_ENUM Enumeration
4. IADsUser Interface

Share