I have a set of vbs AD user provisioning scripts that create, modify, term etc users. I have one script that updates all the user information pulled from an excel HR file. It updates many attributes like description, title, manager and many more. The problem is that it is updating information on users we move the our terminated employees OU. How do I code it to skip a user if they are in a certain OU?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Active Directory User Provisioning Scripts
- Thread starter dkel22
- Start date
Without posted code it is extremely difficult to tell you for sure. Here is a stand-alone function that may help. (this script is a modification of the original script found at
-Geates
"I do not offer answers, only considerations."
- Geates's Disclaimer
Code:
function inOU(strUsername, strOU)
inOU = false
ADS_SCOPE_SUBTREE = 2
set objConnection = CreateObject("ADODB.Connection")
set objCommand = CreateObject("ADODB.Command")
set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND samAccountName = '" & strUsername & "'"
set objRecordSet = objCommand.Execute
if not (objRecordSet.EOF) then
strDN = objRecordSet.Fields("distinguishedName").Value
arrDnComponents = split(strDN, ",")
for each strDN in arrDNComponents
if (left(strDN, 3) = "OU=") then
if (lcase(right(strDN, len(strDN) - 3)) = lcase(strOU)) then inOU = true
end if
next
end if
end function
'Examples
strUserName = "dkel22"
msgbox inOU(strUserName, "purple")
msgbox inOU(strUserName, "user")-Geates
"I do not offer answers, only considerations."
- Geates's Disclaimer
- Thread starter
- #3
Here's the section of code I believe is relevant. I was hoping there's an easy way to build in a OU check during the iterations through the HR file
If Instr(StatusEffectiveDateValue,"-") = 1 Then
'Send an error report for this line
ElseIf Trim(keyValue) = "" Then
'Skip empty employee IDs.
ElseIf (Left(DivisionValue,2) <> "40") AND (Left(DivisionValue,2) <> "41") And (StatusValue = "Active") Then
'Grab all ACTIVE NON-SALES individuals in the selected City.
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
ldapStr = "<LDAP://" & DomainContainer & ">;(&(objectClass=user)(objectCategory=person)(info=EmpId:" & keyValue & "));adspath;subtree"
Set rs = conn.Execute(ldapStr)
While Not rs.EOF
'Do nothing but iterate since they are already in AD.
Set FoundObject = GetObject (rs.Fields(0).Value)
rs.MoveNext
userChanged = False
If Instr(StatusEffectiveDateValue,"-") = 1 Then
'Send an error report for this line
ElseIf Trim(keyValue) = "" Then
'Skip empty employee IDs.
ElseIf (Left(DivisionValue,2) <> "40") AND (Left(DivisionValue,2) <> "41") And (StatusValue = "Active") Then
'Grab all ACTIVE NON-SALES individuals in the selected City.
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
ldapStr = "<LDAP://" & DomainContainer & ">;(&(objectClass=user)(objectCategory=person)(info=EmpId:" & keyValue & "));adspath;subtree"
Set rs = conn.Execute(ldapStr)
While Not rs.EOF
'Do nothing but iterate since they are already in AD.
Set FoundObject = GetObject (rs.Fields(0).Value)
rs.MoveNext
userChanged = False
That is probably where you would put the code. Here'e a modified snippet using the function I wrote (make sure you put the function in your code). Can you tell me what read from the HR excel file? Until then, I'll assume the username is retrieved from the excel file. Also, without seeing all the code, I can't say if what I crossed out is relavent or not.
-Geates
"I do not offer answers, only considerations."
- Geates's Disclaimer
Code:
If Instr(StatusEffectiveDateValue,"-") = 1 Then
'Send an error report for this line
ElseIf Trim(keyValue) = "" Then
'Skip empty employee IDs.
ElseIf (Left(DivisionValue,2) <> "40") AND (Left(DivisionValue,2) <> "41") And (StatusValue = "Active") Then
[s] 'Grab all ACTIVE NON-SALES individuals in the selected City.
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
ldapStr = "<LDAP://" & DomainContainer & ">;(&(objectClass=user)(objectCategory=person)(info=EmpId:" & keyValue & "));adspath;subtree"
Set rs = conn.Execute(ldapStr)
While Not rs.EOF
'Do nothing but iterate since they are already in AD.
Set FoundObject = GetObject (rs.Fields(0).Value)
rs.MoveNext
userChanged = False [/s]
[red]
if (inOU(strUsername, "the OU to search") then
msgbox "Yep, I'm in the OU"
else
msgbox "Nope, I'm NOT in the OU"
end if
[/red]"I do not offer answers, only considerations."
- Geates's Disclaimer
- Thread starter
- #5
Will it also work if I update my While statement as something like below
While Not rs.EOF
'Do nothing but iterate since they are already in AD.
Set FoundObject = GetObject (rs.Fields(0).Value)
If Instr(FoundObject.DistinguishedName,"Terminated Employees") = 1 Then
rs.MoveNext
userChanged = False
While Not rs.EOF
'Do nothing but iterate since they are already in AD.
Set FoundObject = GetObject (rs.Fields(0).Value)
If Instr(FoundObject.DistinguishedName,"Terminated Employees") = 1 Then
rs.MoveNext
userChanged = False
actually, yes, if the name of the OU for terminated employees is "Terminated Employees".
-Geates
"I do not offer answers, only considerations."
- Geates's Disclaimer
-Geates
"I do not offer answers, only considerations."
- Geates's Disclaimer
- Thread starter
- #7
When you do that, I would make global those objects that can be. Recreating them every time a function is called is redundant and not beneficial. Additionally, the function is smaller and faster.
Example:
-Geates
"I do not offer answers, only considerations."
- Geates's Disclaimer
Example:
Code:
CONST ADS_SCOPE_SUBTREE = 2
set objConnection = CreateObject("ADODB.Connection")
set objCommand = CreateObject("ADODB.Command")
set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
set objCommand.ActiveConnection = objConnection
function inOU(strUsername, strOU)
inOU = false
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND samAccountName = '" & strUsername & "'"
set objRecordSet = objCommand.Execute
if not (objRecordSet.EOF) then
strDN = objRecordSet.Fields("distinguishedName").Value
if (inStr(strDN, "OU=" & strOUT)) then inOU = true
end if
end function-Geates
"I do not offer answers, only considerations."
- Geates's Disclaimer
- Status
Similar threads
- Locked
- Question