-
Notifications
You must be signed in to change notification settings - Fork 1
/
ADquery.vbs
137 lines (123 loc) · 4.38 KB
/
ADquery.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
Option explicit
Dim strGrpName,arrMemberOf,strMember,role,clear
Dim objConnection,objCommand,objRecordSet,objGroup,objUser
Const ADS_PROPERTY_CLEAR = 1
clear = "n"
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Search for groups with wildcard "ccm*:\"
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"<LDAP://dc=na,dc=corp,dc=clorox,dc=com>;" & _
"(&(objectCategory=Group)(cn=ccm*));" & "Name"
Set objRecordSet = objCommand.Execute
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Process found groups
While Not objRecordSet.EOF
strGrpName = objRecordSet.Fields("Name")
Call CaseRole ' subroutime
WScript.stdout.Write "Group: '" & strGrpName
WScript.echo "'." & vbTab & "Group's assigned CCM Role: '" & role & "'."
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Query each found group one-at-a-time / identify group members
'On Error Resume Next
Set objGroup = GetObject("LDAP://cn=" & strGrpName & ",cn=Users,dc=na,dc=corp,dc=clorox,dc=com")
objGroup.GetInfo
arrMemberOf = objGroup.GetEx("member")
WScript.Echo vbTab & "Members:"
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Process each group member one-at-a-Time
If clear = "n" Then
For Each strMember in arrMemberOf
'WScript.Echo "strMember is: " & strMember
'On Error Resume Next
Set objUser = GetObject("LDAP://" & strMember)
WScript.echo vbTab & vbTab & objUser.cn
WScript.Echo vbTab & vbTab & vbTab & "CN: " & objUser.cn
WScript.Echo vbTab & vbTab & vbTab & objUser.cn & "'s CCM role should be: " & role
If objUser.info = "" Then
WScript.Echo vbTab & vbTab & vbTab & objUser.cn & "'s CCM role is: <not set>"
Else
WScript.Echo vbTab & vbTab & vbTab & objUser.cn & "'s CCM role is: " & objUser.info
End If
If lcase(objUser.info) = lcase(role) Then
WScript.Echo vbTab & vbTab & vbTab & "OK - Correct role confirmed"
Else
WScript.Echo vbTab & vbTab & vbTab & ">>> Configuring CCM role..."
Set objUser = GetObject("LDAP://" & strMember)
objUser.Put "info" , role
objUser.SetInfo
End If
Next
ElseIf clear = "y" Then
For Each strMember in arrMemberOf
On Error Resume Next
WScript.Echo "strMember is: " & strMember
Set objUser = GetObject("LDAP://" & strMember)
wscript.Echo "Checking 'info' attrib for acct: " & objUser.cn
WScript.Echo vbTab & vbTab & vbTab & "CN: " & objUser.cn
If objUser.info = "" Then
WScript.Echo vbTab & vbTab & vbTab & objUser.cn & "'s CCM role was: <not set>"
Else
WScript.Echo vbTab & vbTab & vbTab & objUser.cn & "'s CCM role should was: " & objUser.info
End if
objUser.PutEx ADS_PROPERTY_CLEAR, "info", 0
objUser.SetInfo
If objUser.info = role Then
WScript.Echo vbTab & vbTab & vbTab & "User's CCM role is still set to: " & objUser.info
Else
WScript.Echo vbTab & vbTab & vbTab & "User's CCM role is: <not set>"
End If
Next
Else
End If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
WScript.Echo vbcrlf
objRecordSet.MoveNext
Wend
Wscript.Echo VbCrLf & "# matching groups found: " & objRecordSet.RecordCount
objConnection.Close
Sub procUsers
End sub
Sub CaseRole
Select Case strGrpName
Case ("ccm_project_users")
role = "editor"
Case ("ccm_brand")
role = "editor"
Case ("ccm_sales")
role = "editor"
Case ("ccm_mfg_planner")
role = "editor"
Case ("ccm_consumer_svcs")
role = "editor"
Case ("ccm_packaging")
role = "editor"
Case ("ccm_product_dev")
role = "editor"
Case ("ccm_pserc")
role = "editor"
Case ("ccm_legal")
role = "editor"
Case ("ccm_project_mgrs")
role = "editor"
Case ("ccm_artists")
role = "editor"
Case ("ccm_artists_ext")
role = "editor"
Case ("ccm_coordinators")
role = "editor"
Case ("ccm_separator_print")
role = "editor"
Case ("ccm_senior_mgrs")
role = "editor"
Case ("ccm_database_mgrs")
role = "admin"
Case ("ccm_is_admin")
role = "master"
Case Else
role = "not recognized"
End Select
End Sub