Search,Enable or Disable user/computer accounts in Active Directory over Web page (LDAP ASP)

through this code/ASP in below/file, you can search users,computers, printers and other objects in Active directory over web page, as a result of this search, you can get object’s location in AD. You can enable and disable the user/computer accounts of this page in Active Directory. Also You’ll able to move accounts into a Organization Unit when disable or enable accounts. (you can set different Organization Unit for Enable and Disable process). I mean you can collect disabled user/computer accounts into one Organization Unit or separated OUs.

 

To publish this ASP page over web site in IIS 6 or 7,ASP page need administrative privilege for working but for search just need authorized users. So at least ISS default authentication method should be change to basic authentication. For prevent unauthorized user to disable/enable accounts in Active Directory.

 

You can download ASP file here

source : http://www.emrullahekmekci.com.tr/?p=400

 

<%

‘    10 / 05 /2011 — Emrullah Tahir Ekmekçi
‘    Search, Enable or Disable Users and Computer account in Active Directory over Web browser
‘    1.0

response.charset=”windows-1254″
Response.CacheControl = “no-cache”
response.Clear()
%>

<title>Search/Enable/Disable Users/Computers Accounts</title>
<body>
<br>
<br>

<center><form id=”form1″ name=”form1″ method=”post” action=”ADAramaAcmaKapama.asp”>
<label>User/Computer name
<input name=”is” type=”hidden” value=”is” /><input type=”text” name=”uname” id=”uname” />
</label>
</form></center>

</body>
</html>

<%

Dim strCN, objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strDN, strDisplay, strObjectCategory, intIndex

‘ Kullanici ve Bilgisayar hesabi acma ve kapatma

if request(“hesap”)  <> “” and request(“y”)  <> “” and request(“t”) <> “” then

strCN = request(“hesap”)
ka = request(“y”)

Set objRootDSE = GetObject(“LDAP://RootDSE”)

strDNSDomain = objRootDSE.Get(“defaultNamingContext”)

Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)

adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection

strBase = “<LDAP://” & strDNSDomain & “>”

strFilter = “(cn=” & strCN & “*)”

strAttributes = “cn,distinguishedName,sAMAccountName,name,userAccountControl”

strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 100
adoCommand.Properties(“Timeout”) = 30
adoCommand.Properties(“Cache Results”) = False

Set adoRecordset = adoCommand.Execute

Const ADS_UF_ACCOUNTDISABLE = 2

Set objUser = GetObject (“LDAP://” & adoRecordset.Fields(“distinguishedName”))

strOUDN = “OU=DisabledComputers,DC=fabrikam,DC=com”    ‘ Disabled computers account will be moved this ou
strOUDNE = “CN=Computers,DC=fabrikam,DC=com” ‘ Enabled computers account will be moved this ou

strOUDNU = “OU=DisabledComputers,DC=fabrikam,DC=com”     ‘Disabled users account will be moved this ou
strOUDNEU = “CN=Users,DC=fabrikami,DC=com” ‘ Enabled users account will be moved this ou

intUAC = objUser.Get(“userAccountControl”)

if ka = “k” then

if request(“t”) = “u” then
Set objOU = GetObject(“LDAP://” & strOUDNU)
objUser.Put “userAccountControl”, intUAC OR ADS_UF_ACCOUNTDISABLE ‘ User account is closed.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ User account is moving.
end if

if request(“t”) = “b” then

Set objOU = GetObject(“LDAP://” & strOUDN)
objUser.accountdisabled = true ‘ Computer account is closed.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ Computer account is moving.
end if

response.write “Account has been closed”
elseif ka = “a” then

if request(“t”) = “u” then
Set objOU = GetObject(“LDAP://” & strOUDNEU)
objUser.Put “userAccountControl”, intUAC XOR ADS_UF_ACCOUNTDISABLE ‘ User account is open.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ User account is moving.
end if

if request(“t”) = “b” then

Set objOU = GetObject(“LDAP://” & strOUDNE)
objUser.accountdisabled = false ‘ Computer account is open.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘Computer account is moving.
end if

response.write “Account has been opened”
end if

response.Redirect “ADAramaAcmaKapama.asp?uname=”&request(“hesap”)&”&is=1″

adoRecordset.Close

response.End()
end if

‘ object search
if request(“uname”) = “” and request(“is”) <> “” then

%><p><b><center>User/Computer name can not be empty.</center></b></font></p><%
elseif request(“uname”) <> “” and request(“is”) <> “” then

strCN = request(“uname”) & “*”

if len(strCN) <4 then
response.Clear()
Response.Write(“Please enter least 3 char.”)
Response.end
end if

Set objRootDSE = GetObject(“LDAP://RootDSE”)

strDNSDomain = objRootDSE.Get(“defaultNamingContext”)

Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)

adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection

strBase = “<LDAP://” & strDNSDomain & “>”

strFilter = “(cn=” & strCN & “)”

strAttributes = “cn,distinguishedName,sAMAccountName,name,userAccountControl”

strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 100
adoCommand.Properties(“Timeout”) = 30
adoCommand.Properties(“Cache Results”) = False

Set adoRecordset = adoCommand.Execute

If (adoRecordset.EOF = True) Then
Response.Write(“<center>No record found</center>”)
Response.end
End If

‘ Table has been created what is object will be show.
Response.Write(“<table width=100% height=100% ><tr width=100% height=100% ><td width=100% height=100% align=center valign=center><table border=’1′>”)
Response.Write(“<tr><th> Account Name </th><th> Computer/User name </th><th> Status</th><th> Type </th><th> DN </th></tr>”)
Response.Write(“<font size=-2>”)

Do Until adoRecordset.EOF

vSAMAccountName= adoRecordset.Fields(“sAMAccountName”).Value
vName = adoRecordset.Fields(“name”).Value
vUserAccountControl= adoRecordset.Fields(“userAccountControl”).Value
vDistinguishedName= adoRecordset.Fields(“distinguishedName”).Value
AKR = 0
if vUserAccountControl = 512 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Close</center> </a>”
elseif vUserAccountControl = 514  then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=a&t=u’ title=’Açmak için tiklayin’><center> Open </center></a>”
elseif vUserAccountControl = 544  then
AKR = 1
vUserAccountControlDesc =  “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Close/ilsd </center></a>”
elseif vUserAccountControl = 66048  then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Close/s </center></a>”
elseif vUserAccountControl = 66050  then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=a&t=u’ title=’Açmak için tiklayin’><center> Open/s </center></a>”
elseif vUserAccountControl = 4096  then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=k&t=b’ title=’Kapatmak için tiklayin’><center> Close </center></a>”
elseif vUserAccountControl = 4128  then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=k&t=b’ title=’Kapatmak için tiklayin’><center> Close </center></a>”
elseif vUserAccountControl = 4098  then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=a&t=b’ title=’Açmak için tiklayin’><center> Open </center></a>”
else

vUserAccountControlDesc = vUserAccountControl
end if

cuc = instr (vSAMAccountName,”$”)
if vUserAccountControl <> “” then

if cuc = 0 then Response.Write(“<tr><td> ” & vSAMAccountName & ” </td>”) else  Response.Write(“<tr><td></td>”)

if AKR = 0 then
response.write (“<td style=’background-color: #FF0000′> “&vName&” </td>”)
else
response.write (“<td style=’background-color: #00FF00′> “&vName&” </td>”)
end if

if cuc = 0 then

Response.Write(“<td style=’background-color: #667C26′>” & ” User ” & “</td>”)
else

Response.Write(“<td style=’background-color: #4863A0′>”& ” Computer ” & “</td>”)
end if

Response.Write(“<td>” & vUserAccountControlDesc & ” </td>”)

Response.Write(“<td align=right > ” & vDistinguishedName & ” </td>”)
else

end if

Response.Write(“</td></tr>”)

adoRecordset.MoveNext
strDisplay = 1

Loop

adoRecordset.Close

if strDisplay = “” then Response.Write(“Can not be search       —” & strDisplay & “—“)

adoConnection.Close

Response.Write(“</font>”)
Response.Write(“</table></td></tr></table>”)
Response.Write(“<br><align=left>P.S. :<br>Open/ilsd = Password will change first logon<br>Open/s = Password never expire<br>Close/s= Password never expire<br><br><br><br>”)

Response.End()
end if%>

 

 

Advertisements

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: