Archive for category Microsoft
Search,Enable or Disable user/computer accounts in Active Directory over Web page (LDAP ASP)
Posted by cemguneyli in ete, Microsoft, System on May 11, 2011
through this code/ASP in below/file, you can search users,computers, printers and other objects in Active directory over web page, as a result of this search, you can get object’s location in AD. You can enable and disable the user/computer accounts of this page in Active Directory. Also You’ll able to move accounts into a Organization Unit when disable or enable accounts. (you can set different Organization Unit for Enable and Disable process). I mean you can collect disabled user/computer accounts into one Organization Unit or separated OUs.
To publish this ASP page over web site in IIS 6 or 7,ASP page need administrative privilege for working but for search just need authorized users. So at least ISS default authentication method should be change to basic authentication. For prevent unauthorized user to disable/enable accounts in Active Directory.
You can download ASP file here
source : http://www.emrullahekmekci.com.tr/?p=400
<%
‘
‘ 10 / 05 /2011 — Emrullah Tahir Ekmekçi
‘ Search, Enable or Disable Users and Computer account in Active Directory over Web browser
‘ 1.0
response.charset=”windows-1254″
Response.CacheControl = “no-cache”
response.Clear()
%>
<title>Search/Enable/Disable Users/Computers Accounts</title>
<body>
<br>
<br>
<center><form id=”form1″ name=”form1″ method=”post” action=”ADAramaAcmaKapama.asp”>
<label>User/Computer name
<input name=”is” type=”hidden” value=”is” /><input type=”text” name=”uname” id=”uname” />
</label>
</form></center>
</body>
</html>
<%
Dim strCN, objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strDN, strDisplay, strObjectCategory, intIndex
‘ Kullanici ve Bilgisayar hesabi acma ve kapatma
if request(“hesap”) <> “” and request(“y”) <> “” and request(“t”) <> “” then
strCN = request(“hesap”)
ka = request(“y”)
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection
strBase = “<LDAP://” & strDNSDomain & “>”
strFilter = “(cn=” & strCN & “*)”
strAttributes = “cn,distinguishedName,sAMAccountName,name,userAccountControl”
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 100
adoCommand.Properties(“Timeout”) = 30
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute
Const ADS_UF_ACCOUNTDISABLE = 2
Set objUser = GetObject (“LDAP://” & adoRecordset.Fields(“distinguishedName”))
strOUDN = “OU=DisabledComputers,DC=fabrikam,DC=com” ‘ Disabled computers account will be moved this ou
strOUDNE = “CN=Computers,DC=fabrikam,DC=com” ‘ Enabled computers account will be moved this ou
strOUDNU = “OU=DisabledComputers,DC=fabrikam,DC=com” ‘Disabled users account will be moved this ou
strOUDNEU = “CN=Users,DC=fabrikami,DC=com” ‘ Enabled users account will be moved this ou
intUAC = objUser.Get(“userAccountControl”)
if ka = “k” then
if request(“t”) = “u” then
Set objOU = GetObject(“LDAP://” & strOUDNU)
objUser.Put “userAccountControl”, intUAC OR ADS_UF_ACCOUNTDISABLE ‘ User account is closed.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ User account is moving.
end if
if request(“t”) = “b” then
Set objOU = GetObject(“LDAP://” & strOUDN)
objUser.accountdisabled = true ‘ Computer account is closed.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ Computer account is moving.
end if
response.write “Account has been closed”
elseif ka = “a” then
if request(“t”) = “u” then
Set objOU = GetObject(“LDAP://” & strOUDNEU)
objUser.Put “userAccountControl”, intUAC XOR ADS_UF_ACCOUNTDISABLE ‘ User account is open.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ User account is moving.
end if
if request(“t”) = “b” then
Set objOU = GetObject(“LDAP://” & strOUDNE)
objUser.accountdisabled = false ‘ Computer account is open.
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘Computer account is moving.
end if
response.write “Account has been opened”
end if
response.Redirect “ADAramaAcmaKapama.asp?uname=”&request(“hesap”)&”&is=1″
adoRecordset.Close
response.End()
end if
‘ object search
if request(“uname”) = “” and request(“is”) <> “” then
%><p><b><center>User/Computer name can not be empty.</center></b></font></p><%
elseif request(“uname”) <> “” and request(“is”) <> “” then
strCN = request(“uname”) & “*”
if len(strCN) <4 then
response.Clear()
Response.Write(“Please enter least 3 char.”)
Response.end
end if
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection
strBase = “<LDAP://” & strDNSDomain & “>”
strFilter = “(cn=” & strCN & “)”
strAttributes = “cn,distinguishedName,sAMAccountName,name,userAccountControl”
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 100
adoCommand.Properties(“Timeout”) = 30
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute
If (adoRecordset.EOF = True) Then
Response.Write(“<center>No record found</center>”)
Response.end
End If
‘ Table has been created what is object will be show.
Response.Write(“<table width=100% height=100% ><tr width=100% height=100% ><td width=100% height=100% align=center valign=center><table border=’1′>”)
Response.Write(“<tr><th> Account Name </th><th> Computer/User name </th><th> Status</th><th> Type </th><th> DN </th></tr>”)
Response.Write(“<font size=-2>”)
Do Until adoRecordset.EOF
vSAMAccountName= adoRecordset.Fields(“sAMAccountName”).Value
vName = adoRecordset.Fields(“name”).Value
vUserAccountControl= adoRecordset.Fields(“userAccountControl”).Value
vDistinguishedName= adoRecordset.Fields(“distinguishedName”).Value
AKR = 0
if vUserAccountControl = 512 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Close</center> </a>”
elseif vUserAccountControl = 514 then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=a&t=u’ title=’Açmak için tiklayin’><center> Open </center></a>”
elseif vUserAccountControl = 544 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Close/ilsd </center></a>”
elseif vUserAccountControl = 66048 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Close/s </center></a>”
elseif vUserAccountControl = 66050 then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=a&t=u’ title=’Açmak için tiklayin’><center> Open/s </center></a>”
elseif vUserAccountControl = 4096 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=k&t=b’ title=’Kapatmak için tiklayin’><center> Close </center></a>”
elseif vUserAccountControl = 4128 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=k&t=b’ title=’Kapatmak için tiklayin’><center> Close </center></a>”
elseif vUserAccountControl = 4098 then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=a&t=b’ title=’Açmak için tiklayin’><center> Open </center></a>”
else
vUserAccountControlDesc = vUserAccountControl
end if
cuc = instr (vSAMAccountName,”$”)
if vUserAccountControl <> “” then
if cuc = 0 then Response.Write(“<tr><td> ” & vSAMAccountName & ” </td>”) else Response.Write(“<tr><td></td>”)
if AKR = 0 then
response.write (“<td style=’background-color: #FF0000′> “&vName&” </td>”)
else
response.write (“<td style=’background-color: #00FF00′> “&vName&” </td>”)
end if
if cuc = 0 then
Response.Write(“<td style=’background-color: #667C26′>” & ” User ” & “</td>”)
else
Response.Write(“<td style=’background-color: #4863A0′>”& ” Computer ” & “</td>”)
end if
Response.Write(“<td>” & vUserAccountControlDesc & ” </td>”)
Response.Write(“<td align=right > ” & vDistinguishedName & ” </td>”)
else
end if
Response.Write(“</td></tr>”)
adoRecordset.MoveNext
strDisplay = 1
Loop
adoRecordset.Close
if strDisplay = “” then Response.Write(“Can not be search —” & strDisplay & “—“)
adoConnection.Close
Response.Write(“</font>”)
Response.Write(“</table></td></tr></table>”)
Response.Write(“<br><align=left>P.S. :<br>Open/ilsd = Password will change first logon<br>Open/s = Password never expire<br>Close/s= Password never expire<br><br><br><br>”)
Response.End()
end if%>
Web’ten Active Directory’deki Kullanıcı ve Bilgisayar hesaplarını Enable/Disable yapılması (ASP ile)
Posted by cemguneyli in ete, Microsoft on May 10, 2011
Aşağıda ve linkte bulunan asp kodları/dosyası ile, Active Directory’deki kullanıcı ve bilgisayar hesapları arasında arama yapabilir, nesnelerin Active Directory içerisindeki yerini öğrenebilir ve kullanıcı ve bilgisayar hesaplarını kapatıp açabilirsiniz. Kapatılan kulanıcı ve bilgisayar hesaplarını istediğiniz OU’da toplayabilir veya açtıklarınızı istediğiniz OU ya taşıyabilirsiniz.
Bu ASP dosyasını çalışabilmesi yayınladığınız web sitesi için IIS yapılacak tek ayar ise ; web site’ın authentication method’unu Basic authentication yapmak, böylece yetkisiz kullanıcılar Active Directory’de arama yapabilecekler fakat, enable/disable veya nesne taşıması yapamıyacaklar.
Dosyayi buradan indirebilirsiniz
Kaynak : http://www.emrullahekmekci.com.tr/?p=379
<%
‘
‘ 10 / 05 /2011 — Emrullah Tahir Ekmekçi
‘ Kullanici ve Bilgisayar hesaplarinin web üzerinden Enable/Disable yapilmasi
‘ 1.0
response.charset=”windows-1254″
Response.CacheControl = “no-cache”
response.Clear()
%>
<title>Kullanici/Bilgisayar hesabi arama/acma/kapatma</title>
<body>
<br>
<br>
<center><form id=”form1″ name=”form1″ method=”post” action=”ADAramaAcmaKapama.asp”>
<label>Nesne adi
<input name=”is” type=”hidden” value=”is” /><input type=”text” name=”uname” id=”uname” />
</label>
</form></center>
</body>
</html>
<%
Dim strCN, objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strDN, strDisplay, strObjectCategory, intIndex
‘ Kullanici ve Bilgisayar hesabi acma ve kapatma
if request(“hesap”) <> “” and request(“y”) <> “” and request(“t”) <> “” then
strCN = request(“hesap”)
ka = request(“y”)
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection
strBase = “<LDAP://” & strDNSDomain & “>”
strFilter = “(cn=” & strCN & “*)”
strAttributes = “cn,distinguishedName,sAMAccountName,name,userAccountControl”
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 100
adoCommand.Properties(“Timeout”) = 30
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute
Const ADS_UF_ACCOUNTDISABLE = 2
Set objUser = GetObject (“LDAP://” & adoRecordset.Fields(“distinguishedName”))
strOUDN = “OU=DisabledComputers,DC=fabrikam,DC=com” ‘ Kapatilan Bilgisayar Hesaplarinin tasinacagi OU
strOUDNE = “CN=Computers,DC=fabrikam,DC=com” ‘ Açilan Bilgisayar Hesaplarinin tasinacagi OU
strOUDNU = “OU=DisabledComputers,DC=fabrikam,DC=com” ‘Kapatilan kullanici Hesaplarinin tasinacagi OU
strOUDNEU = “CN=Users,DC=fabrikami,DC=com” ‘ Açilan Bilgisayar Hesaplarinin tasinacagi OU
intUAC = objUser.Get(“userAccountControl”)
if ka = “k” then
if request(“t”) = “u” then
Set objOU = GetObject(“LDAP://” & strOUDNU)
objUser.Put “userAccountControl”, intUAC OR ADS_UF_ACCOUNTDISABLE ‘ kullanici hesabi kapatiliyor
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ kullanici hesabi tasiniyor
end if
if request(“t”) = “b” then
Set objOU = GetObject(“LDAP://” & strOUDN)
objUser.accountdisabled = true ‘ bilgisayar hesabi kapatiliyor
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ bilgisayar hesabi tasiniyor
end if
response.write “Hesap Kapatildi”
elseif ka = “a” then
if request(“t”) = “u” then
Set objOU = GetObject(“LDAP://” & strOUDNEU)
objUser.Put “userAccountControl”, intUAC XOR ADS_UF_ACCOUNTDISABLE ‘ kullanici hesabi açiliyor
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘ bilgisayar hesabi kapatiliyor
end if
if request(“t”) = “b” then
Set objOU = GetObject(“LDAP://” & strOUDNE)
objUser.accountdisabled = false ‘ bilgisayar hesabi açiliyor
objUser.SetInfo
objOU.movehere objUser.ADsPath, objUser.name ‘bilgisayar hesabi tasiniyor
end if
response.write “Hesap Acildi”
end if
response.Redirect “ADAramaAcmaKapama.asp?uname=”&request(“hesap”)&”&is=1″
adoRecordset.Close
response.End()
end if
‘ AD’de nesene aramari
if request(“uname”) = “” and request(“is”) <> “” then
%><p><b><center>Nesneyi bos gecmeyin lütfen.</center></b></font></p><%
elseif request(“uname”) <> “” and request(“is”) <> “” then
strCN = request(“uname”) & “*”
if len(strCN) <4 then
response.Clear()
Response.Write(“en az 3 karakter girmelisiniz.”)
Response.end
end if
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection
strBase = “<LDAP://” & strDNSDomain & “>”
strFilter = “(cn=” & strCN & “)”
strAttributes = “cn,distinguishedName,sAMAccountName,name,userAccountControl”
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 100
adoCommand.Properties(“Timeout”) = 30
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute
If (adoRecordset.EOF = True) Then
Response.Write(“<center>Aradiginiz kriterde kayit bulunamadi</center>”)
Response.end
End If
‘ AD nesnelerinin gösterilecegi tablo olusturuluyor.
Response.Write(“<table width=100% height=100% ><tr width=100% height=100% ><td width=100% height=100% align=center valign=center><table border=’1′>”)
Response.Write(“<tr><th> Hesap adi </th><th> Bilgisayar/Kullanici Adi </th><th> Durum </th><th> Tipi </th><th> AD Yeri </th></tr>”)
Response.Write(“<font size=-3>”)
Do Until adoRecordset.EOF
vSAMAccountName= adoRecordset.Fields(“sAMAccountName”).Value
vName = adoRecordset.Fields(“name”).Value
vUserAccountControl= adoRecordset.Fields(“userAccountControl”).Value
vDistinguishedName= adoRecordset.Fields(“distinguishedName”).Value
AKR = 0
if vUserAccountControl = 512 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Kapat</center> </a>”
elseif vUserAccountControl = 514 then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=a&t=u’ title=’Açmak için tiklayin’><center> Aç </center></a>”
elseif vUserAccountControl = 544 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Kapat/ilsd </center></a>”
elseif vUserAccountControl = 66048 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=k&t=u’ title=’Kapatmak için tiklayin’><center> Kapat/s </center></a>”
elseif vUserAccountControl = 66050 then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vSAMAccountName&”&y=a&t=u’ title=’Açmak için tiklayin’><center> Aç/s </center></a>”
elseif vUserAccountControl = 4096 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=k&t=b’ title=’Kapatmak için tiklayin’><center> Kapat </center></a>”
elseif vUserAccountControl = 4128 then
AKR = 1
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=k&t=b’ title=’Kapatmak için tiklayin’><center> Kapat </center></a>”
elseif vUserAccountControl = 4098 then
AKR = 0
vUserAccountControlDesc = “<a href=’./ADAramaAcmaKapama.asp?hesap=”&vName&”&y=a&t=b’ title=’Açmak için tiklayin’><center> Aç </center></a>”
else
vUserAccountControlDesc = vUserAccountControl
end if
cuc = instr (vSAMAccountName,”$”) ‘ Nesnin Bilgisayar hesabini oldugunu belirten “$” karakteri kontrolu yapiliyor
if vUserAccountControl <> “” then
if cuc = 0 then Response.Write(“<tr><td> ” & vSAMAccountName & ” </td>”) else Response.Write(“<tr><td></td>”)
if AKR = 0 then
response.write (“<td style=’background-color: #FF0000′> “&vName&” </td>”)
else
response.write (“<td style=’background-color: #00FF00′> “&vName&” </td>”)
end if
if cuc = 0 then
Response.Write(“<td style=’background-color: #667C26′>” & ” Kullanici ” & “</td>”)
else
Response.Write(“<td style=’background-color: #4863A0’>”& ” Bilgisayar ” & “</td>”)
end if
Response.Write(“<td>” & vUserAccountControlDesc & ” </td>”)
Response.Write(“<td align=right > ” & vDistinguishedName & ” </td>”)
else
end if
Response.Write(“</td></tr>”)
adoRecordset.MoveNext
strDisplay = 1
Loop
adoRecordset.Close
if strDisplay = “” then Response.Write(“Arama yapilamadi —” & strDisplay & “—“)
adoConnection.Close
Response.Write(“</font>”)
Response.Write(“</table></td></tr></table>”)
Response.Write(“<br><align=left>Note :<br>Acik/ilsd = Ilk logon’da sifre degistirilecek<br>Acik/s = Süresis sifre<br>Kapali/s = Süresis sifre<br><br><br><br>”)
Response.End()
end if%>
Getting Last Logon time for Computers in Domain as list with VBA
Posted by cemguneyli in Articles, ete, Microsoft on April 27, 2011
Last week, I need to find how many inactive computers in our Active Directory with computers name and last logon date. I can use this info various way after gather from our Active Directory.
There are lot of scripts about it in Internet but problem is which one should I use and how to! Also I need to export those computers as a text or csv file and how to move those computers in a Organization Unit in Active directory.
So I developed this application. I can gather/do whole this.
Application has some setting like you can set a Day period and set DN location in Active directory for where those computers account will moved.
Also Application has two language support, Turksih and English.
P.S. : Zip file password is “ete”