PHWinfo - Afficher un message - Require a User to Logon on Using a Smartcard Script

30/08/2007, 16h45

Noah wrote:

> I am trying to run a script on multiple users, but the script example
> given
> by Microsoft is only good for an individual user account.
> HEre is the script example:
> Const ADS_UF_SMARTCARD_REQUIRED = &h40000
>
> Set objUser = GetObject _
> ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com" )
>
> intUAC = objUser.Get("userAccountControl")
>
> If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then
> objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED
> objUser.SetInfo
> End If
>
>
> What I am trying to do is run this script on a define OU which will enable
> smart card login for ALL of the users in that OU. This script only defines
> one specific user. Any would be appreciated.

Enclose the snippet above in a loop that enumerates all users in the OU.
============
Option Explicit
Dim objOU, objUser, intUAC
Const ADS_UF_SMARTCARD_REQUIRED = &h40000

' Bind to the OU using its Distinguished Name.
Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")

' Filter on user objects.
' This includes computer objects.
objOU.Filter = Array("user")

' Enumerate users objects.
For Each objUser In objOU
' Skip computer objects.
If (LCase(objUser.Class) = "user")
intUAC = objUser.Get("userAccountControl")
' Check if the bit is already set.
If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then
' The bit is not set. Set the bit.
intUAC = intUAC OR ADS_UF_SMARTCARD_REQUIRED
objUser.Put "userAccountControl", intUAC
' Save change.
objUser.SetInfo
End If
End If
Next
==========
The AND operator is used to test the flag attribute (userAccountControl)
with the bit mask ADS_UF_SMARTCARD_REQUIRED. Any non-zero result means the
bit is set, while a zero result means the bit is not set. The OR operator is
used to set the bit. The XOR operator toggles the bit. In this case, you
could use either OR or XOR, since we first test to see that it is not set.
The XOR operator must be used to un-set (clear) a bit.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

30/08/2007, 16h45	#2
Richard Mueller [MVP] Messages: n/a Hébergeur:	Re: Require a User to Logon on Using a Smartcard Script Noah wrote: > I am trying to run a script on multiple users, but the script example > given > by Microsoft is only good for an individual user account. > HEre is the script example: > Const ADS_UF_SMARTCARD_REQUIRED = &h40000 > > Set objUser = GetObject _ > ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com" ) > > intUAC = objUser.Get("userAccountControl") > > If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then > objUser.Put "userAccountControl", intUAC XOR ADS_UF_SMARTCARD_REQUIRED > objUser.SetInfo > End If > > > What I am trying to do is run this script on a define OU which will enable > smart card login for ALL of the users in that OU. This script only defines > one specific user. Any would be appreciated. Enclose the snippet above in a loop that enumerates all users in the OU. ============ Option Explicit Dim objOU, objUser, intUAC Const ADS_UF_SMARTCARD_REQUIRED = &h40000 ' Bind to the OU using its Distinguished Name. Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com") ' Filter on user objects. ' This includes computer objects. objOU.Filter = Array("user") ' Enumerate users objects. For Each objUser In objOU ' Skip computer objects. If (LCase(objUser.Class) = "user") intUAC = objUser.Get("userAccountControl") ' Check if the bit is already set. If (intUAC AND ADS_UF_SMARTCARD_REQUIRED) = 0 Then ' The bit is not set. Set the bit. intUAC = intUAC OR ADS_UF_SMARTCARD_REQUIRED objUser.Put "userAccountControl", intUAC ' Save change. objUser.SetInfo End If End If Next ========== The AND operator is used to test the flag attribute (userAccountControl) with the bit mask ADS_UF_SMARTCARD_REQUIRED. Any non-zero result means the bit is set, while a zero result means the bit is not set. The OR operator is used to set the bit. The XOR operator toggles the bit. In this case, you could use either OR or XOR, since we first test to see that it is not set. The XOR operator must be used to un-set (clear) a bit. -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net --