Comparing Machine Accounts in Two Directories

The purpose of this script is to pull a registry key from all of our client machines to determine whether it has statically configured DNS servers or not. The challenge I am targeting is that some of our machines are joined to our Active Directory domain and can be authenticated against using my domain user account, however, about half of them are still not and I need to use a local user account on those machines to authenticate with. I approached this challenge, instead of using error handling, by using a Scripting.Dictionary object in which the keys contain the computer names ("Workstation" objects) from eDirectory/ZENworks, and the value contains the same machine name ("computer" objects) in Active Directory IF, and only IF the machine account exists in Active Directory. If Active Directory does not have a corresponding machine account, the value for the key will remain (string) "NULL". By iterating over the Scripting.Dictionary object, I can easily determine whether I should use domain authentication or local authentication based on whether the value for each key contains the same computer name or "NULL". Of course, I'm sure there will be some exceptions that need to be handled via error handling, but at least I'm not using error handling as my primary method of testing authentication. Here is the main logic of the script without the nitty gritty registry stuff:

'Dictionary will hold name of computer from eDirectory AND Active Directory (if applicable). Use this to test for local or domain authentication!
dim computers, cycle
set computers = CreateObject("Scripting.Dictionary")

'Dynamically obtain root of Active Directory domain partition
set rootdse = GetObject("LDAP://RootDSE")
dirRoot = rootdse.Get("defaultNamingContext")

main()

function main()
'Populate computer names from eDirectory
searchDir "o=[YourRootNetwareOrg]","[eDirectoryServerIP]/"
'Populate computer names from Active Directory
searchDir dirRoot, ""

pckeys = computers.keys()
for each key in pckeys
wscript.echo key & " :: " & computers(key)
next
end function

'Server is OPTIONAL parameter. If connecting to Active Directory from a domain account, just use double quotes.
'Please put a slash after the name/IP if you specify one.
function searchDir(dn, server)
set root = GetObject("LDAP://" & server & dn)

for each dirobj in root
select case dirobj.class
case "ndsContainerLoginProperties"
searchDir dirobj.name & "," & dn, server
case "organizationalUnit"
searchDir dirobj.distinguishedName, ""
case "container"
searchDir dirobj.distinguishedName, ""
case "computer"
'Need to use Right function to cut of "cn=" from the computer's name
pcname = right(dirobj.name,len(dirobj.name)-3)
if computers.exists(pcname) then computers.item(pcname) = pcname
case "Workstation"
'Need to use Right function to cut of "cn=" from the computer's name
computers.add right(dirobj.name,len(dirobj.name)-3),"NULL"
end select
next

end function

Now that you have this much, you can write another function that iterates over the Dictionary object and perform some random operation based on whether or not each computer has a corresponding computer object in Active Directory, or, any directory really. Due to the differences in directories though, you might have to tweak the object classes that the select case statement is testing for. If you have any questions, please feel free to e-mail me!

Trevor Sullivan

  ¶ 11:47 AM 0 comments

  Reading EXIF Data from VBscript Well, today I came across SImage. This free, and open-source COM object allows you to work with EXIF data from image files. Pretty nifty ... I'm playing with a classic ASP that'll display such data using this free library :) Perhaps I'll post some examples ... enjoy!  ¶ 7:46 PM 0 comments

  Disabling NetBIOS over TCP/IP Via Registry So, if anyone out there is trying to get rid of NetBIOS to reduce broadcast traffic and optimize their network, I'm putting together a short guide on how to disable NetBIOS via the registry, should you need to perform this operation on a large number of computers. Since manually visiting each computer requires too much work, we'll look at the registry value we need to change using a script to disable NetBIOS.

The registry value we need to change resides in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_\ key, and the value's name is NetBIOSOptions. There are three valid values for this value:

0x0: Use NetBIOS setting from DHCP server or Enable if static IP is used
0x1: Enable NetBIOS over TCP/IP
0x2: Disable NetBIOS over TCP/IP

As you can probably tell, we want to use the last option, 0x2 as the correct value to disable NetBIOS. Let's look at how we can use WMI to access the registry of a computer remotely and change this value for us.

strComputer = "."
HKLM = 2147483650
valuename = "NetBIOSOptions"
subkey = "System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\"

'Get registry provider from WMI
set registry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
'Get subkeys of Interfaces key ... these will be random GUIDs, so we need to grab them dynamically
registry.EnumKey HKLM, subkey, subkeys

for i = 0 to ubound(subkeys)
'Set hex value of registry value to 0x2. We have to use the built-in VBscript hex function to convert from decimal to hex data type
registry.SetDWORDValue HKLM, subkey & subkeys(i), valuename, hex(2)
next

  ¶ 5:58 AM 2 comments