Life of a techno-guru
Tuesday, October 31, 2006
  Comparing Machine Accounts in Two Directories

The purpose of this script is to pull a registry key from all of our client machines to determine whether it has statically configured DNS servers or not. The challenge I am targeting is that some of our machines are joined to our Active Directory domain and can be authenticated against using my domain user account, however, about half of them are still not and I need to use a local user account on those machines to authenticate with. I approached this challenge, instead of using error handling, by using a Scripting.Dictionary object in which the keys contain the computer names ("Workstation" objects) from eDirectory/ZENworks, and the value contains the same machine name ("computer" objects) in Active Directory IF, and only IF the machine account exists in Active Directory. If Active Directory does not have a corresponding machine account, the value for the key will remain (string) "NULL". By iterating over the Scripting.Dictionary object, I can easily determine whether I should use domain authentication or local authentication based on whether the value for each key contains the same computer name or "NULL". Of course, I'm sure there will be some exceptions that need to be handled via error handling, but at least I'm not using error handling as my primary method of testing authentication. Here is the main logic of the script without the nitty gritty registry stuff:

'Dictionary will hold name of computer from eDirectory AND Active Directory (if applicable). Use this to test for local or domain authentication!
dim computers, cycle
set computers = CreateObject("Scripting.Dictionary")

'Dynamically obtain root of Active Directory domain partition
set rootdse = GetObject("LDAP://RootDSE")
dirRoot = rootdse.Get("defaultNamingContext")


function main()
'Populate computer names from eDirectory
searchDir "o=[YourRootNetwareOrg]","[eDirectoryServerIP]/"
'Populate computer names from Active Directory
searchDir dirRoot, ""

pckeys = computers.keys()
for each key in pckeys
wscript.echo key & " :: " & computers(key)
end function

'Server is OPTIONAL parameter. If connecting to Active Directory from a domain account, just use double quotes.
'Please put a slash after the name/IP if you specify one.
function searchDir(dn, server)
set root = GetObject("LDAP://" & server & dn)

for each dirobj in root
select case dirobj.class
case "ndsContainerLoginProperties"
searchDir & "," & dn, server
case "organizationalUnit"
searchDir dirobj.distinguishedName, ""
case "container"
searchDir dirobj.distinguishedName, ""
case "computer"
'Need to use Right function to cut of "cn=" from the computer's name
pcname = right(,len(
if computers.exists(pcname) then computers.item(pcname) = pcname
case "Workstation"
'Need to use Right function to cut of "cn=" from the computer's name
computers.add right(,len(,"NULL"
end select

end function

Now that you have this much, you can write another function that iterates over the Dictionary object and perform some random operation based on whether or not each computer has a corresponding computer object in Active Directory, or, any directory really. Due to the differences in directories though, you might have to tweak the object classes that the select case statement is testing for. If you have any questions, please feel free to e-mail me!

Trevor Sullivan

Monday, October 30, 2006
  Reading EXIF Data from VBscript
Well, today I came across SImage. This free, and open-source COM object allows you to work with EXIF data from image files. Pretty nifty ... I'm playing with a classic ASP that'll display such data using this free library :) Perhaps I'll post some examples ... enjoy!
Tuesday, October 10, 2006
  Disabling NetBIOS over TCP/IP Via Registry
So, if anyone out there is trying to get rid of NetBIOS to reduce broadcast traffic and optimize their network, I'm putting together a short guide on how to disable NetBIOS via the registry, should you need to perform this operation on a large number of computers. Since manually visiting each computer requires too much work, we'll look at the registry value we need to change using a script to disable NetBIOS.

The registry value we need to change resides in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_\ key, and the value's name is NetBIOSOptions. There are three valid values for this value:

0x0: Use NetBIOS setting from DHCP server or Enable if static IP is used
0x1: Enable NetBIOS over TCP/IP
0x2: Disable NetBIOS over TCP/IP

As you can probably tell, we want to use the last option, 0x2 as the correct value to disable NetBIOS. Let's look at how we can use WMI to access the registry of a computer remotely and change this value for us.

strComputer = "."
HKLM = 2147483650
valuename = "NetBIOSOptions"
subkey = "System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\"

'Get registry provider from WMI
set registry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
'Get subkeys of Interfaces key ... these will be random GUIDs, so we need to grab them dynamically
registry.EnumKey HKLM, subkey, subkeys

for i = 0 to ubound(subkeys)
'Set hex value of registry value to 0x2. We have to use the built-in VBscript hex function to convert from decimal to hex data type
registry.SetDWORDValue HKLM, subkey & subkeys(i), valuename, hex(2)
My life of learning various things about technology including network administration, development, and 3D design

Location: Chicago, Illinois, United States
January 2006 / February 2006 / March 2006 / May 2006 / June 2006 / July 2006 / August 2006 / September 2006 / October 2006 / November 2006 / December 2006 / January 2007 / February 2007 / March 2007 / April 2007 / May 2007 / June 2007 / August 2007 / December 2007 / January 2008 / March 2008 / April 2008 / June 2008 / July 2008 / September 2008 / December 2008 / January 2009 / February 2009 / March 2009 / May 2009 /

Powered by Blogger