Hi folks,
I'd like to change an attribute in all my active directory user
accounts, or possibly confine the change to certain OU's. The change
must remove the "Terminal Server" user profile setting from each user
account. I don't want to have to manually go in and change every user,
how do I do it?
many thanks
Dave
this did it for me...its VB script embedded in MSAccess, so i can feed
a list of usernames and track the results if needed (note this is just
a code snippet without a lot of error checking etc..). Also, i have
the users full ADSpath already saved, so i dont need to look it up
each time, but the code below will do it for you.
Function removetermservices()
' turns off terminal services access to all users in inputted table
Dim xuser As IADsUser
Set db = CurrentDb
Set rs = db.OpenRecordset("select * from tsourceADCurrentusers order
by finalADusername", dbOpenDynaset)
Do While Not rs.EOF
varadspath=getADSpath(rs("username"))
Set xuser = GetObject(varadspath)
Debug.Print xuser.Name
xuser.AllowLogon = 0
xuser.SetInfo
rs.movenext
Loop
End Function
Function getADSpath(varADName)
Set objconn = CreateObject("ADODB.connection")
objconn.Provider = "ADSDSOObject"
objconn.open "Active Directory Provider"
strbase = "<LDAP://dc=abc,dc=xyz,dc=com>;" ' enter your own
domain here,
strfilter = "(&(Objectclass=USER)(samaccountname=" & varADName
& "));"
strattrs = "adspath,cn;"
strscope = "subtree"
' Debug.Print strbase & strfilter & strattrs & strscope
Set objrs = objconn.Execute(strbase & strfilter & strattrs &
strscope)
If Not objrs.EOF Then
getADSPath = objrs("adspath")
End If
End Function
