J
Jerry Parlee
A couple of related puzzles:
The first script almost works.
I'm trying to create a number of users (in a separate script for this
purpose) and enable their account and set their passwords not to expire.
The create-account script (not shown) works fine. This part, whether
integral to the create-account script or stand-alone, manages to do the
second if statement, but not the first. If I swap the if statements it still
does the second, but not the first.
What would cause it to do that? Is it the case that you can only do one
operation at a time? Only the last one takes?
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objUser = GetObject
("LDAP://cn=Atest,ou=PsyUsers,dc=xxx,dc=uuuu,dc=edu")
intUAC = objUser.Get("userAccountControl")
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
End If
If not intUAC AND ADS_UF_DONT_EXPIRE_PASSWD Then
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
End If
+++++++++++++++++++++++++++++++++++++++++++++++
And. I can't make this work at all. It says something in the book that the
can't change password property is in "userAccountControl" , but then says
something about it being an "nTSecurityDescriptor". I am not at all clear on
the syntax, I've swapped both values in every permutation, but not got it to
do anything. I've also played with "if" and "if not", doesn't seem to help.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Const ADS_UF_PASSWD_CANT_CHANGE = &h00400
Set objUser = GetObject
("LDAP://cn=Atest,ou=PsyUsers,dc=xxx,dc=uuuu,dc=edu")
intUAC = objUser.Get("userAccountControl")
if not intNSD AND ADS_UF_PASSWD_CANT_CHANGE Then
objUser.Put "nTSecurityDescriptor", intUAC XOR ADS_UF_PASSWD_CANT_CHANGE
objUser.SetInfo
End If
+++++++++++++++++++++++++++++++++++++++++++++++
Thanks,
Jerry
The first script almost works.
I'm trying to create a number of users (in a separate script for this
purpose) and enable their account and set their passwords not to expire.
The create-account script (not shown) works fine. This part, whether
integral to the create-account script or stand-alone, manages to do the
second if statement, but not the first. If I swap the if statements it still
does the second, but not the first.
What would cause it to do that? Is it the case that you can only do one
operation at a time? Only the last one takes?
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objUser = GetObject
("LDAP://cn=Atest,ou=PsyUsers,dc=xxx,dc=uuuu,dc=edu")
intUAC = objUser.Get("userAccountControl")
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
End If
If not intUAC AND ADS_UF_DONT_EXPIRE_PASSWD Then
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
End If
+++++++++++++++++++++++++++++++++++++++++++++++
And. I can't make this work at all. It says something in the book that the
can't change password property is in "userAccountControl" , but then says
something about it being an "nTSecurityDescriptor". I am not at all clear on
the syntax, I've swapped both values in every permutation, but not got it to
do anything. I've also played with "if" and "if not", doesn't seem to help.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Const ADS_UF_PASSWD_CANT_CHANGE = &h00400
Set objUser = GetObject
("LDAP://cn=Atest,ou=PsyUsers,dc=xxx,dc=uuuu,dc=edu")
intUAC = objUser.Get("userAccountControl")
if not intNSD AND ADS_UF_PASSWD_CANT_CHANGE Then
objUser.Put "nTSecurityDescriptor", intUAC XOR ADS_UF_PASSWD_CANT_CHANGE
objUser.SetInfo
End If
+++++++++++++++++++++++++++++++++++++++++++++++
Thanks,
Jerry