....and the output for users.txt - sheesh I've seen servers crash for less * ;) * not my servers mind you - other peoples :D _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Mack Sent: 19 October 2005 13:21 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Home directory and Profile Script Hi Andrew, Ok. I admit it. Your script is smaller than tscmd.exe (40KB). Damn nitpickers ;-) regards, Rick Ulrich Mack Volante Systems Level 2, 30 Little Cribb Street Coronation Drive Office Park Milton Qld 4064 tel: +61 7 32431847 fax: +61 7 32431992 rick.mack@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx on behalf of Andrew Wood Sent: Wed 19/10/2005 10:09 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Home directory and Profile Script true, but mine has a smaller disk space requirement ;) _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Mack Sent: 19 October 2005 12:55 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Home directory and Profile Script Hi, Of course at the other end of the scale, if you're new to scripting and just want to get the job done, you can generate a domain (or group) user list using net user /domain or net group (on a DC), eg. for /f "tokens=1,2,3" %i in ('net user /domain') do @echo %i >> users.txt & @echo %j >> users.txt & @echo %k >> users.txt. Edit the unwanted accounts out of users.txt and you've got a user list for further scripting. eg using tscmd for /f %i in (users.txt) do tscmd %your_DC% %i terminalserverhomepath <file://\\server\users\%i> \\server\users\%i & tscmd %your_DC% %i terminalserverprofilepath <file://\\server\profiles\%i> \\server\profiles\%i That's 2 lines of script ;-) Sorry guys, couldn't resist. regards, Rick Ulrich Mack Volante Systems Level 2, 30 Little Cribb Street Coronation Drive Office Park Milton Qld 4064 tel: +61 7 32431847 fax: +61 7 32431992 rick.mack@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx on behalf of Andrew Wood Sent: Wed 19/10/2005 9:41 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Home directory and Profile Script Wonderful that it is to see a recursive procedure used - is it truly worth the effort in this example? The ADO query does a distinct lookup querying AD for a specific filter type. The way the filter was created you're going to have a single query and return a distinct set of values. So, a single process of lookup against your AD environment to get the data, then some local client work. Granted you then have to look for all the records that are returned, but that initial query was done just once. In you're example you're instantiating variables every time you enter the recursive procedure. And you're going through Ous that might never have users. You're creating a large number of variables that essentially hold no useful values. You query the AD every time to get this data. Potentially your script wanders off down a whole OU structure that holds no users. So, in essence, you do a lot of work and create a lot of variables and have a whole stack of memory used and query the ad multiple times - and you end up with the same information. And you think this is more efficient? -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil Sent: 19 October 2005 09:42 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Home directory and Profile Script I suspect access I've never been inclined to go down the ADO route for searching in AD. I know it's the most documented way, but it's so easy to write functions to descend the structure, I find it more efficient. So the OP started off with a fully qualified DN to a user. But clearly that's largely irrelevant when evaluating all users in AD. Most people when writing ADSI scripts, do the whole objRootDSE and getdefaultnamingcontext thing. Once you've got that, you've got LDAP parlance for the root of your AD. To evaluate all users in a container, you'd simply set a filter on 'user' objects and loop around them - hence:- set objOU=getobject("LDAP://ou=Terminal Server Users, dc=fred, dc=com") objOU.filter=array("user") for each objOUUser in objOU ' do whatever with each user - ie check paths, check group membership... next But say you just wanted to descend all AD, opening all OUs and containers, only evaluate users, perhaps do some other conditional logic on each user, and do something, it's very easy to write a recursive sub to do the descending and processing. So you've established the DN for the root of your AD, and you've got your defaultnamingcontext in a string:- set objRootDSE=getobject("LDAP://rootdse";) strdefaultnamingcontext=objRootDSE.get("defaultnamingcontext") After that, you could just have a recursive sub that accepted an ADsPath as an argument (and perhaps other arguments if need be), that descended AD, and processed users, containers and OUs:- sub recurseAD(ADPath) set objContainer=getobject(ADPath) objContainer.filter=array("user") for each objContainerUser in objContainter ' whatever code you want to run against every user... perhaps including other conditions next objContainer.filter=array("organizationalunit") for each objContainerSubOU in objContainer call recurseAD(objContainerSubOU.adspath) next objContainter.filter=array("container") for each ojbContainerSubContainer in objContainer call recurseAD(objContainterSubContainer.adspath) next set objContainer=nothing end sub Then all you have to do to kick all this off, is call your recursive subroutine to start off with, hence:- call recurseAD("LDAP://"&strdefaultnamingcontext) And you've got an easy, lightweight script for evaluating all containers within AD, and processing each user found (assuming the security context the script is running under has conducive access by merit of DACLs). Now you can use ADO searches, or you could simply evaluate the NT provider, then do a switcheroo using nametranslate to get the user object via LDAP. But the amount of times you're likely to have to process many things within the AD hierarchy by script, means that having a very simple, lightweight, recursive function that will descend all AD, will be an axiomatic plus ;-) Of course, you could just forget all that, do something with cmd scripts, or ADDUSERS, or LDIFDE, or CSVDE - but if you've already started down the path of writing an ADSI script, you needn't necessarily have to go down the ADO route to evaluate all the things you want to evaluate using the LDAP provider. Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Wood > Sent: 18 October 2005 23:08 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Home directory and Profile Script > > But not on the TSProfilePath as its not a field you can reference > directly in AD is it? IIRC it's actually stored in userparameters > which is a binary? > > So, adodb to scoot through all the users, then initiate a user object > and use the ts extensions to interogate the ts properties.. > > Something like this - > > ------------------------------ > Option Explicit > > Dim objCommand, objConnection, strBase, strFilter, strAttributes, > objUser > > Dim strQuery, objRecordset, strdistinguishedName, strTSPath, strCN > > > Set objCommand = CreateObject("ADODB.Command") Set objConnection = > CreateObject("ADODB.Connection") objConnection.Provider = > "ADsDSOObject" > objConnection.Open "Active Directory Provider" > objCommand.ActiveConnection = objConnection '...change this bit for > your domain strBase = "<LDAP://dc=gilwood,dc=local>" > > strFilter = "(&(objectCategory=person)(objectClass=user))" > strAttributes = "sAMAccountName,cn,distinguishedName" > strQuery = strBase & ";" & strFilter & ";" & strAttributes & > ";subtree" > objCommand.CommandText = strQuery > objCommand.Properties("Page Size") = 100 > objCommand.Properties("Timeout") = 30 > objCommand.Properties("Cache Results") = False Set objRecordSet = > objCommand.Execute > > Do Until objRecordSet.EOF > strCN = objRecordSet.Fields("cn").Value > strdistinguishedName = > objRecordSet.Fields("distinguishedName").Value > > Set objUser = GetObject("LDAP://"; & strdistinguishedName) > if Len(objUser.TerminalServicesProfilePath) > 0 Then _ > Wscript.Echo strCN & " " & objUser.TerminalServicesProfilePath > > objRecordSet.MoveNext > Loop > > objConnection.Close > > ------------------------------ > > More than happy for someone to point out a quicker way mind. > > Personally - with W2k3 I've pretty much stopped using these settings > and simply set the ts profile and home directories as part of the > loopback policy. > > > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Ormond_Merino@xxxxxxx > Sent: 18 October 2005 21:24 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Home directory and Profile Script > > You could use ADODB.Command to query AD just like a SQL statement. A > google search should help. > > Regards, > Ormond Merino > > > -----Original Message----- > From: msemon@xxxxxxx [mailto:msemon@xxxxxxx] > Sent: Tuesday, October 18, 2005 3:22 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Home directory and Profile Script > > I am trying to create a script to pull from Active Directory all > users which have TS Home Directories and Profiles. What I have so far > works for a single user account, for example jones. Is there a way to > do this for all users in AD. > > > > Set objUser = GetObject _ > > ("LDAP://cn=jonesBill,ou=Management,dc=NA,dc=dc1,dc=com";) > > > WScript.Echo "Terminal Services Profile Path : " & _ > > objUser.TerminalServicesProfilePath > > WScript.Echo "Terminal Services Home Directory: " & _ > > objUser.TerminalServicesHomeDirectory > > WScript.Echo "Terminal Services Home Drive: " & _ > > objUser.TerminalServicesHomeDrive > > WScript.Echo "Allow Logon: " & objUser.AllowLogon > **************************************************************************** * This email and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this email from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods Shop Direct Group Limited or its subsidiaries. Please note that email communications may be monitored. The registered office of Littlewoods Shop Direct Group Limited is 100 Old Hall Street Liverpool L70 1AB registered number 5059352 **************************************************************************** * This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com ******************************************************** This Weeks Sponsor: Cesura, Inc. Know about Citrix end-user slowdowns before they know. Know the probable cause, immediately. Know it all now with this free white paper. http://www.cesurasolutions.com/landing/WPBCForCitrix.htm?mc=TBCC ******************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor: Cesura, Inc. Know about Citrix end-user slowdowns before they know. Know the probable cause, immediately. Know it all now with this free white paper. http://www.cesurasolutions.com/landing/WPBCForCitrix.htm?mc=WETBCC ******************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ############################################################################ ######### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. ############################################################################ ######### ############################################################################ ######### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. ############################################################################ ######### ############################################################################ ######### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. ############################################################################ ######### ############################################################################ ######### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. ############################################################################ #########