Thursday, March 29, 2007

Mail Enable a User using a script

Another Script - This one is to mail-enable a user using a vbs script. With very little work, you could use this to mail-enable a list of users... but, I will leave that up to you.


UserDN = "CN=cn-name,OU=OU-name,DC=company,DC=com"
MBoxDN = "CN=Mailbox Store (Server),CN=First Storage Group,CN=Store,CN=ServerName,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Company,DC=Com"

'Set objUser = GetObject("LDAP://" & UserDN)
Set objMailboxStore = GetObject("LDAP://" & UserDN)
objMailboxStore.CreateMailbox MboxDN

Monday, March 26, 2007

Display accounts with a Mismatch between their AG and LegacyDN

Here is another script that you can run to display all of the accounts that have a mis-match between their Exchange AG and the Legacy ExchangeDN. (Yes, The Legacy ExchangeDN is still used - Thanks MSFT!!!)

' Displays accounts with mis-matched Adminitrative groups vs. legacyExchangeDN. '
Option Explicit


Dim defaultNamingContext
Dim legacyExchangeDN, homeMDB, AdsPath, sAMAccountName
Dim AdConn, AdComm, AdRS, AdQuery
Dim Fix, objUser

If WScript.Arguments.Count = 1 then
If UCase(WScript.Arguments.Item(0)) = "-F" Or UCase(WScript.Arguments.Item(0)) = "/F" then
Fix = True
End If
Fix = False
End If

defaultNamingContext = GetObject("LDAP://RootDSE").Get("defaultNamingContext")
AdQuery = "SELECT legacyExchangeDN, homeMDB, AdsPath, sAMAccountName " & _
"FROM 'LDAP://" & defaultNamingContext & "' " & _
"WHERE objectCategory='Person' " & _
"AND objectClass='User' " & _
"AND legacyExchangeDN='*' " & _
"AND homeMDB='*'"

Set AdConn = CreateObject("ADODB.Connection") ' Get an ADO connection object
AdConn.Provider = "ADsDSOObject" ' Set provider name
AdConn.Open "Active Directory Provider" ' open connection

Set AdComm = CreateObject("ADODB.Command") ' Get an ADO command object
AdComm.ActiveConnection = AdConn ' Tell command object about connection
AdComm.Properties("SearchScope") = 2 ' we want to search everything
AdComm.Properties("Page Size") = 100 ' and we want our records in lots of 500

AdComm.CommandText = AdQuery ' Set the ADO CommandText
Set AdRS = AdComm.Execute ' and run the query.

On Error Resume Next
With AdRs
AdRS.MoveFirst ' Go to 1st record in the set
While Not .EOF ' Read 'em until they're gone
legacyExchangeDN = .Fields("legacyExchangeDN")
homeMDB = .Fields("homeMDB")
AdsPath = .Fields("AdsPath")
sAMAccountName = .Fields("sAMAccountName")
legacyExchangeDN = Mid(legacyExchangeDN,2)
legacyExchangeDN = Mid(legacyExchangeDN,InStr(legacyExchangeDN,"/")+1)
legacyExchangeDN = Mid(legacyExchangeDN,InStr(legacyExchangeDN,"=")+1)
legacyExchangeDN = Mid(legacyExchangeDN,1,InStr(legacyExchangeDN,"/")-1)
homeMDB = Mid(homeMDB,InStr(homeMDB,"CN=Servers,CN=")+14)
homeMDB = Mid(homeMDB,1,InStr(homeMDB,"CN=Admin")-2)
If UCase(homeMDB) <> UCase(legacyExchangeDN) then
If Fix then
Set objUser = GetObject(AdsPath)
objUser.PutEx ADS_PROPERTY_CLEAR, "legacyExchangeDN", vbNullString
If Err then
WScript.Echo "Error " & Hex(Err.Number) & " clearing legacyExchangeDN for " & AdsPath
WScript.Echo "legacyExchangeDN cleared for " & AdsPath & " " & legacyExchageDN & "<>" & homeMDB
End If
Set objUser = Nothing
WScript.Echo legacyExchangeDN & "," & homeMDB & ",""" & AdsPath & """"
End If
End If
End With

Set AdRs = Nothing
Set AdComm = Nothing
Set AdConn = Nothing

Saturday, March 24, 2007

SAM Account Name attribute to the name attribute

' Compares the sAMAccountName attribute to the name attribute and displays '
' mismatches. '
Option Explicit

Dim defaultNamingContext
Dim AdQuery
Dim AdsPath, sAMAccountName, cn
Dim AdConn, AdComm, AdRS

defaultNamingContext = GetObject("LDAP://RootDSE").Get("defaultNamingContext")

AdQuery = "SELECT cn, sAMAccountName " & _
"FROM 'LDAP://" &amp; defaultNamingContext & "' " & _
"WHERE objectCategory='group'"

Set AdConn = CreateObject("ADODB.Connection")
AdConn.Provider = "ADsDSOObject"
AdConn.Open "Active Directory Provider"

Set AdComm = CreateObject("ADODB.Command")
AdComm.ActiveConnection = AdConn
AdComm.Properties("SearchScope") = 2
AdComm.Properties("Page Size") = 1000

AdComm.CommandText = AdQuery
Set AdRS = AdComm.Execute

WScript.Echo "sAMAccountName,cn"
With AdRs
While Not .EOF
sAMAccountName = .Fields("sAMAccountName")
cn = .Fields("cn")
If UCase(sAMAccountName) <> UCase(cn) then
WScript.Echo sAMAccountName & "," & cn
End If
End With

Set AdRs = Nothing
Set AdComm = Nothing
Set AdConn = Nothing

Friday, March 23, 2007

Report Last Logon

Ever want to have a database of the last logons in your environment? Well, here is a little vbs script that will do just that!

Option Explicit

Const adOpenKeyset = 1
Const adLockOptimistic = 3

' LastLogon table in LastLogon database:
' user_account varchar 50
' lastDC varchar 50
' lastlogon_time datetime 8
' insert_time datetime 8

Dim sqlConn, sqlComm, sqlProvider, sqlRS
Dim user_account, lastDC, lastlogon_time, insert_time

sqlProvider = "Server=***servername***;Database=LastLogon;Trusted_Connection=yes;"

Set sqlConn = CreateObject("ADODB.Connection")
sqlConn.Provider = "sqloledb"
sqlConn.Open sqlProvider

Set sqlRS = CreateObject("ADODB.Recordset")
sqlRS.ActiveConnection = sqlConn
sqlRS.CursorType = adOpenKeyset
sqlRS.LockType = adLockOptimistic
sqlRS.Source = "SELECT DISTINCT user_account, lastDC, lastlogon_time, insert_Time " & _
"FROM LastLogon " & _
"ORDER BY user_account"

While (Not sqlRS.EOF)
user_account = sqlRS.Fields("user_account")
lastDC = sqlRS.Fields("lastDC")
lastlogon_time = sqlRS.Fields("lastlogon_time")
insert_time = sqlRS.Fields("insert_time")
WScript.Echo user_account & " " & lastlogon_time & " " & lastDC


Thursday, March 22, 2007

How To: List the Members of a Group

How many times have you been asked – “Who is a member of this group?” or “Can I have a list of members of this group?”

Well, I have.. a lot! Generally, it is a security group, where only an Admin can see the members or a person has a list of groups. So, here is an easy way to get that information.

for /f "tokens=* usebackq" %i in (`adfind -default -list -f "name=domain admins" member`) do @adfind -b "%i" -s base -list mail

The output will look like

Then you can just pipe it to a text file (>>admins.txt).. then ship that off to whoever wants it. You can find the adfind tool from Joe Ware (

Tuesday, March 20, 2007

Vista Tips and Tricks

I have only been running Vista on a test machine for about a month or so. So far, I am not impressed. It looks “cutesy” and is not compatible with most of the software that I use in my day to day operations. So, I will not be upgrading anytime in the foreseable future. However, here are a few tricks that I have discovered to make this OS more manageable.

  1. If you hate the look of Aero, click Start/Control Panel/Themes and you can choose a non-Aero theme, such as Windows Classic.
  2. If, for some reason, the Vista installation gets interrupted due to an unintentional shutdown or reboot, start the computer without booting the Vista DVD. Windows Vista's installer should pick up where it left off. If it doesn't, then restart the installation over from scratch.
  3. When you perform a search with Vista's new, instant search feature, you can save the search in a special folder. This powerful feature allows you to create a virtual folder which, by default, is saved in your \\Searches\ folder. Every time you open such a folder, the search results are updated.
  4. In Windows Vista, you can add additional clocks to the system tray. Click the clock, and then click Date and Time Settings. Click the Additional Clocks tab. You can add one or two additional clocks to the tray and select their time zones.
  5. If you upgrade your graphics card in preparation for Windows Vista, be sure to get a new card with as much local memory as possible. Since Windows Vista renders everything—even the desktop and windows them-selves—as 3D surfaces, local 3D memory greatly improves performance...sometimes even more than a more powerful GPU.
  6. Several applications are available to help you tweak Windows Vista for maximum performance. They in-clude TweakVI (, TweakVista (, and VistaBootPRO ( And don't forget about Windows ReadyBoost, which lets you use a removable flash memory drive to boost system memory

Office 2007 runs faster than what I was expecting and DO go in and change the power settings beneath the High Performance, this will help out a lot. I do find that the requirements are still a little steep and it really shows if you do not have enough resources to through at Vista. It will just sit there and laugh at you – “Is this all you got??? Game on!”

Tuesday, March 13, 2007

Another Sign of Stupidity.

Okay. So, I am one of those people who finds fault with the stupidity of the general populace. I realize that no one is perfect, including me... But, this one I have to call out for being really STUPID!!! Here the background of the situation.

I was driving to work this morning, not feeling really well. So, I was taking it kind of easy, not rushing, and in the slow lane. Now, on this 4 lane road, it gets really busy, since it is a main artery though Beaverton.. So, there is a lot of cars on this road and I am rather boxed in. I saw that a Fire truck was coming up from behind, lights on and siren blaring. I mean it has to be loud for me to hear it over my stereo. So, I pulled over into the bike line and put on my blinker. Others did the same, making a hole right down the center. But this one Jackass, in a gold Lexus, decided that he was too self important to get out of the way of a 10 ton Fire Truck. He decided to angle his car into both of the lanes, causing the Fire Truck to dodge over into the oncoming traffic lanes. I know it was a long time ago that I had to take the driver’s test, but I thought it was a law that you had to get the way of an emergency vehicle.

If it was me… I would have totaled that little Lexis and then had the police officer give this self-important ass a ticket for not getting out of my way…but, that is just me.