Compartilhar via


Modifying Multiple User Accounts by Using the Result Set from a Search

Microsoft® Windows® 2000 Scripting Guide

The need to modify attributes for a specific set of accounts is frequently the reason for performing a search in the first place. For example, you might want to modify an attribute in user accounts so that the value is identical in the accounts retrieved by the search request.

The result set returned by the ADSI OLE DB provider is read-only. Therefore, to modify the data returned in the result set, you must use a different provider and a different interface, such as the LDAP provider and the IADs core interface.

To modify the contents of a result set, configure the search to request the ADsPath attribute. The value of the ADsPath attribute is the binding string passed to the GetObject function. The GetObject function loads the user object in the local property cache. Once the user object is in the property cache, you can write to it using an interface such as IADs.

Scripting Steps

Listing 7.33 contains a script that retrieves a result set and then modifies an attribute in user account objects. To carry out this task, the script performs the following steps:

  1. Create an ADO Connection object to access the Active Directory database by using the ADSI OLE DB provider.

  2. Create an ADO Command object, and assign the ADO connection to it.

  3. Assign the query string to the CommandText property of the ADO Command object. The string uses LDAP search dialect. The search request returns the value of the ADsPath attribute.

  4. Run the query by assigning the Execute method to the Command object and storing the return value in the RecordSet object, objRecordSet.

  5. Use a While Wend statement to loop through all of the records in the RecordSet object.

  6. In the loop, initialize the strADsPath variable to hold the ADsPath value. This value is the LDAP binding string.

  7. Bind to the user account object, specified in the strADsPath variable, by using the GetObject function and the LDAP provider.

  8. Use the Put method of IADs to update the company attribute, contained in the local property cache, to Fabrikam.

  9. Use SetInfo to commit the company value assigned to the user account object in the local property cache to Active Directory.

  10. Move to the next record in the recordset by using the MoveNext method of the RecordSet object. When all records are processed, end the loop.

  11. Use the RecordCount property of the RecordSet object to display the number of user accounts that were modified.

  12. Close the Connection object.

Listing 7.33 Modifying Multiple User Accounts Using the Result Set Returned by a Search

  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
 "<LDAP://dc=NA,dc=fabrikam,dc=com>;" & _
 "(&(objectCategory=person)(objectClass=user));" & _
 "ADsPath;subtree"
Set objRecordSet = objCommand.Execute
While Not objRecordset.EOF
 strADsPath = objRecordset.Fields("ADsPath")
 Set objUser = GetObject(strADsPath)
 objUser.Put "company", "Fabrikam"
 objUser.SetInfo
 objRecordset.MoveNext
Wend
Wscript.Echo objRecordSet.RecordCount & " user accounts modified."
objConnection.Close