#include #include #include #include Global $sUser = @ComputerName Global $sCN = @ComputerName Global $sOU = "OU=AutoGenerated,OU=GenericUsers,OU=All.Users,DC=contoso,DC=com" Global $RegWinlogon = 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"' Global $RegPrograms = 'REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BJCGenericPW_Prov"' Global $Log = "C:\Drivers\ImageVersioning\AccountSettingConfigurations.txt" ;Random Password Generation Begin. Global $randomStr = "" Global $aSpace[3] Global $digits = 15 For $i = 1 To $digits $aSpace[0] = Chr(Random(65,90,1)) ;A-Z $aSpace[1] = Chr(Random(97,122,1)) ;a-z $aSpace[2] = Chr(Random(48,57,1)) ;0-9 $randomStr &= $aSpace[Random(0,2,1)] Next MsgBox(0,"Password = ", $randomStr) ;Random Password Generation End. Global $Username = "Administrator" Global $Password = "pass@word1" Global $Domain = "contoso" Global $netuser = $Domain & "\" & $Username RunAs($Username,$Domain,$Password,0,@ComSpec & " /C " & $RegWinlogon & " /v DefaultPassword /t reg_SZ /d " & $randomStr & ' /f /reg:64') RunAs($Username,$Domain,$Password,0,@ComSpec & " /C " & $RegWinlogon & " /v AutoAdminLogon /t reg_SZ /d " & "1" & ' /f /reg:64') RunAs($Username,$Domain,$Password,0,@ComSpec & " /C " & $RegWinlogon & " /v AutoLogonCount /t reg_SZ /d " & "2" & ' /f /reg:64') RunAs($Username,$Domain,$Password,0,@ComSpec & " /C " & $RegWinlogon & " /v DefaultUserName /t reg_SZ /d " & "%computername%" & ' /f /reg:64') RunAs($Username,$Domain,$Password,0,@ComSpec & " /C " & $RegWinlogon & " /v DefaultDomainName /t reg_SZ /d " & "contoso" & ' /f /reg:64') RunAs($Username,$Domain,$Password,0,@ComSpec & " /C " & $RegWinlogon & " /v ForceAutoLogon /t reg_SZ /d " & "1" & ' /f /reg:64') MsgBox ($MB_OK, "Displaying Information","Username = " & $Username & @crlf & "Password = " & $Password & @crlf & "Domain = " & $Domain) Call ("Open") Func Open() _FileWriteLog($Log, "Func Open() Section") _AD_Open($netuser, $Password, "DC=contoso,DC=com", "DC1", "CN=Users,DC=contoso,DC=com") If @error Then _FileWriteLog ($Log,"#### Func Open() encountered a problem. @error = " & @error & ", @extended = " & @extended) Call ("Close") Else _FileWriteLog ($Log, "Func Open() Completed - Calling Func UserCheck()") Call ("UserCheck") EndIf EndFunc Func UserCheck() ;Add User To Active Directory if it does not exist already. _FileWriteLog($Log, "Func UserCheck() Section") ;User and commonname are the same as the computername. $iValue = _AD_CreateUser ($sOU, $sUser, $sCN) MsgBox ($MB_OK, "Displaying $iValue", $iValue) MsgBox ($MB_OK, "Displaying @error", @error) MsgBox ($MB_OK, "Displaying $sCN", $sCN) If $iValue = 1 Then _FileWriteLog ($Log, "Func UserCheck() - User '" & $sUser & "' successfully created ==> Calling UserAttribsNewUser Function.") MsgBox ($MB_OK, "Displaying Information","Username = " & $sUser) Call ("NewUser") ;MsgBox's for testing values. If the user does not exist it creates the user as expected. ;If the user does exist the $iValue = 0 and @error = 0 MsgBox ($MB_OK, "Displaying $iValue", $iValue) MsgBox ($MB_OK, "Displaying @error", @error) ;If @error = 0 how can the first @error case exist? ElseIf @error = 1 Then _FileWriteLog ($Log, $sUser & " already exists ==> Calling UserAttribsExistingUser Function.") Call ("ExistingUser") ElseIf @error = 2 Then _FileWriteLog ($Log, "Func UserCheck() - OU '" & $sOU & "' does not exist. Closing AD Connection.") Call ("Close") ElseIf @error = 3 Then _FileWriteLog ($Log, "Func UserCheck() - CN '" & $sCN & "' is missing '" & $sUser & "' Closing AD Connection.") Call ("Close") Else _FileWriteLog ($Log, "Func UserCheck() - Return code '" & @error & "' from Active Directory. Closing AD Connection.") Call ("Close") EndIf _FileWriteLog ($Log, "Func UserCheck() - Calling Func Close()") Call ("Close") EndFunc Func NewUser() _FileWriteLog($Log, "Func NewUser() Section") ;$iValue2 = _AD_ModifyAttribute ($sObject, $sAttribute[, $sValue2 = ""[, $iOption = 1]]) ;User Attribute Changes. MsgBox ($MB_OK, "Displaying Information","Username = " & $sUser & " " & $sCN) _AD_ModifyAttribute($sUser, "Description", "Auto-Created via Image Provisioning" & _NowTime & $randomStr) _AD_ModifyAttribute($sUser, "givenName", $sUser) _AD_ModifyAttribute($sUser, "employeeType", "GNC") _AD_ModifyAttribute($sUser, "sn", $sUser) _AD_ModifyAttribute($sUser, "userAccountControl", "66080") _AD_DisablePasswordExpire($sUser) _AD_DisablePasswordChange ($sUser) _AD_SetPassword($sUser, $randomStr) _AD_AddUserToGroup($UserSSGroup, $sUser) _FileWriteLog ($Log, "Func NewUser() Completed - Calling Func Close()") Call ("Close") EndFunc Func ExistingUser() _FileWriteLog($Log, "Func ExistingUser() Section") ;Get a sorted array of group names (FQDN) that the user is immediately a member of Global $aUser = _AD_GetUserGroups($sUser) If @error > 0 Then ;MsgBox(64, "Active Directory Functions - Example 1", "User '" & $sUser & "' has not been assigned to any group") _FileWriteLog ($Log, "User '" & $sUser & "' has not been assigned to any group") Call ("UserAttribsExistingUser") Else _ArraySort($aUser, 0, 1) ;_ArrayDisplay($aUser, "Active Directory Functions - Example 1 - Group names user '" & $sUser & "' is immediately a member of") For $iCount = 1 to $aUser[0] ;Msgbox(0,"Element 1",$aUser[$iCount]) ;msgbox test to display values Global $iGroupValue = _AD_RemoveUserFromGroup ($aUser[$iCount], $sUser) If $iGroupValue = 1 Then _FileWriteLog ($Log, "User '" & $sUser & "' successfully removed from group '" & $aUser[$iCount] & "'") ;MsgBox(64, "Active Directory Functions - Example 1", "User '" & $sUser & "' successfully removed from group '" & $aUser[$iCount] & "'") ElseIf @error = 1 Then _FileWriteLog ($Log,"Group '" & $aUser[$iCount] & "' does not exist. Closing AD Connection.") ;MsgBox(64, "Active Directory Functions - Example 1", "Group '" & $aUser[$iCount] & "' does not exist") Call ("Close") ElseIf @error = 2 Then _FileWriteLog ($Log,"User '" & $sUser & "' does not exist. Closing AD Connection.") ;MsgBox(64, "Active Directory Functions - Example 1", "User '" & $sUser & "' does not exist") Call ("Close") ElseIf @error = 3 Then _FileWriteLog ($Log,"User '" & $sUser & "' is not a member of group '" & $aUser[$iCount] & "' Closing AD Connection.") ;MsgBox(64, "Active Directory Functions - Example 1", "User '" & $sUser & "' is not a member of group '" & $aUser[$iCount] & "'") Call ("Close") Else _FileWriteLog ($Log,"Return code '" & @error & "' from Active Directory. Closing AD Connection.") ;MsgBox(64, "Active Directory Functions - Example 1", "Return code '" & @error & "' from Active Directory") Call ("Close") EndIf Next EndIf _FileWriteLog ($Log, "Func ExistingUser() Section End. Calling Func UserAttributesExistingUser()") Call ("UserAttribsExistingUser") EndFunc Func UserAttribsExistingUser() _FileWriteLog($Log, "Func UserAttribsExistingUser() Section") ;User Attribute Changes. MsgBox ($MB_OK, "Displaying Information","Username = " & $sUser & " " & $sCN) _AD_ModifyAttribute($sUser, "Description", "Auto-Created via Image Provisioning" & _NowTime & $randomStr) _AD_ModifyAttribute($sUser, "givenName", $sUser) _AD_ModifyAttribute($sUser, "employeeType", "GNC") _AD_ModifyAttribute($sUser, "sn", $sUser) _AD_ModifyAttribute($sUser, "userAccountControl", "66080") _AD_DisablePasswordExpire($sUser) _AD_DisablePasswordChange ($sUser) _AD_SetPassword($sUser, $randomStr) _AD_AddUserToGroup($UserSSGroup, $sUser) _FileWriteLog ($Log, "Func UserAttribsExistingUser() Section End. - Calling Func Close()") Call ("Close") EndFunc Func Close() ; Close Connection to the Active Directory _FileWriteLog ($Log, "Func Close() End. - Closing AD Connection"); log _AD_Close() _FileWriteLog ($Log, "Func Close() - Exit"); log _FileWriteLog ($Log, "AccountSettingConfigurations.exe - Completed") Exit EndFunc Exit