Skip to main content
ADSI Scriptomatic

By The Scripting Guys

At Long Last: Write ADSI Scripts Like the Pros!

Download the ADSI Scriptomatic

Perhaps the most rewarding thing about being the Scripting Guys is the opportunity we get to read emails sent to us by our readers. For example, after we released the original Scriptomatic, the incredible little utility that writes WMI scripts for you, we got hundreds of messages similar to these:

Dear Scripting Guys: The Scriptomatic rocks!!! Too bad it doesn't write ADSI scripts for you.

Dear Scripting Guys: I thought I was going to die laughing when I read the Readme file that accompanied the Scriptomatic. It was so funny, it almost made up for the fact that the Scriptomatic doesn't write ADSI scripts for you.

Dear Scripting Guys: Last month I made $25,000 working just a few hours a week out of the comfort of my own home. And now Im willing to show you how you can do the same. P.S. Are you guys aware that your Scriptomatic doesn't write ADSI scripts for you?

Now, upon reading these emails our first reaction was, You lousy, ungrateful little -- we give you something for free, and you have the nerve to ask for more? Why we oughta . But after we cooled off a bit, and after we dried our tears, we realized we should have expected a reaction like this. After all, why was the Scriptomatic so well received in the first place? Well, WMI is perceived as being a difficult technology, a technology more appropriate for people with computer science degrees than for people new to scripting. The Scriptomatic was a success not only because it wrote WMI scripts for you, but also because it showed you that WMI scripts werent all that hard to write; after all, most of them follow a very consistent pattern. The Scriptomatic was a sneaky way to get over your inhibitions, and get you started with WMI.

And what about ADSI (Active Directory Service Interfaces), the scripting technology used to manage Active Directory? Well, again, the perceptionis that ADSI is hard, too hard for system administrators or for someone new to scripting. You’d have to be a genius (hey, like the Scripting Guys!) to write ADSI scripts. Sure, many people thought, I know that ADSI would let me do a lot of cool things. But how could someone like me ever get started with ADSI? Its no wonder people were hoping for an ADSI Scriptomatic, and a little disappointed when they didn’t get one.

Of course, the truth is that ADSI isn’t all that hard, and the Scripting Guys aren’t all that smart (if we were, wed be getting paid for doing this stuff). Like WMI, though, people think ADSI is too hard for them, and they never even give it a try. Like WMI, people need something to help them get over that initial barrier, something to help them get started. Like WMI, people need a Scriptomatic.

Well, its safe to say that you spoke, and the Scripting Guys listened. Consequently, we set aside all our other projects and duties, and worked day and night over the past 6 months to produce well, OK, we didn’t produce an ADSI Scriptomatic. But a few days ago we remembered, Oh, yeah, that ADSI thing, and we immediately hammered something together for you. And so with no further adieu, here it is, the oft-requested, long-awaited ADSI Scriptomatic, the amazing new utility that will actually write ADSI scripts for you! (And if anyone emails us to complain that it doesn't write WMIscripts for you .)

 

So What is the ADSI Scriptomatic?

Uh, havent you been paying attention? The ADSI Scriptomatic -- as we keep trying to tell you -- is designed to help you write ADSI scripts; that is, scripts that can be used to manage Active Directory. As if that isn’t enough (and we learned the hard way that things are never enough), the ADSI Scriptomatic also teaches you an important point about ADSI scripting: like WMI, there are consistent patterns to ADSI scripts. For example, the ADSI Scriptomatic will help you write a script to delete a user account. It will also help you write scripts for deleting groups and organizational units. And if you take a close look at the scripts for deleting different objects, you’ll see something very interesting: theyre practical identical! What is this, some kind of a rip-off?

Well, it might be. But the reason the scripts look so similar is because ADSI uses a consistent approach for deleting objects, regardless of the type of object being deleted. What does that mean? Well, if you take the time to study the scripts created by the ADSI Scriptomatic (and if you read the ADSI chapter from the Windows 2000 Scripting Guide), you’ll understand how you can delete pretty much anything from Active Directory. For example, we wanted to keep the ADSI Scriptomatic relatively simple; as a result, weve limited the objects you can work with. The ADSI Scriptomatic will write a script that deletes a user account, but it won’t write a script that deletes a published printer. But, hey, so what? After you understand the pattern, you can write your own script for deleting published printers. (OK, OK, well considercreating the DeletePublishedPrintersOmatic. But don’t hold your breath.)

But don’t just take our word for it: see for yourself. Heres a script -- as generated by the ADSI Scriptomatic -- that deletes a user account:

Visual Basic


strContainer = ""
strName = "EzAdUser"
'***********************************************
'*         Connect to a container              *
'***********************************************
Set objRootDSE = GetObject("LDAP://rootDSE")
If strContainer = "" Then
  Set objContainer = GetObject("LDAP://" & _
    objRootDSE.Get("defaultNamingContext"))
Else
  Set objContainer = GetObject("LDAP://" & strContainer & "," & _
    objRootDSE.Get("defaultNamingContext"))
End If
'***********************************************
'*       End connect to a container            *
'***********************************************
objContainer.Delete "user", "cn=" & strName

 

And heres a script that deletes a group:

 

Visual Basic


strContainer = ""
strName = "EzAdGroup"
'***********************************************
'*         Connect to a container              *
'***********************************************
Set objRootDSE = GetObject("LDAP://rootDSE")
If strContainer = "" Then
  Set objContainer = GetObject("LDAP://" & _
    objRootDSE.Get("defaultNamingContext"))
Else
  Set objContainer = GetObject("LDAP://" & strContainer & "," & _
    objRootDSE.Get("defaultNamingContext"))
End If
'***********************************************
'*       End connect to a container            *
'***********************************************
objContainer.Delete "group", "cn=" & strName

Whats the difference between the two scripts? Only the two
items listed in boldface:

  • The name of the group (EzAdGroup), as opposed to
    the name of the user (EzAdUser)
  • The type of object being deleted (group vs.
    user).

Thats all there is to it.

But hold on there, Scripting Guys, you’re thinking. You said wed be able to look at these two scripts, and then write our own script to delete a published printer. So how do we do that? Look, sit down, take a deep breath, and don’t panic. Lets say you have a printer name EzAdPrinter and the type of object being deleted is a printQueue object. Take the next five minutes or so, and see if you can write a script to delete the EzAdPrinter. Don’t worry; well wait for you.

Ok, times up. Does your script look like this:

Visual Basic


strContainer = ""
strName = "EzAdPrinter"
'***********************************************
'*         Connect to a container              *
'***********************************************
Set objRootDSE = GetObject("LDAP://rootDSE")
If strContainer = "" Then
  Set objContainer = GetObject("LDAP://" & _
    objRootDSE.Get("defaultNamingContext"))
Else
  Set objContainer = GetObject("LDAP://" & strContainer & "," & _
    objRootDSE.Get("defaultNamingContext"))
End If
'***********************************************
'*       End connect to a container            *
'***********************************************
objContainer.Delete "printQueue", "cn=" & strName

 

If it does, you’ve either already caught on to the basic pattern behind ADSI, or you cheated and looked at the answer. But thats OK; after all, what is the Scriptomatic if not one big cheating device? The bottom line is, you want just want a script the deletes published printers. It doesn't really matter who (or what) wrote the thing, does it? Use the Scriptomatic to help get you started, and then free to embellish the basic script any way you wish.

Still not convinced that the ADSI Scriptomatic is the greatest technological innovation in human history? Listen, don’t take our word for; see for yourself. For example, lets compare the ADSI Scriptomatic with the Xbox video game console:




Feature







ADSI Scriptomatic







Xbox




Creates scripts that can modify the properties of objects in Active
Directory
YesNo
Creates scripts that can be used to delete objects from Active
Directory
YesNo
Creates scripts that can be used to read the properties of objects in
Active Directory
YesNo
Creates scripts that can create new objects in Active DirectoryYesNo
Enables you to play video games over the Internet using Xbox LiveNoYes
Enables you to play Halo and Mech AssaultYes *Yes
Was created by the same people who brought you the original
Scriptomatic
YesYes *
Is freeYesYou wish

 

* When we say Yes here we actually mean No.

The results speak for themselves: the ADSI Scriptomatic is a clear winner. Download the ADSI Scriptomatic, and throw away your Xboxes for good!

Important clarification The Scripting Guys have just been reminded .. that Microsoft, the same company which signs our paychecks, also produces the Xbox. Please do not throw your Xboxes away; the Xbox is the best video game player in the universe. In fact, now that you won’t have to shell out money to hire an ADSI script writer but can write the scripts yourself, you might take that money and buy 2 or 3 Xboxes.

Of course, if you have a Gamecube or a PlayStation .

How do I use the ADSI Scriptomatic?

Like its cousin, the original Scriptomatic, the ADSI Scriptomatic is an HTA, a hypertext application. This means that the ADSI Scriptomatic is just a Web page (take a look at the code; its all VBScript and HTML and other stuff you might use to create a Web page) that can run as a standalone application. To start the ADSI Scriptomatic, just double-click EzAdScriptomatic.hta. When you do that, something very similar to this will appear on screen:

admatc01_big.gif

Now, the fact that something actually appears on screen already puts the ADSI Scriptomatic ahead of a lot of the software sold these days. But the ADSI Scriptomatic does more than just take up space on your monitor. Click the Select a task dropdown list, and the ADSI Scriptomatic will display the four primary tasks you can accomplish using ADSI:

  • Create an object
  • Write to an object
  • Read an objects properties
  • Delete an object

After selecting a task, select one of the following from the Select a class dropdown:

  • User
  • Computer
  • Contact
  • Group
  • Organizational unit

As soon as you make your selection, the ADSI Scriptomatic will write a script for you. For example, if you select Create an Object and Computer, your screen will look like this:

admatc02_big.gif

Just like that, you’ve got a script that can be used to create a computer account. (Now, if we could just modify this to create bank accounts, wed be on to something.) You can run the script (just click the Run button), save the script for future use (just click the Save button), or modify it to your hearts content (you can edit the script just as though you’d typed it all in yourself). Lets see the Xbox do that!

Important clarification As we were just reminded the Xbox could save scripts for future use if customer demand warranted it.

 

However

Theres always a however when it comes to computer stuff, isn’t there? But don’t worry; this however isn’t too terribly bad. (Not like the typical software disclaimer, which reads, However, if you actually attempt to use this software, it will not only fail to work, but you will also be in violation of the licensing agreement.) You just need to understand that there is at least one difference between the original, WMI Scriptomatic, and the all-new, all-cool ADSI Scriptomatic.

The original Scriptomatic was designed to be an educational tool: we wanted to demonstrate the pattern used in almost any WMI script that retrieves information about something (be it a printer, an event log, a service, or whatever). After we had created the Scriptomatic, however, we realized that we had accidentally created a useful system administration tool (we also realized we had accidentally created two human clones, but our attorneys have advised us to keep quiet about that). The scripts you create with the Scriptomatic can be used exactly as-is to retrieve information about the local computer. Why? Well, as our two clones pointed out, if you set the name of a computer to a dot (.) WMI retrieves information from the local machine. Thus we didn’t have to worry about hard-coding in computer names; we simply configured the Scriptomatic to use dot as the default computer name.
That meant that every script created by the Scriptomatic is ready to run; as you might have guessed, thats why we added a Run button.

The ADSI Scriptomatic also has a Run button. However, there are no obvious default names we could use for ADSI (that is, nothing like a computer name of dot). Why not? Well, consider the script that creates a new user account. Yes, we can hard-code a default user name (and we do: EzAdUser), but that doesn't necessarily mean the script is ready-to-run. Yes, you can run the script once, and a new user account named EzAdUser will be created in your domain. But what if you tried to run the script a second time? If you do, the script will fail, not because you broke ADSI or the Scriptomatic, but simply because a user named EzAdUser already exists, and Active Directory won’t allow duplicate user accounts in a domain.

So does that mean if you use the ADSI Scriptomatic one time and create a user account named EzAdUser, you then have to throw the Scriptomatic away? Admittedly, that would be an interesting new approach to software: Use it once, and then throw it away and buy another copy. But you don’t have to do that. Instead, you just have to edit the script before you run it. When creating a user account, you simply need to change the account name
and, unless you want user accounts stored in the domain root, change the Active Directory container where the account will be created.

What do you mean thats too hard? You can't remember two little things like that? Well, we knew you’d say that, so we added a nifty little feature to the ADSI Scriptomatic: online help. If you look closely at the screen that appears when you create a user account, you should see a little hyperlink that says Read this before running the create an object – user
script.

 

admatc03_big.gif

What happens if you click that hyperlink? Up pops a little reminder that tells you exactly what you need to do to turn the Scriptomatic script into a working script thats ready to run:

admatc04_big.gif

 

See that wasnt so bad, was it? And you won’t get online help about creating user accounts from well, from other things like, say, video game consoles .

Thats cool, but couldnt you just include some sort of Active Directory browser in the Scriptomatic?

Yes, we could, and in its first incarnation we did: when you started the Scriptomatic, it went out and retrieved the directory information it needed. However, that created two problems. First, in a large network (such as Microsofts), it took a couple minutes before the Scriptomatic was ready to use. We didn’t like that; after all, one of the advantages of the original Scriptomatic was the fact that it was pretty fast (and, by the way, Scriptomatic 2.0, which will be out soon, is even faster).

Second, that version of the Scriptomatic required you to be connected to the network, and to be logged on with an Active Directory administrator account. That was fine if you wanted to fool around with the Scriptomatic at work, but what if you wanted to check out the Scriptomatic from home or while riding on the bus? What if your home was a bus? Needless to say, things didn’t work quite so well in those situations. Therefore, we decided to remove the Active Directory dependencies, and make the ADSI Scriptomatic a utility that could pretty much run anytime anywhere. (And, we might point out, you don’t need to connect it to your TV, like you have to do with video game consoles .)

Note: What do we mean when we say anytime anywhere? Well, if you have Internet Explorer 5.0 or better on your computer, the Scriptomatic should work or at least you’ll be able to fire it up and create scripts. To actually run the scripts, you need to have ADSI installed on your computer. If you are running Windows 2000 or above, you’ve got ADSI on your computer. If you’re running Windows 98 or Windows NT 4.0, you might need to download the Directory Service Client Extensions. For more information, check the Script Center FAQ.

Hey, this browser sounds cool; can I get a copy?

Well, it never occurred to us that somebody might want the Active Directory browser. It is kind of a handy little tool, and its very educational; after all, it shows you how to access everything in Active Directory using VBScript and ADSI (plus it shows you how to display that information in an HTA). Tell you what, if you’d be interested in getting a copy of the Active Directory browser (and it would probably just be a browser; we wouldnt add script-writing capabilities to it), send an email to scripter@microsoft.com (in English, if possible). If enough people are interested, well see what we can do about cleaning up the code, commenting it, and making it available to the world.

 

Wouldnt it have been better to combine the ADSI Scriptomatic with the WMI Scriptomatic?

Actually, we gave that some serious thought, but finally decided to keep the ADSI Scriptomatic separate from the WMI Scriptomatic. One of the nice things about the Scriptomatics is the fact that they are both simple in concept (they only do one thing) and simple to use. As HTAs, theyre also educational: you can open the Scriptomatics using Notepad, and examine -- and even modify -- the code. If we combined the two Scriptomatics into a single utility, wed have a tool that was not as straightforward to use, and might have pushed the boundaries of the HTA as far as we could push them. Big and complicated didn’t seem to be in the spirit of the Scriptomatics.

In addition, we are also working on several other utilities that aren’t quite ready yet. Rather than wait for these to be finished, and then try to combine them with the ADSI Scriptomatic, we decided to release the ADSI Scriptomatic right away. Now, when we finish all these other utilities, is it possible that we might create some all-encompassing script-writing utility? Maybe; its under consideration. But well make sure that any future tools we
come up with will always be available as simple standalone utilities as well as being plugged into this all-encompassing script-writing utility.

What are these other utilities? Well, they include the following:

  • Scriptomatic 2.0, which will allow you to save your script output as a text file or an Excel spreadsheet; which will allow you to display output in a Web page; which will even allow you to write scripts in Jscript, Perl, or Python.
  • Comparomatic, a nifty little WMI utility designed for people who manage computers running different versions of Windows (Windows 98, Windows 2000, Windows XP, etc.).
  • Logonomatic, a handy-dandy tool for writing logon scripts.
  • Eventomatic, helps you write scripts for monitoring WMI events on a computer.

And, no, we don’t know yet when these will be done. But look for Scriptomatic 2.0 and Comparomatic in the very near future.

Would you guys say that the Xbox is the best video game console ever developed, and that no home should be without one?

Yes. Definitely.

What if I have questions about the ADSI Scriptomatic? Who should I contact?

Officially, we provide no support for the ADSI Scriptomatic; use it at your own risk. Unofficially, however, we try to help people as much as possible. If you have a question or comment about the ADSI Scriptomatic, just drop us a line at scripter@microsoft.com (in English, if possible).

 

Microsoft führt eine Onlineumfrage durch, um Ihre Meinung zur -Website zu erfahren. Wenn Sie sich zur Teilnahme entscheiden, wird Ihnen die Onlineumfrage angezeigt, sobald Sie die -Website verlassen.

Möchten Sie teilnehmen?