Writing Values to the Attributes

Microsoft® Windows® 2000 Scripting Guide

Using scripts to configure user accounts is a good way to ensure a consistent attribute format and uniform attribute content among user accounts. For example, the script can dictate whether the displayName attribute should contain each users givenName, initial, and sn in that order (for example, Ken E. Myer) or, alternatively, the sn, a comma, and the givenName (for example, Myer, Ken). Even if you make a mistake when configuring user account attributes with scripts, the mistake is uniform and likely to be easier to fix than the variety of mistakes common to manual entry.

The methods for writing single-valued and multivalued attributes are different. Use the Put method of IADs to assign single-valued entries, and use the PutEx method with the ADS_PROPERTY_UPDATE control code to write multivalued entries.

Scripting Steps

Listing 7.13 contains a script that writes values to the attributes appearing on the General properties page. Any existing entries are replaced with new entries specified in the script. To carry out this task, the script performs the following steps:

  1. Set the ADS_PROPERTY_UPDATE constant equal to the control code parameter used by the PutEx method to indicate this mode of modification (used in lines 1419).

    This control code replaces any existing entries in a multivalued attribute.

  2. Bind to the user account object by using the GetObject function and the LDAP provider.

  3. Use the Put method of IADs to update all single-valued attributes in the local property cache. Any existing entries in the local property cache are replaced.

    The Put method uses the attributes lDAPDisplayName to identify the target attribute.

  4. Use the PutEx method of IADs to update all multivalued attributes.

    Because ADS_PROPERTY_UPDATE is specified when PutEx is called, any existing entries are replaced in the local property cache.

  5. Use SetInfo to commit the entries assigned to the user account object in the local property cache to Active Directory.

Listing 7.13 Writing Values to Attributes

  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Const ADS_PROPERTY_UPDATE = 2
Set objUser = GetObject _
 ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
objUser.Put "givenName", "Ken"
objUser.Put "initials", "E."
objUser.Put "sn", "Myer"
objUser.Put "displayName", "Myer, Ken"
objUser.Put "physicalDeliveryOfficeName", "Room 4358"
objUser.Put "telephoneNumber", "(425) 707-9795"
objUser.Put "mail", "MyerKen@fabrikam.com"
objUser.Put "wWWHomePage", "https://www.fabrikam.com"
objUser.PutEx ADS_PROPERTY_UPDATE, _
 "description", Array("Management staff")
objUser.PutEx ADS_PROPERTY_UPDATE, _
 "otherTelephone", Array("(425) 707-9794", "(425) 707-9790")
 
objUser.PutEx ADS_PROPERTY_UPDATE, _
 "url", Array("https://www.fabrikam.com/management")
objUser.SetInfo

You can use the Put method to write values to single-valued or multivalued attributes. As shown in Listing 7.13, there is no need to retrieve existing entries from attributes to assign new entries. This method replaces any existing entries. Therefore, if you need to log the values stored in existing attributes, retrieve the current entries using the Get method and store the values in a log file prior to using the Put method.

To confirm that an entry has been assigned, use the GetInfo (or GetInfoEx) method to retrieve the assigned entry or entries from Active Directory.