User Scripts

How to Look Up a User by Employee ID
How to Perform User Loading by Creating the AD Map
How to Resolve a User Across Multiple Domains
How to Check if a User Belongs to a Specific OU
How to Restrict Loaded Users
How to Validate a User Exists and is Not Disabled

How to Look Up a User by Employee ID

Usage: User loading. This script finds a user in Active Directory based on their employee ID

Description:

Replace the search format with the search parameter of your choice.
For example, choose email

Replace search with parameter of your choice

Copy

dim userID as string = HOST.GetSystemID()
dim empID as string = HOST.GetValue("empid")
dim ADsFilter as string = string.Format("(&(objectCategory=user)(employeeID={0}))", empid)
static namingCont as string = ""static di as System.DirectoryServices.DirectoryEntry = nothing
dim ADServer as string = ""if (namingCont = "") then    
    dim rootE as System.DirectoryServices.DirectoryEntry = nothing    
    if ADSErver = "" then        
        rootE = new System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")        
    else        
        rootE = new System.DirectoryServices.DirectoryEntry("LDAP://" + ADServer + "/RootDSE")        
    end if    
    namingCont = rootE.Properties("defaultNamingContext").Value.ToString()        
    rootE.Close()    
end if
if (di is nothing) then    
    if (ADServer = "")then        
        di = new System.DirectoryServices.DirectoryEntry("LDAP://" + namingCont )        
    else        
        di = new System.DirectoryServices.DirectoryEntry("LDAP://" + ADServer + "/" + namingCont )        
    end if    
end if
dim sLoadProps() as string = { "name", "Description", "objectSid", "member", "distinguishedName", "saMAccountname" }
dim searcher as new System.DirectoryServices.DirectorySearcher(di)
searcher.PropertiesToLoad.AddRange(sLoadProps)
searcher.Filter = ADsFilter
searcher.ReferralChasing = System.DirectoryServices.ReferralChasingOption.All
searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree
dim search as System.DirectoryServices.SearchResult = searcher.FindOne()
if (search is nothing) then    
    HOST.WriteTrace ("search is nothing")    
else    
    dim ADsObject as System.DirectoryServices.DirectoryEntry = search.GetDirectoryEntry()    
    dim ADname as string = ADsObject.Properties("sAMAccountName")(0).ToString()    
    HOST.SetADID(namingCont + "\" + ADname)    
    ADsObject.Close()
        
end if
'di.close()
return true

How to Perform User Loading by Creating the AD Map

Usage: User loading

Description:

Demonstrates many features of this script interface.
For example, the ability to filter out user accounts, to set the ADID, and so on.

Filter Out User Accounts

Copy

dim sysn as string = HOST.GetSystemName()
if sysn.contains("-") then return false ' filter out some invalid ones
if HOST.GetValue("shortname") <> "" then    
    HOST.SetADID(HOST.GetDefaultDomain() & "\" & HOST.GetValue("shortname") )    
    HOST.WriteTrace("Found Short name")
elseif sysn.contains(",") then
    HOST.SetADID(HOST.GetDefaultDomain() & "\" & sysn.split(",")(1))

end if
return true

How to Resolve a User Across Multiple Domains

Usage: User loading

Description:

Use this script if there are multiple domains and you want to find the user in a specific domain.
Returning FALSE blocks a user from being added to the list.
For this reason, you do not know if the user is correctly mapped.

Find user within specific domain

Copy

dim domains() as string = {"trickydomain.local","bainsight.net"}
dim uid as string = HOST.GetSystemName()

for i as integer = 0 to domains.length -1    
    if HOST.TestADExists(domains(i) + "\" + uid) then
        HOST.SetADID(domains(i) + "\" + uid)        
        return true
    end if
next
return true

How to Check if a User Belongs to a Specific OU

Usage: User loading

Description:

This script looks up the user in AD and checks to see if the user belongs to a specific organizational unit (OU).
The user is marked as active or not.

Check for user in OU

Copy

dim adou = "AUSTEO"dim adid as string = HOST.GetSystemName()
dim ADsFilter as string = string.Format("(&(objectCategory=user)(sAMAccountName={0})(ou={1}))", adid, adou)
dim ADServer as string = ""static namingCont as string = HOST.GetPersistContentValue("namingContext")
static di as System.DirectoryServices.DirectoryEntry = nothing
if (namingCont = "") then
    dim rootE as System.DirectoryServices.DirectoryEntry = nothing
    if ADSErver = "" then    
        rootE = new System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")
    else    
        rootE = new System.DirectoryServices.DirectoryEntry("LDAP://" + ADServer + "/RootDSE")
    end if
    namingCont = rootE.Properties("defaultNamingContext").Value.ToString()
    rootE.Close()
    HOST.PersistContentValue("namingContext",namingCont )
end if
if (di is nothing) then
    if (ADServer = "")then    
        di = new System.DirectoryServices.DirectoryEntry("LDAP://" + namingCont )    
    else    
        HOST.WriteTrace ("search is nothing")
        HOST.SetSystemActive(false)
        else
        HOST.WriteTrace ("Found in OU")    
        HOST.SetSystemActive(true)
    end if
    return true
    di = new System.DirectoryServices.DirectoryEntry("LDAP://" + ADServer + "/" + namingCont )
end if
end if
dim sLoadProps() as string = { "saMAccountname", "ou" }
dim searcher as new System.DirectoryServices.DirectorySearcher(di)
searcher.PropertiesToLoad.AddRange(sLoadProps)
searcher.Filter = ADsFilter
searcher.ReferralChasing = System.DirectoryServices.ReferralChasingOption.All
earcher.SearchScope = System.DirectoryServices.SearchScope.Subtree
dim search as System.DirectoryServices.SearchResult = searcher.FindOne()
HOST.SetADID(HOST.GetDefaultDomain() & "\" & adid )
if (search is nothing) then
HOST.WriteTrace ("search is nothing")
HOST.SetSystemActive(false)
else
HOST.WriteTrace ("Found in OU")
HOST.SetSystemActive(true)
end if
return true

How to Restrict Loaded Users

Usage: User loading

Description:

This is an example of a script that is used to restrict users who are loaded.
You can replace the list of users in the array and add to the list.
You might need to look at the format of the value to see if the value matches because the system name is matched to this list

Restrict Users

Copy

dim validUsers() as string = {"ceven","steve"}
dim systemnm as string = HOST.GetSystemName().tolower()
for I as integer = 0 to validUsers.length - 1    
    if (systemnm = validUsers(I).tolower()) then return true    
next
return false

How to Validate a User Exists and is Not Disabled

Usage: User loading. Use this script when your user policy is to leave old users intact and non-deleted.

Description:

Assumes that the current mapped Active Directory has a fully qualified domain name.
The commented-out code fixes an invalid domain before checking.

Validate User Existence

Copy

dim adid as string = HOST.GetADID()

if not adid.contains("\") then return false

'use this to fix short domains into fully qualified ones
adid = adid.tolower().replace("domain\","domain.com\")

try
if HOST.TestADExists(adid) andalso HOST.CheckIfDisabled("",adid) then    
    HOST.SetSystemActive(false)    
    HOST.SetADID(adid)    
end if
catch ee as exception
HOST.WriteTrace("Exception:" + ee.message)
end try
return true