December 22nd, 2010

A Windows PowerShell Carol: Ebenezer Script Manages AD Users

Summary: A Windows PowerShell Carol in which Ebenezer Script learns how to use PowerShell to manage users in Active Directory.   Hey, Scripting Guy! QuestionHey, Scripting Guy! Can you tell me if Ebenezer Script will learn how to work with Active Directory users from within Windows PowerShell? — JC   Hey, Scripting Guy! AnswerHello JC, Microsoft Scripting Guy Ed Wilson here. It is almost the end of the year and we have decided to devote some posts to the holiday season. We even have guest bloggers from around the world to share some holiday spirit. This week we have Sean Kearney. You can learn more about Sean in Monday’s blog introduction. Be sure to check out Sean’s theme song for this week’s PowerShell Carol posts.   Ebenezer lay back in the bed. He really had to lay off snacking on whatever he found in the back of his desk drawer. The nasty habit was producing strange visions, and funny breath, too. He lay on his bed, a mattress comprised of billions of chits from Dot Matrix printers. The framework composed of VT52 Monitor terminals. A pillow comprised of the softest bubble wrap packaging that was delicately laced with peanut packaging and duct tape to hold it all together. Nerdy but cool. It was wonderfully uncomfortable. He dozed off almost immediately, sleeping, perchance to dream… It felt as though he was asleep for a decade when suddenly a sound echoed through the house, much like a giant 50-foot tall floppy drive opening up. Ebenezer woke with a bolt. As fate would have it, he found himself face to face with a giant rendition of an 8” floppy drive complete with cable, blinking red light and Shugart interface card.

“$EBENEZER!” It whirred, “I AM {$PERL} The Spirit of Scripting Past! Awake now and follow my processes!” Ebenezer whipped up a small magnet lying at the side of his bed, pulling the covers over his head. “Go away! You’re just a bad idea some writer coughed up.” Angered and whirring faster the spirit buzzed back, “$FOLLOW $ME!” and spinning up pulled Ebenezer, sheets and all, within his mighty 5 volt motor. Ebenezer went quickly, spinning away inside the Giant Floppy, frantically reaching for the eject lever.

“Tonight,” the spirit buzzed, “we will show you visions of what you were before you changed.” The spirit pulled a backup disk and inserted it within his mouth; his single red light aglow as they entered the past. Ebenezer suddenly found himself staring at a very young IT person, with hair. Eyes alit with energy and passion. He was actually smiling.

“This was you once. You used to smile.”

“I used to have hair, too, and once I even had a case of the hives. You don’t see me reminiscing about THAT,” snapped Ebenezer. The Spirit of Scripting Past smacked him in the back of the head with his giant ribbon cable. “LOOK!” it spoke. Ebenezer looked. He saw Jacob Clippy smiling. A table littered with scraps of paper, madly running about. The young fellow was pulling a list of users who had not logged in recently. He did it not with disdain, but with a wild and smiling look in his eyes; with love and joy. The Spirit pointed to a small VBScript a younger Ebenezer was writing. “Do you remember this?”

Const DisableUser = 2

set User=GetObject(“LDAP://CN=ken.myer,OU=Users,OU=Office,DC=Contoso,DC=local”)

AccountUAC=User.Get(“userAccountControl”)

User.Put “userAccountControl”, AccountUAC OR DisableUser

User.SetInfo

  “Oh my! That was the first time I wrote a script in VBScript to disable a User Account in our Active Directory! It’s been so long I had forgotten. Yes. YES! I remember that day. It was like unlocking a puzzle. I suddenly felt like I had control!” “You remember those days Ebenezer?” the spirit invoked, “There was a light in your eyes once that showed pure passion.” “Yes,” muttered Ebenezer, “I do remember. It was all so wonderful, until THAT day; the day the work requests overloaded me. There was no support from the outside. Scripting alone did not seem to help.” The users; Ebenezer shuddered from the cold and the thought of an overloaded pile of IT Service Requests. He had learned to despise the Users. The Spirit of Scripting Past looked at Ebenezer. “Would it interest you to know that VBScript is not so different from Windows PowerShell? Take a look at your original VBScript script as it might appear in Windows PowerShell.”

$DisableUser = 2

$User=[ADSI]::”LDAP://192.168.1.5/CN=ken.myer,OU=Users,OU=Office,DC=Contoso,DC=local”

$AccountUAC=($User.userAccountControl)

$User.Put (“userAccountControl”, $AccountUAC.AccountUUAC –bor DisableUser)

$User.SetInfo()

  Ebenezer was stunned. With the exception of a minor change, it was almost identical. “Fine Spirit, they’re almost the same. So why do people even CARE about Windows PowerShell? What’s the big deal?” “Because,” the Spirit paused dramatically, “that very script can also be done in ONE LINE in Windows Server 2008 R2 or with some free tools from Quest.” Ebenezer blinked. “One line of code? Bah! Codebug! Nothing could do that in one line!” He spat with great vengeance to the wind. The Spirit of Scripting past spun up his floppy with great majesty as two lines of Windows PowerShell appeared before Ebenezer.

UNLOCK-ADACCOUNT –identity ‘ken.myer’

UNLOCK-QADUSER ken.myer

“These are the lines of code used with Windows Server 2008 R2 and Quest Active Roles respectively,” his voice echoed majestically, booming deeply into Ebenezer’s head. Ebenezer’s head began to spin. One line. One line of code. If only he had this kind of power when he was a young Scripter perhaps, the world would have been easier to manage. Perhaps he would have remained happy. Perhaps he would not have sent all those users to Winnipeg. VBscripts easily translating into Windows PowerShell and using one single line of code to disable a user was too much for poor Ebenezer Script as he fell over in a dead faint. Did the Spirit of Scripting Past get his message across? Will Ebenezer realize the joy he once held? Will the writer explain to us in great detail later just WHY the Spirit of Perl did not suggest Perl as a solution? Just how did Ebenezer ship a division of users to Winnipeg anyway? What is wrong with Winnipeg? I happen to like Winnipeg! Tune in tomorrow, same scripting time; same scripting channel.   JC, that is all there is to using Windows PowerShell to work with Active Directory. Holiday guest blogger week will continue tomorrow when Sean will continue A Windows PowerShell Carol. I invite you to follow me on Twitter or Facebook. If you have any questions, send email to me at scripter@microsoft.com or post them on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.  

Ed Wilson, Microsoft Scripting Guy 

Author

0 comments

Discussion are closed.