Userlist with batch file name configured Parsu 5/7/2007 12:42:01 PM Hi, In my Active Directory, I have around 600 users, and each user is assigned an login script in "Profile" tab.I have around 200 login scripts. Now I need an output wherein I should able to see all the usernames with name of Batch file assigned to the user. Thanx.

Re: Userlist with batch file name configured "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> 5/8/2007 2:39:07 AM "Parsu" <Parsu[ at ]discussions.microsoft.com> wrote in message news:9548DE81-2381-4151-92C8-5BD83FB2A839[ at ]microsoft.com... [Quoted Text] > Hi, > > In my Active Directory, I have around 600 users, and each user is assigned > an login script in "Profile" tab.I have around 200 login scripts. > Now I need an output wherein I should able to see all the usernames with > name of Batch file assigned to the user. Simplest would be to use CSVDE to export the user accounts to a .csv file listing the attributes you want to see, namely sAMAccountName and Logonscript. or it could be just script, I forget. no bother, you could use CSVDE to extract all attributes, and that would show you their names and give you some other ideas about other uses for this tool. As an aside, we have around 20,000 users, but only one logon script. Makes it a lot easier to keep track of things, and only one script to maintain. /Al

Re: Userlist with batch file name configured Parsu 5/8/2007 6:24:02 AM Hi Dunbar, Thanks, i got the information what i wanted with that command CSVDE. Thanks again. "Al Dunbar" wrote: [Quoted Text] > > "Parsu" <Parsu[ at ]discussions.microsoft.com> wrote in message > news:9548DE81-2381-4151-92C8-5BD83FB2A839[ at ]microsoft.com... > > Hi, > > > > In my Active Directory, I have around 600 users, and each user is assigned > > an login script in "Profile" tab.I have around 200 login scripts. > > Now I need an output wherein I should able to see all the usernames with > > name of Batch file assigned to the user. > > Simplest would be to use CSVDE to export the user accounts to a .csv file > listing the attributes you want to see, namely sAMAccountName and > Logonscript. or it could be just script, I forget. no bother, you could use > CSVDE to extract all attributes, and that would show you their names and > give you some other ideas about other uses for this tool. > > As an aside, we have around 20,000 users, but only one logon script. Makes > it a lot easier to keep track of things, and only one script to maintain. > > /Al > > >

Re: Userlist with batch file name configured Parsu 5/8/2007 8:24:01 AM Hi Dunbar, I need one more thing, hope u can help. I have around 250 logon scripts in my Netlogon directory.Now I want to view the contents of those batch files and out put to one file. Is it possible?? Pls help !! Thanx. "Parsu" wrote: [Quoted Text] > Hi Dunbar, > > Thanks, i got the information what i wanted with that command CSVDE. > > Thanks again. > > > "Al Dunbar" wrote: > > > > > "Parsu" <Parsu[ at ]discussions.microsoft.com> wrote in message > > news:9548DE81-2381-4151-92C8-5BD83FB2A839[ at ]microsoft.com... > > > Hi, > > > > > > In my Active Directory, I have around 600 users, and each user is assigned > > > an login script in "Profile" tab.I have around 200 login scripts. > > > Now I need an output wherein I should able to see all the usernames with > > > name of Batch file assigned to the user. > > > > Simplest would be to use CSVDE to export the user accounts to a .csv file > > listing the attributes you want to see, namely sAMAccountName and > > Logonscript. or it could be just script, I forget. no bother, you could use > > CSVDE to extract all attributes, and that would show you their names and > > give you some other ideas about other uses for this tool. > > > > As an aside, we have around 20,000 users, but only one logon script. Makes > > it a lot easier to keep track of things, and only one script to maintain. > > > > /Al > > > > > >

Re: Userlist with batch file name configured "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> 5/9/2007 7:26:15 PM Parsu wrote: [Quoted Text] > I need one more thing, hope u can help. > I have around 250 logon scripts in my Netlogon directory.Now I want to > view > the contents of those batch files and out put to one file. > Is it possible?? Pls help !! I assume you have many more users than logon scripts, so my example script below first collects all the logon script names in a dictionary object. A dictionary object makes it easy to only track unique logon scripts. I also track who uses each logon script. The FileSystemObject is used to open and read each logon script. All output is echoed, so the program should be run at a command prompt with the cscript host. The output can be redirected to a text file. For example if the VBScript is in a file called LogonScripts.vbs, and you navigate to the folder where this file is saved, the following command will create the report in a file called report.txt: cscript //nologo LogonScripts.vbs > Report.txt I assume that all logon scripts are either in the NetLogon share, or are UNC paths beginning with "\\". The VBScript program follows: ================= Option Explicit Dim adoCommand, adoConnection, strBase, strFilter, strAttributes Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strPath Dim objFSO, objFile, strScript, objScripts, strNetLogon, objShell Dim arrScripts, strScriptPath Const ForReading = 1 Set objFSO = CreateObject("Scripting.FileSystemObject") ' Setup dictionary object to track unique logon scripts. Set objScripts = CreateObject("Scripting.Dictionary") ' Make value case insensitive. objScripts.CompareMode = vbTextCompare ' Retrieve path to NetLogon share on local DC. Set objShell = CreateObject("Wscript.Shell") strNetLogon = objShell.ExpandEnvironmentStrings("%LOGONSERVER%") _ & "\NetLogon\" ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") strBase = "<LDAP://" & strDNSDomain & ">" ' Filter on user objects with logon script specified. strFilter = "(&(objectCategory=person)(objectClass=user)(scriptPath=*))" ' Comma delimited list of attribute values to retrieve. strAttributes = "sAMAccountName,scriptPath" ' Construct the LDAP syntax query. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 100 adoCommand.Properties("Timeout") = 30 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values. strName = adoRecordset.Fields("sAMAccountName").Value strPath = adoRecordset.Fields("scriptPath").value ' Check if this logon script already encountered. If objScripts.Exists(strPath) Then ' Append this user name to existing entry. objScripts.Item(strPath) = objScripts.Item(strPath) & ";" & strName Else ' Add this logon script and user name to dictionary object. objScripts.Add strPath, strName End If ' Move to the next record in the recordset. adoRecordset.MoveNext Loop ' Enumerate unique logon scripts in dictionary object. arrScripts = objScripts.Keys For Each strPath In arrScripts ' Output users that have this logon script assigned. Wscript.Echo "Users: " & objScripts.Item(strPath) If (Left(strPath, 2) = "\\") Then strScriptPath = strPath Else strScriptPath = strNetLogon & strPath End If Wscript.Echo "Logon Script: " & strScriptPath Wscript.Echo "------------ Logon Script ---------------" ' Open the logon script. Set objFile = objFSO.OpenTextFile(strScriptPath, ForReading) ' Read the logon script and output. strScript = objFile.ReadAll Wscript.Echo strScript Wscript.Echo "-----------------------------------------" ' Close the logon script file. objFile.Close Next ' Clean up. adoRecordset.Close adoConnection.Close =============== Note this only documents logon script files that are used (assigned to users). You could also code a program to read all files in the NetLogon share, open each, read the contents, and output. This would not tell you who uses which logon script, or if any are not used. -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net --

Re: Userlist with batch file name configured "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> 5/10/2007 2:40:00 AM "Parsu" <Parsu[ at ]discussions.microsoft.com> wrote in message news:03C5CAB4-B9B5-4426-9AF4-871BFCC430FF[ at ]microsoft.com... [Quoted Text] > Hi Dunbar, > > I need one more thing, hope u can help. > I have around 250 logon scripts in my Netlogon directory.Now I want to > view > the contents of those batch files and out put to one file. > Is it possible?? Pls help !! Richard provided some detailed suggestions which I cannot improve on, but... I sense that you might be considering trying to reduce the number of scripts to something more manageable. As I think I mentioned earlier, we have one script for all 20,000 users. If this is indeed what you are wanting to do, I would agree that it is probably a good thing to review at least a sample of the existing scripts to try to figure out what they do. But you will also want to determine or decide what it is that the scripts are meant to do in your organization. In our case, the corporate purpose of the scripts is to create a standardized mapping of drives. If you have scripts that are specific to certain users, you probably already realize how difficult it is to maintain them, and, if the users can extend them, to control them. /Al

Re: Userlist with batch file name configured "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> 5/10/2007 6:14:04 PM "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> wrote in message news:OigkCyqkHHA.4188[ at ]TK2MSFTNGP02.phx.gbl... [Quoted Text] > > "Parsu" <Parsu[ at ]discussions.microsoft.com> wrote in message > news:03C5CAB4-B9B5-4426-9AF4-871BFCC430FF[ at ]microsoft.com... >> Hi Dunbar, >> >> I need one more thing, hope u can help. >> I have around 250 logon scripts in my Netlogon directory.Now I want to >> view >> the contents of those batch files and out put to one file. >> Is it possible?? Pls help !! > > Richard provided some detailed suggestions which I cannot improve on, > but... > > I sense that you might be considering trying to reduce the number of > scripts to something more manageable. As I think I mentioned earlier, we > have one script for all 20,000 users. > > If this is indeed what you are wanting to do, I would agree that it is > probably a good thing to review at least a sample of the existing scripts > to try to figure out what they do. But you will also want to determine or > decide what it is that the scripts are meant to do in your organization. > > In our case, the corporate purpose of the scripts is to create a > standardized mapping of drives. If you have scripts that are specific to > certain users, you probably already realize how difficult it is to > maintain them, and, if the users can extend them, to control them. > > /Al > > I agree. The fewer logon scripts the better. In addition, I would recommend logon scripts configured in Group Policy, rather than assigning a script on the Profile tab in ADUC. You can use scripts to assign values to the scriptPath attribute of the user objects (which corresponds to the field labeled "Logon script" on the Profile tab), but GPO's are much easier to manage. With group policy you assign a logon script to everyone in the domain, or everyone in an OU. The script can check for membership in groups and map drives or printers accordingly. I have an FAQ that explains the difference between assigning a logon script using Group Policy and the Profile tab of ADUC linked here: http://www.rlmueller.net/LogonScriptFAQ.htm Really, the only reason to use the Profile tab setting is when you must support clients that don't get group policies applied, such as Windows 98 or NT. If you have no computers with these OS's, use Group Policy. -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net --

Re: Userlist with batch file name configured "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> 5/10/2007 11:29:11 PM "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> wrote in message news:uP5rF8ykHHA.3928[ at ]TK2MSFTNGP02.phx.gbl... [Quoted Text] > > "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> wrote in message > news:OigkCyqkHHA.4188[ at ]TK2MSFTNGP02.phx.gbl... >> >> "Parsu" <Parsu[ at ]discussions.microsoft.com> wrote in message >> news:03C5CAB4-B9B5-4426-9AF4-871BFCC430FF[ at ]microsoft.com... >>> Hi Dunbar, >>> >>> I need one more thing, hope u can help. >>> I have around 250 logon scripts in my Netlogon directory.Now I want to >>> view >>> the contents of those batch files and out put to one file. >>> Is it possible?? Pls help !! >> >> Richard provided some detailed suggestions which I cannot improve on, >> but... >> >> I sense that you might be considering trying to reduce the number of >> scripts to something more manageable. As I think I mentioned earlier, we >> have one script for all 20,000 users. >> >> If this is indeed what you are wanting to do, I would agree that it is >> probably a good thing to review at least a sample of the existing scripts >> to try to figure out what they do. But you will also want to determine or >> decide what it is that the scripts are meant to do in your organization. >> >> In our case, the corporate purpose of the scripts is to create a >> standardized mapping of drives. If you have scripts that are specific to >> certain users, you probably already realize how difficult it is to >> maintain them, and, if the users can extend them, to control them. >> >> /Al >> >> > > I agree. The fewer logon scripts the better. > > In addition, I would recommend logon scripts configured in Group Policy, > rather than assigning a script on the Profile tab in ADUC. You can use > scripts to assign values to the scriptPath attribute of the user objects > (which corresponds to the field labeled "Logon script" on the Profile > tab), but GPO's are much easier to manage. With group policy you assign a > logon script to everyone in the domain, or everyone in an OU. The script > can check for membership in groups and map drives or printers accordingly. > I have an FAQ that explains the difference between assigning a logon > script using Group Policy and the Profile tab of ADUC linked here: > > http://www.rlmueller.net/LogonScriptFAQ.htm > > Really, the only reason to use the Profile tab setting is when you must > support clients that don't get group policies applied, such as Windows 98 > or NT. If you have no computers with these OS's, use Group Policy. That rationale is now behind us, and I am just starting a dialogue to review our logon script setup for a variety of reasons. I could write this off as a series of "version 1.0" issues, given I know more now than when I wrote them. Of course, I still find there is yet more to know, namely: 1) Since all our users run the same script, and this is enabled through our account creation procedures, what benefit would there be to us switching to GPO-based logon scripts? One that I see is that OU administrators would not be able to change the logon script, which could be a good thing. There are, admitedly, a few accounts that do not have their logon scripts setup properly... But these are rare exceptions. Are there other advantages? 2) Our current setup is such that the specific path followed through the logon script is based on the workstation rather than the user. For example, when someone from another site logs on here, they are mapped to the "national application" share on the server local to our OU, not the one in their own home site or OU. Conversely, GPO-based scripts would seem to follow the user around, rather than being pegged to the workstation. We could certainly script our way around this, however, I am wondering what common practice is in this area. Are we the odd-man out in wanting our logon scripts to configure things for the environment in which the user is logging in? 3) when an AD logon script and a GPO logon script both apply, which runs first, or do they run concurrently? And what about logon scripts associated at the domain, site, and OU levels? And would OU-based scripts all run in the case of nested OU's? /Al

Re: Userlist with batch file name configured Parsu 5/11/2007 5:49:02 AM Thanx richard and Dubnar, yes , in my case also the scripts are used to map the drives.But i got the solution for what i was seraching, thabnx to Dubnar that command helped me CSVDE. We will be planning to put all in one script. Thanks again. "Al Dunbar" wrote: [Quoted Text] > > "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> wrote in > message news:uP5rF8ykHHA.3928[ at ]TK2MSFTNGP02.phx.gbl... > > > > "Al Dunbar" <AlanDrub[ at ]hotmail.com.nospaam> wrote in message > > news:OigkCyqkHHA.4188[ at ]TK2MSFTNGP02.phx.gbl... > >> > >> "Parsu" <Parsu[ at ]discussions.microsoft.com> wrote in message > >> news:03C5CAB4-B9B5-4426-9AF4-871BFCC430FF[ at ]microsoft.com... > >>> Hi Dunbar, > >>> > >>> I need one more thing, hope u can help. > >>> I have around 250 logon scripts in my Netlogon directory.Now I want to > >>> view > >>> the contents of those batch files and out put to one file. > >>> Is it possible?? Pls help !! > >> > >> Richard provided some detailed suggestions which I cannot improve on, > >> but... > >> > >> I sense that you might be considering trying to reduce the number of > >> scripts to something more manageable. As I think I mentioned earlier, we > >> have one script for all 20,000 users. > >> > >> If this is indeed what you are wanting to do, I would agree that it is > >> probably a good thing to review at least a sample of the existing scripts > >> to try to figure out what they do. But you will also want to determine or > >> decide what it is that the scripts are meant to do in your organization. > >> > >> In our case, the corporate purpose of the scripts is to create a > >> standardized mapping of drives. If you have scripts that are specific to > >> certain users, you probably already realize how difficult it is to > >> maintain them, and, if the users can extend them, to control them. > >> > >> /Al > >> > >> > > > > I agree. The fewer logon scripts the better. > > > > In addition, I would recommend logon scripts configured in Group Policy, > > rather than assigning a script on the Profile tab in ADUC. You can use > > scripts to assign values to the scriptPath attribute of the user objects > > (which corresponds to the field labeled "Logon script" on the Profile > > tab), but GPO's are much easier to manage. With group policy you assign a > > logon script to everyone in the domain, or everyone in an OU. The script > > can check for membership in groups and map drives or printers accordingly. > > I have an FAQ that explains the difference between assigning a logon > > script using Group Policy and the Profile tab of ADUC linked here: > > > > http://www.rlmueller.net/LogonScriptFAQ.htm > > > > Really, the only reason to use the Profile tab setting is when you must > > support clients that don't get group policies applied, such as Windows 98 > > or NT. If you have no computers with these OS's, use Group Policy. > > That rationale is now behind us, and I am just starting a dialogue to review > our logon script setup for a variety of reasons. I could write this off as a > series of "version 1.0" issues, given I know more now than when I wrote > them. Of course, I still find there is yet more to know, namely: > > 1) Since all our users run the same script, and this is enabled through our > account creation procedures, what benefit would there be to us switching to > GPO-based logon scripts? One that I see is that OU administrators would not > be able to change the logon script, which could be a good thing. There are, > admitedly, a few accounts that do not have their logon scripts setup > properly... But these are rare exceptions. Are there other advantages? > > 2) Our current setup is such that the specific path followed through the > logon script is based on the workstation rather than the user. For example, > when someone from another site logs on here, they are mapped to the > "national application" share on the server local to our OU, not the one in > their own home site or OU. Conversely, GPO-based scripts would seem to > follow the user around, rather than being pegged to the workstation. We > could certainly script our way around this, however, I am wondering what > common practice is in this area. Are we the odd-man out in wanting our logon > scripts to configure things for the environment in which the user is logging > in? > > 3) when an AD logon script and a GPO logon script both apply, which runs > first, or do they run concurrently? And what about logon scripts associated > at the domain, site, and OU levels? And would OU-based scripts all run in > the case of nested OU's? > > > /Al > > >