directoryservice.vbs - vbscript script by ActiveXperts Software
directoryservice.vbs check whether a user account is disabled or locked out.
Use directoryservice.vbs directly from ActiveXperts Network Monitor; in the Manager's 'Monitor' menu, select 'New Check (Script)' and select directoryservice.vbs. Configure the required parameter, or press 'Load a working sample'.
In ActiveXperts Network Monitor, Administrators can use three different scripting languages: Powershell, VBScript and SSH.
directoryservice.vbs script code
' ///////////////////////////////////////////////////////////////////////////////
' // ActiveXperts Network Monitor - VBScript based checks
' // For more information about ActiveXperts Network Monitor and VBScript, visit
' // http://www.activexperts.com/support/network-monitor/online/vbscript/
' ///////////////////////////////////////////////////////////////////////////////
Option Explicit
' Declaration of global variables
Dim SYSDATA, SYSEXPLANATION ' SYSDATA is displayed in the 'Data' column in the Manager; SYSEXPLANATION in the 'LastResponse' column
' Constants - return values
Const retvalUnknown = 1 ' ActiveXperts Network Monitor functions should always return True (-1, Success), False (0, Error) or retvalUnknown (1, Uncertain)
' // To test a function outside Network Monitor (e.g. using CSCRIPT from the
' // command line), remove the comment character (') in the following lines:
' Dim bResult
' bResult = CheckAccountLocked( "ACTIVEXPERTS", "jelle" )
' WScript.Echo "Return value: [" & bResult & "]"
' WScript.Echo "SYSDATA: [" & SYSDATA & "]"
' WScript.Echo "SYSEXPLANATION: [" & SYSEXPLANATION & "]"
Function CheckAccountDisabled( strDomain, strAccount )
' Description:
' Check if the user account specified by strAccount on domain strDomain is disabled
' Parameters:
' 1) strDomain As String - Domain that holds the user account
' 2) strAccount As String - User account name
' Usage:
' CheckAccountDisabled( "<Domain>", "<Domain Account>" )
' Sample:
' CheckAccountDisabled( "DOMAIN01", "Guest" )
Dim objUser
CheckAccountDisabled = retvalUnknown ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
SYSDATA = "" ' SYSDATA displayed in the 'Data' column in the Manager
SYSEXPLANATION = "" ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager
On Error Resume Next
Set objUser = GetObject("WinNT://" & strDomain & "/" & strAccount & ",user")
If( Err.Number <> 0 ) Then
CheckAccountDisabled = retvalUnknown
SYSEXPLANATION = "Account '" & strDomain & "\" & strAccount & "' could not be found"
Exit Function
End If
On Error Goto 0
If( objUser.AccountDisabled ) Then
CheckAccountDisabled = True
SYSEXPLANATION = "Account [" & strDomain & "\" & objUser.Name & "] is disabled"
Else
CheckAccountDisabled = False
SYSEXPLANATION = "Account [" & strDomain & "\" & objUser.Name & "] is enabled"
End If
End Function
' ////////////////////////////////////////////////////////////////////////////////////////
Function CheckAccountLocked( strDomain, strAccount )
' Description:
' Check if the user account specified by strAccount on domain strDomain is locked
' Parameters:
' 1) strDomain As String - Domain that holds the user account
' 2) strAccount As String - User account name
' Usage:
' CheckAccountLocked( "<Domain>", "<Domain Account>" )
' Sample:
' CheckAccountLocked( "DOMAIN01", "Guest" )
Dim objUser
CheckAccountLocked = retvalUnknown ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
SYSDATA = "" ' SYSDATA displayed in the 'Data' column in the Manager
SYSEXPLANATION = "" ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager
On Error Resume Next
Set objUser = GetObject("WinNT://" & strDomain & "/" & strAccount & ",user")
If( Err.Number <> 0 ) Then
CheckAccountLocked = retvalUnknown
SYSEXPLANATION = "Account '" & strDomain & "\" & strAccount & "' could not be found"
Exit Function
End If
On Error Goto 0
If( objUser.IsAccountLocked ) Then
CheckAccountLocked = False
SYSEXPLANATION = "Account [" & strDomain & "\" & objUser.Name & "] is locked"
Else
CheckAccountLocked = True
SYSEXPLANATION = "Account [" & strDomain & "\" & objUser.Name & "] is not locked"
End If
End Function
' ///////////////////////////////////////////////////////////////////////////////
Function CheckAccountsLockedInGroup( strDomain, strGroup )
' Description:
' Check if there's one or more accounts locked in a group
' Parameters:
' 1) strDomain As String - Domain that holds the user- and group account
' 2) strGroup As String - Domain group name
' Usage:
' CheckAccountsLockedInGroup( "<Domain>", "<Domain Group>" )
' Sample:
' CheckAccountsLockedInGroup( "DOMAIN01", "Domain Users" )
Dim objGroup, objUser
Dim strLockedAccounts
CheckAccountsLockedInGroup = retvalUnknown ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
SYSDATA = "" ' SYSDATA displayed in the 'Data' column in the Manager
SYSEXPLANATION = "" ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager
strLockedAccounts = ""
On Error Resume Next
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
If( Err.Number <> 0 ) Then
CheckAccountsLockedInGroup = retvalUnknown
SYSEXPLANATION = "Domain or group not found"
Exit Function
End If
On Error Goto 0
For Each objUser in objGroup.Members
If( Err.Number <> 0 ) Then
CheckAccountsLockedInGroup = False
SYSEXPLANATION = "Unable to retrieve group members"
Exit Function
End If
On Error Resume Next
Set objUser = GetObject("WinNT://" & strDomain & "/" & objUser.Name & ",user")
If( Err.Number <> 0 ) Then
CheckAccountsLockedInGroup = retvalUnknown
SYSEXPLANATION = "Unable to retrieve properties for account [" & objUser.Name & "]"
Exit Function
End If
On Error Goto 0
If( objUser.IsAccountLocked ) Then
If( strLockedAccounts <> "" ) Then
strLockedAccounts = strLockedAccounts & ", "
End If
strLockedAccounts = strLockedAccounts & objUser.Name
End If
Next
If( strLockedAccounts <> "" ) Then
CheckAccountsLockedInGroup = False
SYSEXPLANATION = "Account(s) [" & strLockedAccounts & "] are locked in Domain [" & strDomain & "]"
Else
CheckAccountsLockedInGroup = True
SYSEXPLANATION = "No Accounts are locked in Domain [" & strDomain & "]"
End If
End Function
' ///////////////////////////////////////////////////////////////////////////////
Function CheckGroupMembership( strDomain, strGroup, strUser )
' Description:
' Check if a user, specified by strUser, is member of group strGroup on domain strDomain
' Parameters:
' 1) strDomain As String - Domain that holds the user- and group account
' 2) strGroup As String - Domain group name
' 3) strUser As String - User name
' Usage:
' CheckGroupMembership( "<Domain>", "<Domain Group>", "<Domain Account>" )
' Sample:
' CheckGroupMembership( "DOMAIN01", "Guests", "Guest" )
Dim objGroup, objUser
CheckGroupMembership = retvalUnknown ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
SYSDATA = "" ' SYSDATA displayed in the 'Data' column in the Manager
SYSEXPLANATION = "" ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager
On Error Resume Next
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
If( Err.Number <> 0 ) Then
CheckGroupMembership = retvalUnknown
SYSEXPLANATION = "Domain or group not found"
Exit Function
End If
On Error Goto 0
For Each objUser in objGroup.Members
If( Err.Number <> 0 ) Then
CheckGroupMembership = False
SYSEXPLANATION = "Unable to list group members"
Exit Function
End If
If( UCase( objUser.Name ) = UCase( strUser ) ) Then
CheckGroupMembership = True
SYSEXPLANATION = "[" & strDomain & "\" & strUser & "] is member of group [" & strGroup & "]"
Exit Function
End If
Next
CheckGroupMembership = False
SYSEXPLANATION = "[" & strDomain & "\" & strUser & "] is NOT member of group [" & strGroup & "]"
End Function
' ///////////////////////////////////////////////////////////////////////////////
Function CheckLDAPServer( strHost, strAltCredentials, strExpected )
' Description:
' Query an LDAP server and match the response
' Parameters:
' 1) strHost As String - Server to send the LDAP query to
' 2) strAltCredentials As String - Specify an empty string to use Metwork Monitor service credentials.
' To use alternate credentials, enter a server that is defined in Server Credentials table.
' (To define Server Credentials, choose Tools->Options->Server Credentials)' Usage:
' 3) strExpected As String - Expected response
' Usage:
' CheckLDAPServer( "<Hostname | IP>", "", "<Expected Response>" )
Dim objLDAP, strPath
Dim strAltLogin, strAltPassword
CheckLDAPServer = retvalUnknown ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
SYSDATA = "" ' SYSDATA displayed in the 'Data' column in the Manager
SYSEXPLANATION = "" ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager
strAltLogin = ""
strAltPassword = ""
' If alternate credentials are specified, retrieve the alternate login and password from the ActiveXperts global settings, and logon
If( strAltCredentials <> "" ) Then
If( Not getCredentials( strHost, strAltCredentials, strAltLogin, strAltPassword, SYSEXPLANATION )) Then
Exit Function
End If
If( Not netLogon( strHost, strAltLogin, strAltPassword, SYSEXPLANATION ) ) Then
Exit Function
End If
End If
On Error Resume Next
Set objLDAP = GetObject( "LDAP://" & strHost & "/RootDse" )
If( objLDAP Is Nothing ) Then
SYSEXPLANATION = "LDAP query failed"
Else
CheckLDAPServer = True
strPath = objLDAP.get( "DefaultNamingContext" )
If( InStr( strPath , strExpected ) <> 0 ) Then
CheckLDAPServer = True
SYSEXPLANATION = "LDAP server was queried, response=[" & strPath &"] matched string [" & strExpected & "]"
Else
CheckLDAPServer = False
SYSEXPLANATION = "LDAP server was queried, response=[" & strPath &"] did not match string [" & strExpected & "]"
End If
End If
On Error Goto 0
' If alternate login is used, logoff now
If( strAltLogin <> "" ) Then
netLogoff( strHost )
End If
End Function
' ///////////////////////////////////////////////////////////////////////////////
Function VerifyGroupMembers( strDomain, strGroup, strMemberList )
' Description:
' Check all members of strGroup. If an element of this group is not member of the strMemberList, then False is returned.
' Use it to check if the Domain Admin or Enterpise Admin group has no unexpected members.
' Parameters:
' 1) strDomain As String - Domain that holds the user- and group account
' 2) strGroup As String - Domain group name
' 3) strUser As String - User name
' Usage:
' VerifyGroupMembers( "<Domain>", "<Domain Group>", "<Domain User 1>...<Domain User n>" )
' Sample:
' VerifyGroupMembers( "DOMAIN01", "Administrators", "Administrator,James,William" )
Dim objGroup, objUser
Dim bMemberFound, arrUsers, i
VerifyGroupMembers = retvalUnknown ' Default return value, and will be shown as a yellow (uncertain) icon in the Manager
SYSDATA = "" ' SYSDATA displayed in the 'Data' column in the Manager
SYSEXPLANATION = "" ' SYSEXPLANATION displayed in the 'LastResponse' column in the Manager
On Error Resume Next
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
If( Err.Number <> 0 ) Then
VerifyGroupMembers = retvalUnknown
SYSEXPLANATION = "Domain or group not found"
Exit Function
End If
On Error Goto 0
arrUsers = Split( strMemberList, "," )
For Each objUser In objGroup.Members
If( Err.Number <> 0 ) Then
VerifyGroupMembers = retvalUnknown
SYSEXPLANATION = "Unable to list group members"
Exit Function
End If
bMemberFound = False
For i = 0 To UBound( arrUsers )
If( UCase( Trim( arrUsers(i) ) ) = UCase( Trim( objUser.Name ) ) ) Then
bMemberFound = True
Exit For
End If
Next
If( Not bMemberFound ) Then
VerifyGroupMembers = False
SYSEXPLANATION = "User [" & objUser.Name & "] is not allowed as a member of group [" & strGroup & "]"
Exit Function
End If
Next
VerifyGroupMembers = True
SYSEXPLANATION = "All members of group [" & strGroup & "] are allowed members"
End Function
' //////////////////////////////////////////////////////////////////////////////
' // --- Private Functions section ---
' // Private functions names should start with a lower case character, so they
' // will not be listed in the Network Monitor's function browser.
' //////////////////////////////////////////////////////////////////////////////
Function netLogon( strHost, strAltLogin, strAltPassword, strSysExplanation )
Dim objRemoteServer
netLogon = False
strSysExplanation = ""
Set objRemoteServer = CreateObject( "ActiveXperts.RemoteServer" )
If( strAltLogin = "" ) Then
netLogon = True
Exit Function
End If
objRemoteServer.Connect strHost, strAltLogin, strAltPassword
If( objRemoteServer.LastError <> 0 ) Then
netLogon = False
strSysExplanation = "Login failed"
Exit Function
End If
netLogon = True
End Function
' //////////////////////////////////////////////////////////////////////////////
Function netLogoff( strHost )
Dim objRemoteServer
netLogoff = False
Set objRemoteServer = CreateObject( "ActiveXperts.RemoteServer" )
objRemoteServer.Disconnect strHost
If( objRemoteServer.LastError <> 0 ) Then
netLogoff = False
Exit Function
End If
netLogoff = True
End Function