成功最有效的方法就是向有经验的人学习!

微软活动目录及文件服务器自动化处理脚本

实现逻辑:
CMDB的用户管理模块,对于增,删,改的操作时都会生成一个CSV文件用于存放脚本需要的用户信息。同时CMDB通过POWERSHELL脚本触发定时任务执行此脚本,进行活动目录中的用户管理,和文件服务器的权限管理。从而实现只要CMDB中操作过用户都会同步操作活动目录,例如新增用户,新增文件夹权限,授权某一用户可以使用wifi,停用帐户等操作。

option explicit

on error resume next

'===========================================================
'                         曄悢掕媊
'===========================================================
dim objwn, pcname, DNBname, objlp, BDE, regp1, pUPNsfx, regp, UPNsfx
dim objws, num, objdomain, objfs, objsec, strhddrv, stradm, strevery
dim objTS
dim strneu, deneu, objneu
dim strhd
dim hsd, hdacl, ahmk1, ahfl1, ahty1, ahmk2, ahfl2, ahty2
dim HshDes, Hshname, Hshpath
dim strlnkd
dim pssd, psdacl, apsmk1, apsfl1, apsty1, apsmk2, apsfl2, apsty2
dim LnkshDes, Lnkshname, Lnkshpath
dim strjscd, strescd
dim strgscd
dim gfile, gfso, gfp, groupnum
dim groupstr, garray, strgn, strgsan, strgdes, strgdir, strgshdes
dim objegp
dim objgp
dim strgd, gsd, gdacl
dim agmk1, agfl1, agty1, agmk2, agfl2, agty2, agmk31, agfl31, agty31, agmk32, agfl32, agty32
dim strgpd, gpsd, gpdacl, AdelGPN, AdelGPG
dim agpmk1, agpfl1, agpty1, agpmk2, agpfl2, agpty2
dim GshDes, Gshname, Gshpath
dim strglnk, strgsctar
dim dfile, fso, fp, usernum, ChUNnum, ChUact, ChUGrem, ChUGadd
dim userstr, uarray, strUser, strsan, strpass, strEname, strEfname, strfullname, strglmail, strmailsw
dim strJfname, strJname, strdes, strdisabled, strgroup
dim objeusr
dim objUsr
dim struhd, groups, group
dim usd, udacl, aumk1, aufl1, auty1, aumk2, aufl2, auty2
dim strupd, upsd, updacl, AdelPN, AdelPU
dim aupmk1, aupfl1, aupty1, aupmk2, aupfl2, aupty2
dim strujlnk, strujsctar, struelnk, struesctar
dim strjscn, strescn
dim grps, grp, strremg, gn1, strgname1, straddg, gn2, strgname2, gf

'===========================================================
'                        掕悢掕媊
'===========================================================
'------------------------
'   傾僇僂儞僩偺桳岠壔
'------------------------
const usa = 66048   '傾僇僂儞僩桳岠
const nsa = 66050   '傾僇僂儞僩柍岠

'--------------------
'   僌儖乕僾偺庬椶
'--------------------
const gdifg = -2147483646   '僌儘乕僶儖僌儖乕僾
const gdifd = -2147483644   '僪儊僀儞儘乕僇儖僌儖乕僾

'------------------------
'   僼傽僀儖傾僋僙僗尃
'------------------------
const ADS_RIGHT_DELETE                     = &h10000    '删除
const ADS_RIGHT_READ_CONTROL               = &h20000    '傾僋僙僗嫋壜偺撉傒庢傝
const ADS_RIGHT_WRITE_DAC                  = &h40000    '傾僋僙僗嫋壜偺曄峏
const ADS_RIGHT_WRITE_OWNER                = &h80000    '強桳尃偺庢摼
const ADS_RIGHT_SYNCHRONIZE                = &h100000   '側偟
const ADS_RIGHT_ACCESS_SYSTEM_SECURITY     = &h1000000  '側偟
const ADS_RIGHT_GENERIC_READ               = &h80000000 '撉傒庢傝
const ADS_RIGHT_GENERIC_WRITE              = &h40000000 '僼傽僀儖偺制作/僨乕僞偺彂偒崬傒丄僼僅儖僟偺制作/僨乕僞偺追加丄懏惈丒奼挘懏惈偺彂偒崬傒丄傾僋僙僗嫋壜偺撉傒庢傝
const ADS_RIGHT_GENERIC_EXECUTE            = &h20000000 '僼僅儖僟偺僗僉儍儞/僼傽僀儖偺幚峴丄懏惈偺撉傒庢傝丄傾僋僙僗嫋壜偺撉傒庢傝
const ADS_RIGHT_GENERIC_ALL                = &h10000000 '僼儖僐儞僩儘乕儖
const ADS_RIGHT_DS_CREATE_CHILD            = &h1        '僼僅儖僟偺堦棗/僨乕僞偺撉傒庢傝
const ADS_RIGHT_DS_DELETE_CHILD            = &h2        '僼傽僀儖偺制作/僨乕僞偺彂偒崬傒
const ADS_RIGHT_ACTRL_DS_LIST              = &h4        '僼僅儖僟偺制作/僨乕僞偺追加
const ADS_RIGHT_DS_SELF                    = &h8        '奼挘懏惈偺撉傒庢傝
const ADS_RIGHT_DS_READ_PROP               = &h10       '奼挘懏惈偺彂偒崬傒
const ADS_RIGHT_DS_WRITE_PROP              = &h20       '僼僅儖僟偺僗僉儍儞/僼傽僀儖偺幚峴
const ADS_RIGHT_DS_DELETE_TREE             = &h40       '僒僽僼僅儖僟偲僼傽僀儖偺删除
const ADS_RIGHT_DS_LIST_OBJECT             = &h80       '懏惈偺撉傒庢傝
const ADS_RIGHT_DS_CONTROL_ACCESS          = &h100      '懏惈偺彂偒崬傒

const ADS_ACEFLAG_UNKNOWN                  = &h1        '偙偺僼僅儖僟偲僼傽僀儖丅巕僆僽僕僃僋僩偵傛偭偰宲彸偝傟偰偄傑偡丅
const ADS_ACEFLAG_INHERIT_ACE              = &h2        '偙偺僼僅儖僟偲僒僽僼僅儖僟乮僼僅儖僟撪梕偺堦棗昞帵晅偒乯丄巕僆僽僕僃僋僩偵傛偭偰宲彸偝傟偰偄傑偡丅
const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &h4        '偙偺僼僅儖僟偺傒丅巕僆僽僕僃僋僩偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_INHERIT_ONLY_ACE         = &h8        '揔梡愭柍偟
const ADS_ACEFLAG_INHERITED_ACE            = &h10       '偙偺僼僅儖僟偺傒丅傾僋僙僗嫋壜偼恊偐傜宲彸丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_VALID_INHERIT_FLAGS      = &h1f       '僒僽僼僅儖僟偲僼傽僀儖偺傒丅傾僋僙僗嫋壜偼恊偐傜宲彸丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_SUCCESSFUL_ACCESS        = &h40       '偙偺僼僅儖僟偺傒丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_FAILED_ACCESS            = &h80       '偙偺僼僅儖僟偺傒丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅

const ADS_ACETYPE_ACCESS_ALLOWED           = &h0        '傾僋僙僗嫋壜
const ADS_ACETYPE_ACCESS_DENIED            = &h1        '傾僋僙僗嫅斲

'------------------------
'   儐乕僓记录僗僀僢僠
'------------------------
const asw = 1        '记录
const dsw = 0        '删除

'===========================================================
'   PC柤丄僪儊僀儞偺NetBIOS柤丄僪儊僀儞僒僼傿僢僋僗偺掕媊
'===========================================================
'pcname = "RpcSVR01"     'PC柤
'DNBname = "SH_SERVERS"
'UPNsfx = "@sh.hq.ct99.cn"
'BDE = "DC=sh,DC=hq,DC=ct99,DC=cn"

Set objwn = WScript.CreateObject("WScript.Network")
pcname = objwn.ComputerName     'PC柤
DNBname = objwn.UserDomain     '僪儊僀儞NetBIOS柤

Set objlp = GetObject("LDAP://" & DNBname)
BDE = Mid(objlp.ADsPath, 7+Len(DNBname)+2)     'LDAP僪儊僀儞

Set regp1 = New RegExp
regp1.Pattern = "dc="
regp1.Global = True
regp1.IgnoreCase = True
pUPNsfx = "@" & regp1.Replace(BDE, "")

Set regp = New RegExp
regp.Pattern = ","
regp.Global = True
regp.IgnoreCase = True
UPNsfx = regp.Replace(pUPNsfx, ".")     '儐乕僓僾儕儞僔僷儖僱乕儉僒僼傿僢僋僗

'------------------
'   记录愭偺妋擣
'------------------
Set objws = WScript.CreateObject("WScript.Shell")
num = objws.popup("确认以下信息" & vbCRLF _
            & "PC     : " & pcname & vbCRLF _
            & "Domain : " & DNBname & vbCRLF _
            & "Suffix : " & UPNsfx,0,"确认",4)

'--------------
'   OK偺応崌
'--------------
if num = 6 then
    WScript.echo "开始自动登录用户"

    Set objdomain = GetObject("LDAP://" & DNBname & "/CN=users," & BDE)
    Set objfs = Wscript.CreateObject("Scripting.FileSystemObject")
    Set objsec = CreateObject("AdsSecurity")

    strhddrv = "J:\"
    stradm = "administrators"
    strneu = "NetworkEndUsers"
    strevery = "Everyone"

    '===========================================================
    '                  儘僌僼傽僀儖僆乕僾儞
    '===========================================================
    Set objTS = objfs.OpenTextFile("register.log", 8, True)
    objTS.WriteLine "执行时间 : " & Now
    objTS.WriteBlankLines (1)

    '===========================================================
    '           NetworkEndUsers偺记录乮枹记录偺応崌乯
    '===========================================================
    Set deneu = GetObject("LDAP://" & DNBname & "/CN=" & strneu & ",CN=users," & BDE)
    if err then
        WScript.echo strneu & "登录"
        Set objneu = objdomain.Create("Group","CN=" & strneu)
        objneu.Put "samAccountName", strneu
        objneu.Put "grouptype", gdifd
        objneu.Put "Description",  "网络进入许可"
        objneu.SetInfo
        Set objneu = nothing
        err.clear
        objTS.WriteLine "记录 : NetworkEndUsers"
        objTS.WriteBlankLines (1)
    end if

    Set deneu = nothing

    '===========================================================
    '              J:\Home制作乮J:\Home偑側偄応崌乯
    '===========================================================
    strhd = strhddrv & "Home"
    if objfs.FolderExists(strhd)=0 then
        WScript.echo strhd & "建立目录"
        objfs.CreateFolder strhd

        '--------------------
        '   傾僋僙僗尃愝掕
        '--------------------
        Set hsd = objsec.GetSecurityDescriptor("FILE://" & strhd)
        Set hdacl = hsd.DiscretionaryAcl

        '----- administrators:full (all) -----
        ahmk1 = ADS_RIGHT_GENERIC_ALL
        ahfl1 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
        ahty1 = ADS_ACETYPE_ACCESS_ALLOWED
        call AddEAce(hsd, stradm, ahmk1, ahfl1, ahty1)

        '----- NetworkEndUsers:read only (all) -----
        ahmk2 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
        ahfl2 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
        ahty2 = ADS_ACETYPE_ACCESS_ALLOWED
        call AddEAce(hsd, strneu, ahmk2, ahfl2, ahty2)

        '----- Everyone偺傾僋僙僗尃傪删除 -----
        call DelEAce(hsd, strevery)

        hsd.DiscretionaryAcl = hdacl
        objsec.SetSecurityDescriptor hsd

        Set hsd = nothing
        Set hdacl = nothing

        '--------------
        '   嫟桳愝掕
        '--------------
        HshDes = "个人目录文件夹"
        Hshname = "Home"
        Hshpath = strhd
        call ShareFolder(HshDes, Hshname, Hshpath)
        objTS.WriteLine "制作访问共享设定 : " & strhd
        objTS.WriteBlankLines (1)
    end if

    '=============================================================================
    '      strinkd僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕制作乮J:\Links偑側偄応崌乯
    '=============================================================================
    strlnkd = strhddrv & "Links"
    if objfs.FolderExists(strlnkd)=0 then
        WScript.echo strlnkd & "建立快捷方式"
        objfs.CreateFolder strlnkd

        '--------------------------------------------------------------
        '   strinkd僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕傾僋僙僗尃愝掕
        '--------------------------------------------------------------
        Set pssd = objsec.GetSecurityDescriptor("FILE://" & strlnkd)
        Set psdacl = pssd.DiscretionaryAcl

        '----- administrators:full (all) -----
        apsmk1 = ADS_RIGHT_GENERIC_ALL
        apsfl1 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
        apsty1 = ADS_ACETYPE_ACCESS_ALLOWED
        call AddEAce(pssd, stradm, apsmk1, apsfl1, apsty1)

        '----- NetworkEndUsers:read only (all) -----
        apsmk2 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
        apsfl2 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
        apsty2 = ADS_ACETYPE_ACCESS_ALLOWED
        call AddEAce(pssd, strneu, apsmk2, apsfl2, apsty2)

        '----- Everyone偺傾僋僙僗尃傪删除 -----
        call DelEAce(pssd, strevery)

        pssd.DiscretionaryAcl = psdacl
        objsec.SetSecurityDescriptor pssd

        Set pssd = nothing
        Set psdacl = nothing

        '--------------
        '   嫟桳愝掕
        '--------------
        LnkshDes = "LnkshDes"
        Lnkshname = "Links"
        Lnkshpath = strlnkd
        call ShareFolder(LnkshDes, Lnkshname, Lnkshpath)
        objTS.WriteLine "制作访问共享设定 : " & strlnkd
        objTS.WriteBlankLines (1)

        '--------------------------------------------------------
        '   擔塸strinkd僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕制作
        '--------------------------------------------------------
        strjscd = strlnkd & "\" & "strinkd"
        objfs.CreateFolder strjscd
        objTS.WriteLine "制作 : " & strjscd

        strescd = strlnkd & "\" & "Link2Home(ASCII)"
        objfs.CreateFolder strescd
        objTS.WriteLine "制作 : " & strescd

        '--------------------------------------------------------
        '   僌儖乕僾僼僅儖僟僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕制作
        '--------------------------------------------------------
        strgscd = strlnkd & "\" & "strgscd"
        objfs.CreateFolder strgscd
        objTS.WriteLine "制作 : " & strgscd
        objTS.WriteBlankLines (1)
    end if

    '===========================================================
    '                     僌儖乕僾偺记录
    '===========================================================
    WScript.echo "开始登录组"

    '------------------------
    '   僨乕僞儀乕僗偺巜掕
    '------------------------
    gfile = "grouplist.csv"
    Set gfso = CreateObject("Scripting.FileSystemObject")
    Set gfp = gfso.OpenTextFile(gfile,1)

    gfp.skipline

    groupnum = 0

    '----------
    '   记录
    '----------
    do while not gfp.AtEndofStream
        call GetGroupInfo
        if groupstr <> "" then
            call GSetAstToNull

            Set objegp = GetObject("LDAP://" & DNBname & "/CN=" & strgn & ",CN=users," & BDE)

            '---------------------------------------------------------
            '   记录乮僼傽僀儖偐傜撉傒崬傫偩僌儖乕僾偑枹记录偺応崌乯
            '---------------------------------------------------------
            if err then
                Set objgp = objdomain.Create("Group","CN=" & strgn)
                objgp.Put "samAccountName",strgsan
                objgp.Put "grouptype",gdifg
                objgp.Put "Description", strgdes
                objgp.SetInfo
                groupnum = groupnum + 1

                objTS.WriteLine "记录 : " & strgn

                Set objgp = nothing

                '------------------------------
                '   僌儖乕僾僨傿儗僋僩儕制作
                '------------------------------
                if strgdir <> "" then
                    strgd = strhddrv & strgdir
                    objfs.CreateFolder strgd

                    '------------------------------------------
                    '   僌儖乕僾僨傿儗僋僩儕偺傾僋僙僗尃愝掕
                    '------------------------------------------
                    Set gsd = objsec.GetSecurityDescriptor("FILE://" & strgd)
                    Set gdacl = gsd.DiscretionaryAcl

                    '----- administrators:full (all) -----
                    agmk1 = ADS_RIGHT_GENERIC_ALL
                    agfl1 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
                    agty1 = ADS_ACETYPE_ACCESS_ALLOWED
                    call AddEAce(gsd, stradm, agmk1, agfl1, agty1)

                    '----- NetworkEndUsers:read only (all) -----
                    agmk2 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
                    agfl2 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
                    agty2 = ADS_ACETYPE_ACCESS_ALLOWED
                    call AddEAce(gsd, strneu, agmk2, agfl2, agty2)

                    '----- each group:read, write and execute (folder only) -----
                    agmk31 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
                    agfl31 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
                    agty31 = ADS_ACETYPE_ACCESS_ALLOWED
                    call AddEAce(gsd, strgn, agmk31, agfl31, agty31)

                    '----- each group:full (subfolder & file) -----
                    agmk32 = ADS_RIGHT_GENERIC_ALL
                    agfl32 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
                    agty32 = ADS_ACETYPE_ACCESS_ALLOWED
                    call AddEAce(gsd, strgn, agmk32, agfl32, agty32)

                    '----- Everyone偺傾僋僙僗尃傪删除 -----
                    call DelEAce(gsd, strevery)

                    gsd.DiscretionaryAcl = gdacl
                    objsec.SetSecurityDescriptor gsd

                    '-------------------------------------
                    '   僌儖乕僾private僨傿儗僋僩儕制作
                    '-------------------------------------
                    strgpd = strgd & "\" & "private"
                    objfs.CreateFolder strgpd

                    '-------------------------------------------------
                    '   僌儖乕僾private僨傿儗僋僩儕偺傾僋僙僗尃愝掕
                    '-------------------------------------------------
                    Set gpsd = objsec.GetSecurityDescriptor("FILE://" & strgpd)
                    Set gpdacl = gpsd.DiscretionaryAcl

                    '----- NetworkEndUsers偺傾僋僙僗尃傪删除 -----
                    AdelGPN = DNBname & "\" & strneu
                    call DelEAce(gpsd, AdelGPN)

                    '----- 奺僌儖乕僾偺傾僋僙僗尃傪删除 -----
                    AdelGPG = DNBname & "\" & strgn
                    call DelEAce(gpsd, AdelGPG)

                    '----- each group:read, write and execute (folder only) -----
                    agpmk1 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
                    agpfl1 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
                    agpty1 = ADS_ACETYPE_ACCESS_ALLOWED
                    call AddEAce(gpsd, strgn, agpmk1, agpfl1, agpty1)

                    '----- each group:full (subfolder & file) -----
                    agpmk2 = ADS_RIGHT_GENERIC_ALL
                    agpfl2 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
                    agpty2 = ADS_ACETYPE_ACCESS_ALLOWED
                    call AddEAce(gpsd, strgn, agpmk2, agpfl2, agpty2)

                    gpsd.DiscretionaryAcl = gpdacl
                    objsec.SetSecurityDescriptor gpsd

                    Set gsd = nothing
                    Set gdacl = nothing
                    Set gpsd = nothing
                    Set gpdacl = nothing

                    '--------------
                    '   嫟桳愝掕
                    '--------------
                    GshDes = strgshdes
                    Gshname = strgdir
                    Gshpath = strgd
                    call ShareFolder(GshDes, Gshname, Gshpath)

                    '------------------------------------------------
                    '   僌儖乕僾僨傿儗僋僩儕傊偺僔儑乕僩僇僢僩制作
                    '------------------------------------------------
                    strglnk = strlnkd & "\" & "strgscd" & "\" & strgdes
                    strgsctar = strgd
                    call CreateSC(strglnk, strgsctar)
                end if

                err.clear
            end if

            Set objegp = nothing
        end if
    loop

    WScript.echo "组登录完成"
    objTS.WriteLine "记录姰椆僌儖乕僾悢 : " & groupnum
    objTS.WriteBlankLines (1)

    '===========================================================
    '                     儐乕僓乕偺记录
    '===========================================================
    WScript.echo "开始登录用户"

    '------------------------
    '   僨乕僞儀乕僗偺巜掕
    '------------------------
    dfile = "userlist.csv"
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set fp = fso.OpenTextFile(dfile,1)

    fp.skipline

    usernum = 0
    ChUNnum = 0
    ChUact = 0
    ChUGrem = 0
    ChUGadd = 0

    '----------
    '   记录
    '----------
    do while not fp.AtEndofStream
        call GetUserInfo
        if userstr <> "" then
            call SetAstToNull

            Set objeusr = GetObject("LDAP://" & DNBname & "/CN=" & strUser & ",CN=users," & BDE)

            '-------------------------------------------------------
            '   记录乮僼傽僀儖偐傜撉傒崬傫偩儐乕僓偑枹记录偺応崌乯
            '-------------------------------------------------------
            if err then
                Set objUsr = objdomain.Create("User", "CN=" & strUser)
                usernum = usernum + 1
                objTS.WriteLine "记录 : " & strUser

                '----------------------------------------
                '   儐乕僓乕柤丄僷僗儚乕僪丄愢柧偺记录
                '----------------------------------------
                objUsr.Put "samAccountName", strsan
                objUsr.Put "userPrincipalName", strUser & UPNsfx
                objUsr.SetInfo

                if strEname <> "" then
                    objUsr.Put "sn", strEfname
                    objUsr.Put "givenName", strEname
                    objUsr.Put "displayName", strfullname

                                        objUsr.Put "scriptPath", "logon.bat"
                end if

                if strJname <> "" then
                    objUsr.Put "Description", strdes
                end if
                if strmailsw = "Y" then
                    objUsr.Put "mail", strglmail
                end if
                objUsr.SetInfo
                objUsr.SetPassword strpass
                objUsr.SetInfo

                '--------------------------------------------------
                '   僷僗儚乕僪偺桳岠婜尷丄傾僇僂儞僩偺桳岠傪记录
                '--------------------------------------------------
                if strdisabled = 0 then
                    objUsr.Put "userAccountControl", nsa
                else
                    objUsr.Put "userAccountControl", usa
                end if

                objUsr.SetInfo

                '------------------------------
                '   儂乕儉僨傿儗僋僩儕偺记录
                '------------------------------
                struhd = strhd & "\" & strUser
                objUsr.Put "HomeDirectory", struhd
                objUsr.SetInfo

                '--------------------------------------
                '   儐乕僓乕傪巜掕偟偨僌儖乕僾傊记录
                '--------------------------------------
                if strgroup <> "" then
                    groups = split(strgroup, ";", -1)
                    for each group in groups
                        call AddOrRemU(group, objUsr, asw)
                    next
                end if

                '----------------------------
                '   屄恖梡僨傿儗僋僩儕制作
                '----------------------------
                objfs.CreateFolder struhd

                '--------------------------------------
                '   屄恖僨傿儗僋僩儕偺傾僋僙僗尃愝掕
                '--------------------------------------
                Set usd = objsec.GetSecurityDescriptor("FILE://" & struhd)
                Set udacl = usd.DiscretionaryAcl

                '----- each user:read, write and execute (folder only) -----
                aumk1 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
                aufl1 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
                auty1 = ADS_ACETYPE_ACCESS_ALLOWED
                call AddEAce(usd, strUser, aumk1, aufl1, auty1)

                '----- each user:full (subfolder & file) -----
                aumk2 = ADS_RIGHT_GENERIC_ALL
                aufl2 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
                auty2 = ADS_ACETYPE_ACCESS_ALLOWED
                call AddEAce(usd, strUser, aumk2, aufl2, auty2)

                usd.DiscretionaryAcl = udacl
                objsec.SetSecurityDescriptor usd

                Set usd = nothing
                Set udacl = nothing

                '-----------------------------------
                '   屄恖private僨傿儗僋僩儕偺制作
                '-----------------------------------
                strupd = struhd & "\" & "private"
                objfs.CreateFolder strupd

                '---------------------------------------------
                '   屄恖private僨傿儗僋僩儕偺傾僋僙僗尃愝掕
                '---------------------------------------------
                Set upsd = objsec.GetSecurityDescriptor("FILE://" & strupd)
                Set updacl = upsd.DiscretionaryAcl

                '----- NetworkEndUsers偺傾僋僙僗尃傪删除 -----
                AdelPN = DNBname & "\" & strneu
                call DelEAce(upsd, AdelPN)

                '----- 奺屄恖偺傾僋僙僗尃傪删除 -----
                AdelPU = DNBname & "\" & strUser
                call DelEAce(upsd, AdelPU)

                '----- each user:read, write and execute (folder only) -----
                aupmk1 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
                aupfl1 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
                aupty1 = ADS_ACETYPE_ACCESS_ALLOWED
                call AddEAce(upsd, strUser, aupmk1, aupfl1, aupty1)

                '----- each user:full (subfolder & file) -----
                aupmk2 = ADS_RIGHT_GENERIC_ALL
                aupfl2 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
                aupty2 = ADS_ACETYPE_ACCESS_ALLOWED
                call AddEAce(upsd, strUser, aupmk2, aupfl2, aupty2)

                upsd.DiscretionaryAcl = updacl
                objsec.SetSecurityDescriptor upsd

                Set upsd = nothing
                Set updacl = nothing

                if strEname <> "" then
                    '----------------------------------------------
                    '   屄恖梡僨傿儗僋僩儕傊偺僔儑乕僩僇僢僩制作
                    '----------------------------------------------
                    strujlnk = strlnkd & "\" & "strinkd" & "\" & strJfname & strJname
                    strujsctar = struhd
                    call CreateSC(strujlnk, strujsctar)

                    struelnk = strlnkd & "\" & "Link2Home(ASCII)" & "\" & strEfname & "(" & strEname & ")"
                    struesctar = struhd
                    call CreateSC(struelnk, struesctar)
                end if

                Set objUsr = nothing
                err.clear

            else
            '-----------------------------------------------------------------
            '   记录嵪傒儐乕僓偺僨乕僞曄峏乮僨乕僞儀乕僗偵曄峏偑偁偭偨応崌乯
            '-----------------------------------------------------------------
                '----------------
                '   柤慜偺曄峏
                '----------------
                if objeusr.displayName <> strfullname then
                    '------------------
                    '   昞帵柤偺曄峏
                    '------------------
                    objeusr.Put "sn", strEfname
                    objeusr.Put "displayName", strfullname
                    objeusr.Put "Description", strdes
                    objeusr.SetInfo

                    '----------------------------
                    '   僔儑乕僩僇僢僩柤偺曄峏
                    '----------------------------
                    strjscd = strlnkd & "\" & "strinkd"
                    strjscn = strJfname & strJname & ".lnk"
                    call ChSCname(strjscd, strjscn)

                    strescd = strlnkd & "\" & "Link2Home(ASCII)"
                    strescn = strEfname & "(" & strEname & ")" & ".lnk"
                    call ChSCname(strescd, strescn)

                    objTS.WriteLine "昞帵柤偺峏怴 : " & strUser
                    ChUNnum = ChUNnum + 1
                end if
                if strmailsw = "Y" then
                    objeusr.Put "mail", strglmail
                    objeusr.SetInfo
                else
                    objeusr.Put "mail", " "
                    objeusr.SetInfo
                end if

                '----------------------
                '   傾僇僂儞僩偺桳岠
                '----------------------
                if objeusr.userAccountControl = usa then
                    if strdisabled = 0 then
                        objeusr.Put "userAccountControl", nsa
                        objeusr.SetInfo
                        objTS.WriteLine "妶惈偺曄峏 : " & strUser & " 乮柍岠壔乯"
                        ChUact = ChUact + 1
                    end if
                else
                    if strdisabled = 1 then
                        objeusr.Put "userAccountControl", usa
                        objeusr.SetInfo
                        objTS.WriteLine "妶惈偺曄峏 : " & strUser & " 乮桳岠壔乯"
                        ChUact = ChUact + 1
                    end if
                end if

                '------------------------
                '   強懏僌儖乕僾偺曄峏
                '------------------------
                Set grps = objeusr.Groups
                groups = split(strgroup, ";", -1)

                    '----------------------------
                    '   媽強懏僌儖乕僾偐傜删除
                    '----------------------------
                    strremg = ""
                    for each grp in grps
                    gn1=0
                    strgname1 = Mid(grp.name, 4)
                        for each group in groups
                            if StrComp(strgname1, group, 1) = 0 then
                                gn1=gn1+1
                            end if
                        next
                        if gn1=0 then
                            call AddOrRemU(strgname1, objeusr, dsw)
                            if strremg = "" then
                                strremg = strgname1
                            else
                                strremg = strremg & "," & strgname1
                            end if
                        end if
                    next
                    if strremg <> "" then
                        objTS.WriteLine "強懏僌儖乕僾偺曄峏乮删除乯: " & strUser & "乮" & strremg & "偐傜乯"
                        ChUGrem = ChUGrem + 1
                    end if

                    '--------------------------
                    '   怴強懏僌儖乕僾偵追加
                    '--------------------------
                    straddg = ""
                    for each group in groups
                    gn2=0
                        for each grp in grps
                            strgname2 = Mid(grp.name, 4)
                            if StrComp(group, strgname2, 1) = 0 then
                                gn2=gn2+1
                            end if
                        next
                        if gn2=0 then
                            call AddOrRemU(group, objeusr, asw)
                            if gf=1 then
                                if straddg = "" then
                                    straddg = group
                                else
                                    straddg = straddg & "," & group
                                end if
                            end if
                        end if
                    next
                    if straddg <> "" then
                        objTS.WriteLine "強懏僌儖乕僾偺曄峏乮追加乯: " & strUser & "乮" & straddg & "傊乯"
                        ChUGadd = ChUGadd + 1
                    end if
                Set grps = nothing
            end if

            Set objeusr = nothing
        end if
    loop

    WScript.echo "用户登录完成"
    objTS.WriteLine "记录姰椆儐乕僓悢 : " & usernum
    objTS.WriteLine "记录撪梕曄峏儐乕僓悢"
    objTS.WriteLine "    柤慜偺曄峏 : " & ChUNnum
    objTS.WriteLine "    妶惈偺曄峏 : " & ChUact
    if ChUGrem >= ChUGadd then
        objTS.WriteLine "    強懏僌儖乕僾偺曄峏 : " & ChUGrem
    else
        objTS.WriteLine "    強懏僌儖乕僾偺曄峏 : " & ChUGadd
    end if
    objTS.WriteBlankLines (1)

    '===========================================================
    '                    僼傽僀儖僋儘乕僘
    '===========================================================
    objTS.WriteLine "--------------------------------------------------"
    objTS.WriteBlankLines (1)
    objTS.close
    gfp.close
    fp.close

    '===========================================================
    '                   僆僽僕僃僋僩偺夝曻
    '===========================================================
    Set objsec = nothing
    Set objfs = nothing
    Set objdomain = nothing
    Set gfso = nothing
    Set gfp = nothing
    Set fso = nothing
    Set fp = nothing
    Set objTS = nothing
    Set objwn = nothing
    Set objlp = nothing
    Set regp1 = nothing
    Set regp = nothing

    '===========================================================
    '                      廔椆儊僢僙乕僕
    '===========================================================
    WScript.echo "登录完成"

'--------------
'   NO偺応崌
'--------------
else

    WScript.echo "取消登录"

end if

Set objws = nothing

'仧仦仧-------------------------------------------
'                 僒僽儖乕僠儞
'-------------------------------------------仧仦仧

'===========================================================
'         僌儖乕僾僼傽僀儖撪偺忣曬傪奺曄悢偵戙擖
'===========================================================
Sub GetGroupInfo

groupstr = gfp.ReadLine
if groupstr <> "" then
    garray = split(groupstr,",",-1)
    strgn = garray(0)
    strgsan = garray(0)
    strgdes = garray(1)
    strgdir = garray(2)
    strgshdes = garray(3)
end if

End Sub

'===========================================================
'            僌儖乕僾僼傽僀儖撪偺"*"傪""偵曄姺
'===========================================================
Sub GSetAstToNull

If strgn = "*" Then strgn =""
If strgsan = "*" Then strgsan =""
If strgdes = "*" Then strgdes =""
If strgdir = "*" Then strgdir =""
If strgshdes = "*" Then strgshdes =""

End Sub

'===========================================================
'          儐乕僓僼傽僀儖撪偺忣曬傪奺曄悢偵戙擖
'===========================================================
Sub GetUserInfo

userstr = fp.ReadLine
if userstr <> "" then
    uarray = split(userstr,",",-1)
    strUser = uarray(2)
    strsan = uarray(2)
    strpass = uarray(3)
    strEname = uarray(4)
    strEfname = uarray(5)
    strfullname = strEname & " " & strEfname
    strJfname = uarray(6)
    strJname = uarray(7)
    strdes = strJfname & strJname
    strdisabled = uarray(8)
    strmailsw = uarray(9)
    strglmail = lcase(strUser) & "@epermarket.com"
    strgroup = uarray(10)
end if

End Sub

'===========================================================
'             儐乕僓僼傽僀儖撪偺"*"傪""偵曄姺
'===========================================================
Sub SetAstToNull

If strEname = "*" Then strEname =""
If strEfname = "*" Then strEfname =""
If strJfname = "*" Then strJfname =""
If strJname = "*" Then strJname =""
if strgroup = "*" Then strgroup = ""

End Sub

'===========================================================
'        儐乕僓傪僌儖乕僾偵追加 or 僌儖乕僾偐傜删除
'===========================================================
Sub AddOrRemU(sgroup, objsusr, AOR)
on error resume next
dim objgroup

Set objgroup = GetObject("LDAP://" & DNBname & "/CN=" & sgroup & ",CN=users," & BDE)
if err then     '僌儖乕僾偑柍偄応崌
    wscript.echo sgroup & "没有登录"
    gf=0
    err.clear
else
    if AOR = 1 then     '追加
        objgroup.Add objsusr.ADsPath
        gf=1
    else     '删除
        objgroup.Remove objsusr.ADsPath
    end if
end if

set objgroup = nothing

End Sub

'===========================================================
'                僨傿儗僋僩儕偺傾僋僙僗尃愝掕
'===========================================================
Sub AddEAce(asd, acnt, acsmk, acsfl, acsty)

dim aace, adacl

Set adacl = asd.DiscretionaryAcl
Set aace = CreateObject("AccessControlEntry")
aace.trustee = acnt     '傾僋僙僗尃傪愝掕偡傞傾僇僂儞僩
aace.accessmask = acsmk     '傾僋僙僗尃
aace.aceflags = acsfl     '傾僋僙僗尃揔梡愭
aace.acetype = acsty     '傾僋僙僗尃僞僀僾
adacl.addace aace
asd.DiscretionaryAcl = adacl

End Sub

'===========================================================
'               僨傿儗僋僩儕偺傾僋僙僗尃删除
'===========================================================
Sub DelEAce(ssd, sAdel)

dim dacl, ace

Set dacl = ssd.DiscretionaryAcl
for each ace in dacl
    if(ace.trustee = sAdel) then
        dacl.RemoveAce ace
    end if
next
ssd.DiscretionaryAcl = dacl

End Sub

'===========================================================
'                        嫟桳愝掕
'===========================================================
Sub ShareFolder(strshdes, strshname, strshpath)

dim objls, objsh

Set objls = GetObject("WinNT://" & pcname & "/LanmanServer")
Set objsh = objls.Create("FileShare", strshname)
objsh.Path = strshpath     '嫟桳愭
objsh.MaxUserCount = -1     '傾僋僙僗儐乕僓悢
objsh.Description = strshdes     '嫟桳愢柧
objsh.SetInfo

Set objsh = nothing
Set objls = nothing

End Sub

'===========================================================
'                  僔儑乕僩僇僢僩制作
'===========================================================
Sub CreateSC(strlnk, strsctar)

dim objcsc

Set objcsc = objws.CreateShortcut(strlnk & ".lnk")
objcsc.TargetPath = strsctar     '僞乕僎僢僩僷僗
objcsc.save

Set objcsc = nothing

End Sub

'===========================================================
'                  僔儑乕僩僇僢僩柤曄峏
'===========================================================
Sub ChSCname(strsdpath, strscname)

dim objsf, colsc, strsc, objscf, objsc

Set objsf = objfs.GetFolder(strsdpath)
Set colsc = objsf.Files
for each strsc in colsc
    Set objscf = objfs.GetFile(strsc)
    Set objsc = objws.CreateShortcut(strsc)
    if objsc.TargetPath = strhd & "\" & strUser then
        objscf.name = strscname
    end if
next

Set objsf = nothing
Set colsc = nothing
Set objscf = nothing
Set objsc = nothing

End Sub
赞(2) 打赏
未经允许不得转载:陈桂林博客 » 微软活动目录及文件服务器自动化处理脚本
分享到

大佬们的评论 抢沙发

全新“一站式”建站,高质量、高售后的一条龙服务

微信 抖音 支付宝 百度 头条 快手全平台打通信息流

橙子建站.极速智能建站8折购买虚拟主机

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续给力更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏

登录

找回密码

注册