' --------------------------------------------------------- ' taken from http://www2.truman.edu/~whowd/blog/2006/09/set-unix-id-script.html (dead) ' http://web.archive.org/web/20110614012530/http://www2.truman.edu/~whowd/blog/2006/09/set-unix-id-script.html ' cscript /nologo setuid.vbs username user ' ' set UNIX ID ' ' Version 1.4a-w2k3r2 ' ' Walt Howd - 07/14/2006 ' Eelco Maljaars - 03/17/2008 ' -modifications for SFU in Windows 2003r2 ' higuita - 2012-11-27 ' -on windows 2008R2, the uidnumber is automatic ' ' This script will set the Active Directory UNIX attributes ' for the username that is passed to it on the command line. ' ' Example: ' setuid.vbs whowd user ' ' Example: ' setuid.vbs "Domain Users" group ' ' Alternatively, you can pass "ALL" on the command and the ' script will set a UID for any existing user account AND ' group account that does not have a UNIX attributes. ' ' Example: ' setid.vbs ALL ' ' Finally you can edit the contextMenu attribute ofLDAP ' Configuration,Display Specifiers,CN=409, (409 for English) ' object-class(user or group)-Display to add a right click ' entry in Active Directory Users and Computers to point ' to this script. This change can be done using ADSI Edit. ' For more information see Chapter 9 of Inside Active Directory ' Second Edition. ' ' ADUC will by default call the script with the full LDAP ' URL and the object class. ' ' Example: ' setid.vbs LDAP://dc.domain.com/CN=User,OU=Users,DC=domain,DC=com user ' ' This script currently uses the RFC2307 attributes from the ' Microsoft Services for UNIX 3.5 schema extensions. ' ' The UNIX ID will be the next available ID. ( Unless calling ' from ADUC as it allows you to manually specify the ID) ' The script determines this by searching Active Directory for the ' highest current ID and adding one to this value. The ' script will also verify that this ID is unique after ' setting the value. If the value is not unique it will ' retry and set the ID to a new value. ' ' The rest of the UNIX attributes are defined below and ' should be changed to match the enviroment. ' ' If the script encounters any errors it will exit with the ' return value of 1. A normal return value of 0 is issued for ' success. ' --------------------------------------------------------- ' --------------------------------------------------------- ' Configuration Variables ' --------------------------------------------------------- ldapBase = "DC=EXAMPLE,DC=COM" domainName = "EXAMPLE" defaultShell = "/bin/bash" defaultGidNumber = "10000" ' The primary group ID for new users studentGidNumber = "10122" ' The primary group ID for new students defaultBaseHomeDir = "/home/fs/" studentBaseHomeDir = "/home/student/" studentIdentifier = "OU=Users,OU=Students" ' Students and Alums have different base GID numbers and base home directory paths alumnIdentifier = "OU=Alumn" maxsetIDTries = 20 ' Try to set the unix attributes this many times before quitting. defaultBaseID = "9999" ' The ID to start (one is added to this) at if no IDs are currently defined. ' --------------------------------------------------------- ' Setup ADSI ADO Connection to Active Directory ' --------------------------------------------------------- set objConnection = CreateObject("ADODB.Connection") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" ' --------------------------------------------------------- ' Check that we received a username as a command line ' parameter. ' --------------------------------------------------------- If WScript.Arguments.Count < 1 Then WScript.Echo "Please pass a username or groupname as a command line argument" WScript.Echo "Example: setunixid.vbs jdoe user" WScript.Echo "Or you can pass ALL and a UNIX ID will be set for every user" WScript.Echo "and group account" WScript.Echo "Example: setunixid.vbs ALL" WScript.Quit(1) End If If UCase(WScript.Arguments(0)) <> "ALL" Then If WScript.Arguments.Count <> 2 Then WScript.Echo "Please pass the class of this object:" WScript.Echo "Example: setunixid.vbs jdoe user" WScript.Quit(1) End If If Lcase(WScript.Arguments(1)) <> "user" AND Lcase(WScript.Arguments(1)) <> "group" Then WScript.Echo "You must specify either 'user' or 'group' as the object class" WScript.Echo "Example: setunixid.vbs jdoe user" WScript.Echo "Example: setunixid.vbs users group" WScript.Quit(1) End If End If ' --------------------------------------------------------- ' If "ALL" was passed, set the UID for every ' user that does not have a UID ' --------------------------------------------------------- If UCase(WScript.Arguments(0)) = "ALL" Then allUsersWithoutUID = returnProperty("sAMAccountName", "User", "UidNumber", "*", "NOT") If allUsersWithoutUID <> "ERROR" Then allUsersWithoutUIDArray = Split(allUsersWithoutUID, ":") For Each username in allUsersWithoutUIDArray If InStr(username, "$") = 0 AND Trim(username) <> "" Then ' --------------------------------------------------------- ' Set the UNIX UserID. ' ' Check if the ID was set correctly and if not retry ' up the ammount of times set in maxsetIDTries. ' --------------------------------------------------------- setIDTries = 0 While( (setID(username, "user", Null, Null, Null) <> 0) AND (setIDTries < maxsetIDTries)) setIDTries = setIDTries + 1 If setIDTries = maxsetIDTries Then WScript.Echo "ERROR: UNIX ID set was not unique, retrying again for " & username & "." WScript.Quit(1) End If WEnd End If Next End If allGroupsWithoutGID = returnProperty("sAMAccountName", "Group", "GidNumber", "*", "NOT") If allGroupsWithoutGID <> "ERROR" Then allGroupsWithoutGIDArray = Split(allGroupsWithoutGID, ":") For Each groupname in allGroupsWithoutGIDArray If InStr(groupname, "$") = 0 AND Trim(groupname) <> "" Then ' --------------------------------------------------------- ' Set the UNIX GroupID. ' ' Check if the ID was set correctly and if not retry ' up the ammount of times set in maxsetIDTries. ' --------------------------------------------------------- setIDTries = 0 While( (setID(groupname, "group", Null, Null, Null) <> 0) AND (setIDTries < maxsetIDTries)) setIDTries = setIDTries + 1 If setIDTries = maxsetIDTries Then WScript.Echo "ERROR: UNIX ID set was not unique, retrying again for " & groupname & "." WScript.Quit(1) End If WEnd End If Next End If ElseIf InStr(WScript.Arguments(0), "LDAP://") Then ' --------------------------------------------------------- ' Or we were called from the Active Directory ' Users and Computers MMC ' ' It passes the full LDAP url then the objectclass ' --------------------------------------------------------- ' --------------------------------------------------------- ' Convert the LDAP url into a DN ' --------------------------------------------------------- objectDN = Mid(WScript.Arguments(0), Len("LDAP://")+1) firstSlashPos = InStr(objectDN, "/") objectDN = Mid(objectDN, firstSlashPos+1) ' --------------------------------------------------------- ' Get the object name ' --------------------------------------------------------- objectname = Mid(objectDN, Len("CN=")+1) firstCommaPos = InStr(objectname, ",") objectname = Mid(objectname, 1, firstCommaPos-1) ' --------------------------------------------------------- ' Read the object class ' --------------------------------------------------------- objectclass = WScript.Arguments(1) ' --------------------------------------------------------- ' Check the object class and retrieve UNIX attributes ' --------------------------------------------------------- If objectclass = "user" Then objectID = returnProperty("UidNumber", objectclass, "distinguishedName", objectDN, "") homeDirectory = returnProperty("unixHomeDirectory", objectclass, "distinguishedName", objectDN, "") loginShell = returnProperty("LoginShell", objectclass, "distinguishedName", objectDN, "") 'GidNumber = returnProperty("GidNumber", objectclass, "distinguishedName", objectDN, "") 'name = returnProperty("msSFU30Name", objectclass, "distinguishedName", objectDN, "") 'nisdomain = returnProperty("msSFU30NisDomain", objectclass, "distinguishedName", objectDN, "") ' --------------------------------------------------------- ' Retrive the current highest UNIX UID that is defined ' and add one to this value for the current object ' --------------------------------------------------------- If IsNull(objectID) Then maxUID = returnMaxID(objectclass) objectID = maxUID + 1 End If ' --------------------------------------------------------- ' Check if this user is a student and if so then ' change their default base home directory ' --------------------------------------------------------- If IsNull(homeDirectory) AND objectclass = "user" AND (InStr(objectDN, studentIdentifier) OR InStr(objectDN, alumnIdentifier)) Then homeDirectory = studentBaseHomeDir & objectname ElseIf IsNull(homeDirectory) AND objectclass = "user" Then homeDirectory = defaultBaseHomeDir & objectname End If ' --------------------------------------------------------- ' Check the login Shell ' --------------------------------------------------------- If IsNull(loginShell) Then loginShell = defaultShell End If ' --------------------------------------------------------- ' Ask the user for new values ' --------------------------------------------------------- newObjectID = InputBox("Enter the UID:", "UNIX Attributes", objectID) newhomeDirectory= InputBox("Enter the home directory:", "UNIX Attributes", homeDirectory) newloginShell = InputBox("Enter the login shell:", "UNIX Attributes", loginShell) ' --------------------------------------------------------- ' Check the values to make sure they are not blank ' --------------------------------------------------------- If IsEmpty(newObjectID) OR IsEmpty(newhomeDirectory) OR IsEmpty(newloginShell) Then Msgbox "You entered one or more blank values, or press cancel" & vbcrlf & _ "Please try again", 1, "UNIX Attributes Error" WScript.Quit(1) End If ' --------------------------------------------------------- ' Check the ID to make sure it's not assigned to a different user ' --------------------------------------------------------- checkCN = returnProperty("cn", objectclass, "UidNumber", newObjectID, "") If (checkCN <> "ERROR" AND checkCN <> objectname) OR (InStr(checkCN, ":")) Then Msgbox "The ID you specified is already assigned" & vbcrlf & _ "to another user. Please try again.", 1, "UNIX Attributes Error" WScript.Quit(1) End If ' --------------------------------------------------------- ' Set the ID ' --------------------------------------------------------- retIDval = setID(objectname, objectclass, Trim(newObjectID), Trim(newhomeDirectory), Trim(newloginShell)) ' --------------------------------------------------------- ' Check for success ' --------------------------------------------------------- If retIDval <> "0" Then Msgbox "There was an error setting the UNIX attributes" & vbcrlf & _ "that you specified. Please try again.", 1, "UNIX Attributes Error" End If ElseIf objectclass = "group" Then objectID = returnProperty("GidNumber", objectclass, "distinguishedName", objectDN, "") nisdomain = returnProperty("msSFU30NisDomain", objectclass, "distinguishedName", objectDN, "") name = returnProperty("msSFU30Name", objectclass, "distinguishedName", objectDN, "") ' --------------------------------------------------------- ' Retrive the current highest UNIX UID that is defined ' and add one to this value for the current object ' --------------------------------------------------------- If IsNull(objectID) Then maxUID = returnMaxID(objectclass) objectID = maxUID + 1 End If newObjectID = InputBox("Enter the GID:", "UNIX Attributes", objectID) If IsEmpty(newObjectID) Then Msgbox "You entered one or more blank values, or press cancel" & vbcrlf & _ "Please try again", 1, "UNIX Attributes Error" WScript.Quit(1) End If ' --------------------------------------------------------- ' Check the ID to make sure it's not assigned to a different group ' --------------------------------------------------------- checkCN = returnProperty("cn", objectclass, "GidNumber", newObjectID, "") If (checkCN <> "ERROR" AND checkCN <> objectname) OR (InStr(checkCN, ":")) Then Msgbox "The ID you specified is already assigned" & vbcrlf & _ "to another group. Please try again.", 1, "UNIX Attributes Error" WScript.Quit(1) End If ' --------------------------------------------------------- ' Set the ID ' --------------------------------------------------------- retIDval = setID(objectname, objectclass, Trim(newobjectID), Null, Null) ' --------------------------------------------------------- ' Check for success ' --------------------------------------------------------- If retIDval <> "0" Then Msgbox "There was an error setting the UNIX attributes" & vbcrlf & _ "that you specified. Please try again.", 1, "UNIX Attributes Error" End If Else MsgBox "The objectclass that was passed: " & vbcrlf & objectclass & vbcrlf & "This object class does not match any that I know how to handle. Currently I can handle user and group classes" End If Else ' --------------------------------------------------------- ' Or just set the ID for the ' passed objectname ' --------------------------------------------------------- objectname = WScript.Arguments(0) objectclass = Lcase(WScript.Arguments(1)) ' --------------------------------------------------------- ' Set the UNIX ID. ' ' Check if the ID was set correctly and if not retry ' up the ammount of times set in maxsetIDTries. ' --------------------------------------------------------- setIDTries = 0 While( (setID(objectname, objectclass, Null, Null, Null) <> 0) AND (setIDTries < maxsetIDTries)) setIDTries = setIDTries + 1 If setIDTries = maxsetIDTries Then WScript.Echo "ERROR: UNIX ID set was not unique, retrying again for " & objectname & "." WScript.Quit(1) End If WEnd End If ' --------------------------------------------------------- ' Normal exit on success ' --------------------------------------------------------- WScript.Quit(0) ' --------------------------------------------------------- ' Shared functions ' ' SetID for User ' --------------------------------------------------------- function setID(objectname, objectclass, objectID, homeDirectory, loginShell) ' --------------------------------------------------------- ' Retrive the LDAP distinguishedname for this object ' --------------------------------------------------------- objectDN = returnProperty("distinguishedName", "*", "sAMAccountName", objectname, "") If objectDN = "ERROR" Then WScript.Echo "The object " & objectname & " was not found in Active Directory" WScript.Quit(1) ElseIf IsArray(objectDN ) Then WScript.Echo "I found more then one object in Active Directory with this name" WScript.Quit(1) End If objectDN = Replace(objectDN, "/", "\/") ' --------------------------------------------------------- ' Retrive the current highest UNIX UID that is defined ' and add one to this value for the current user ' --------------------------------------------------------- If IsNull(objectID) Then maxUID = returnMaxID(objectclass) objectID = maxUID + 1 End If ' --------------------------------------------------------- ' Check if this user is a student and if so then ' change their default base home directory ' --------------------------------------------------------- If IsNull(homeDirectory) AND objectclass = "user" AND (InStr(objectDN, studentIdentifier) OR InStr(objectDN, alumnIdentifier)) Then homeDirectory = studentBaseHomeDir & objectname ElseIf IsNull(homeDirectory) AND objectclass = "user" Then homeDirectory = defaultBaseHomeDir & objectname End If ' --------------------------------------------------------- ' Check if this user is a student and if so then ' change their default group ' --------------------------------------------------------- If InStr(objectDN, studentIdentifier) OR InStr(objectDN, alumnIdentifier) Then gidNumber = studentGidNumber ElseIf objectclass = "user" Then gidNumber = defaultGidNumber End If ' --------------------------------------------------------- ' Check the login Shell ' --------------------------------------------------------- If IsNull(loginShell) Then loginShell = defaultShell End If ' --------------------------------------------------------- ' Setup the AD object ' --------------------------------------------------------- set adObj = GetObject("LDAP://" & objectDN) ' --------------------------------------------------------- ' Set the UNIX attributes ' --------------------------------------------------------- if objectclass = "user" Then adObj.Put "GidNumber", gidNumber adObj.Put "unixHomeDirectory", homeDirectory adObj.Put "LoginShell", loginShell adObj.Put "msSFU30Name", objectname adObj.Put "msSFU30NisDomain", LCase(domainName) ' higuita: this fails with "setuid.vbs(412, 1) (null): Unspecified error" ' disable it and uidnumber will auto-increment 'adObj.Put "UidNumber", objectID adObj.SetInfo verifyUniqueID = returnProperty("UidNumber", objectclass, "UidNumber", objectID, "") ElseIf objectclass = "group" Then adObj.Put "msSFU30Name", objectname adObj.Put "msSFU30NisDomain", LCase(domainName) adObj.Put "GidNumber", objectid adObj.SetInfo verifyUniqueID = returnProperty("GidNumber", objectclass, "GidNumber", objectID, "") Else WScript.Echo "ERROR: The objectclass passed (" & objectclass & ") was not recognized." WScript.Quit(1) End If ' --------------------------------------------------------- ' Check to see if this UID is unique ' --------------------------------------------------------- If trim(verifyUniqueID) = trim(objectID) Then ' --------------------------------------------------------- ' Normal exit ' --------------------------------------------------------- WScript.Echo "SUCCESS: UNIX ID for " & objectname & " is " & objectID setID = 0 ElseIf InStr(verifyUniqueID, ":") <> 0 Then ' --------------------------------------------------------- ' ERROR: Unix UID NOT Unique ' --------------------------------------------------------- WScript.Echo "ERROR: UNIX ID of " & objectname & " for " & objectID & " is NOT unique." setID = 1 Else ' --------------------------------------------------------- ' Error performing AD Search ' --------------------------------------------------------- WScript.Echo "ERROR: Error searching Active Directory for unique UNIX ID " setID = "ERROR" End If End Function ' --------------------------------------------------------- ' Return a LDAP property from Active Directory. ' --------------------------------------------------------- function returnProperty(property, objectclass, searchProperty, searchValue, filtercomp) set objCommand = CreateObject("ADODB.Command") Set objCommand.ActiveConnection = objConnection objCommand.CommandText = "SELECT " & property & " FROM 'LDAP://" & ldapBase & "' " & _ "WHERE objectClass='" & objectclass & "' AND " & filtercomp & " " & searchProperty & "='" & searchValue & "'" objCommand.Properties("Timeout") = 30 objCommand.Properties("Time Limit") = 30 objCommand.Properties("Cache Results") = True objCommand.Properties("Page Size") = 999 set objRecordset = objCommand.Execute If objRecordset.RecordCount = 1 Then objRecordset.MoveFirst returnProperty = objRecordSet.Fields(property) ElseIf objRecordSet.RecordCount > 1 Then objRecordset.MoveFirst returnPropetry = "" Do Until objRecordSet.EOF returnProperty = objRecordSet.Fields(property) & ":" & returnProperty objRecordSet.MoveNext Loop Else returnProperty = "ERROR" End If End Function ' --------------------------------------------------------- ' Return the current highest UNIX UID ' --------------------------------------------------------- function returnMaxID(objectclass) set objCommand = CreateObject("ADODB.Command") Set objCommand.ActiveConnection = objConnection If objectclass = "user" Then idnumber = "UidNumber" ElseIf objectclass = "group" Then idnumber = "GidNumber" Else WScript.Echo "ERROR: The objectclass " & objectclass & " passed was not recognized." WScript.Quit(1) End If objCommand.CommandText = "SELECT " & idnumber & ", sAMAccountName FROM 'LDAP://" & ldapBase & "' " & _ "WHERE objectClass='" & objectclass & "' AND " & idnumber & "='*' ORDER BY " & idnumber & " DESC" objCommand.Properties("Timeout") = 30 objCommand.Properties("Time Limit") = 30 objCommand.Properties("Cache Results") = False objCommand.Properties("Size Limit") = 1 set objRecordset = objCommand.Execute If objRecordset.RecordCount = 1 Then returnMaxID = objRecordSet.Fields(idnumber) Else ' --------------------------------------------------------- ' If no IDs are found, assume that no IDS ' are currently defined and use the default ' ID ' --------------------------------------------------------- returnMaxID = defaultBaseID End If End Function