Tag Archives: Scripting

Active Directory: Right-Click to Update Employee ID & Employee Number in Active Directory Users & Computers

Due to a recent acquisition, I needed to give the helpdesk a good way to update the employeeID and employeeNumber fields in the properties of various user accounts.  As these two properties are not natively accessible from Active Directory Users & Computers, my choice was to either give them access to ADSI Edit (love them, but not going to happen) or figure out a way to add those fields to ADUC.

I ended up finding an elegant way to add them as choices when right-clicking on a user account (just like you would to reset a password).  This is a simple, quick way to extend functionality without trying to write a .Net app (something I suck at).

First, you’ll create two files names employeeID.vbs and employeeNumber.vbs (code at the end of this article).  While you could place these scripts anywhere, I found it handy to add them to directory called aduc in the Netlogon directory for our domain:

\\domain\sysvol\DOMAIN\scripts\aduc

This gives everyone access to them.  Keep in mind that while a user will have access to them, they won’t do them any good unless they have permissions to modify directory objects.

Second, you need to open ADSI Edit and edit the following key:

CN=user-Display,CN=409, CN=DisplaySpecifiers, CN=Configuration

Look for the adminContextMenu and add the following to it.  Be careful here and make sure it is exactly as it is shown below, spaces and all:


2, Employee &ID, \\DOMAIN\sysvol\DOMAIN\scripts\aduc\employeeID.vbs
3, Employee &Number, \\DOMAIN\sysvol\DOMAIN\scripts\aduc\employeeNumber.vbs

Remember to replace DOMAIN with your actual domain name.

Once that key is updated, you’ll need to wait a bit for replication to occur if you have a wide area network.

That’s it, now just launch a fresh copy of Active Directory Users & Computers, right click on a user account, and you should see “Employee ID” and “Employee Number” listed.

If you get a pop up script warning when you click on one of them, you’ll need to add your Active Directory domain name to your list of Intranet sites in Internet Explorer (Security Tab in Internet Options, Local Intranet properties, then click Advanced to add the domain name).

Here are the scripts.  Enjoy!


=================employeeID.vbs=================
 Option Explicit
 Dim wshArguments, objUser, objSchemaEmployeeID, strCurrentID, strEmployeeID, intMaxLen
 On Error Resume Next
 Set wshArguments = WScript.Arguments
 Set objUser = GetObject(wshArguments(0))
 Set objSchemaEmployeeID = GetObject(LDAP://schema/employeeID)
 intMaxLen = objSchemaEmployeeID.MaxRange
 If objUser.employeeID  "" Then
 strCurrentID = objUser.employeeID
 Else
 strCurrentID = "empty"
 End If
 strEmployeeID = InputBox( _
 "The current Employee ID is " & strCurrentID & vbCrLf & _
 vbCrLf & _
 "Enter the new Employee ID (1 through " & intMaxLen & " chars)", _
 Right(objUser.Name, Len(objUser.Name) - 3) & " Employee ID", _
 objUser.employeeID)
 If strEmployeeID = "" Then WScript.Quit 'User clicked Cancel
 If Len(strEmployeeID) > intMaxLen Then
 MsgBox "The new Employee ID was too long and it was not saved.", _
 vbCritical, "Error Occurred"
 Else
 Err.Clear
 objUser.employeeID = strEmployeeID
 objUser.SetInfo
 If Err Then MsgBox "The new Employee ID was not saved.", _
 vbCritical, "Error Occurred"
 End If
 ===============================================

 


==============employeeNumber.vbs===============
 Option Explicit
 Dim wshArguments, objUser, objSchemaEmployeeNumber, strCurrentID, strEmployeeNumber, intMaxLen
 On Error Resume Next
 Set wshArguments = WScript.Arguments
 Set objUser = GetObject(wshArguments(0))
 Set objSchemaEmployeeNumber = GetObject(LDAP://schema/EmployeeNumber)
 intMaxLen = objSchemaEmployeeNumber.MaxRange
 If objUser.EmployeeNumber  "" Then
 strCurrentID = objUser.EmployeeNumber
 Else
 strCurrentID = "empty"
 End If
 strEmployeeNumber = InputBox( _
 "The current Employee Number is " & strCurrentID & vbCrLf & _
 vbCrLf & _
 "Enter the new Employee Number (1 through " & intMaxLen & " chars)", _
 Right(objUser.Name, Len(objUser.Name) - 3) & " Employee Number", _
 objUser.EmployeeNumber)
 If strEmployeeNumber = "" Then WScript.Quit 'User clicked Cancel
 If Len(strEmployeeNumber) > intMaxLen Then
 MsgBox "The new Employee Number was too long and it was not saved.", _
 vbCritical, "Error Occurred"
 Else
 Err.Clear
 objUser.EmployeeNumber = strEmployeeNumber
 objUser.SetInfo
 If Err Then MsgBox "The new Employee Number was not saved.", _
 vbCritical, "Error Occurred"
 End If
 ===============================================

Scripting: How to Programmatically Add Current Date/Time to a Filename

When writing scripts such as batch files you may want to auto-create a file (like a text file) to save the log of a certain command (such as DCDiag or NetDiag). If your script is going to run on a routine interval, and you want to maintain a history of logs, it may be helpful to incorporate the date/time into the filename.

Fortunately, Microsoft has given us some syntax to be able to do this from the command line.

Before we get to the actual commands, let’s review the pertinent information. If you go to a command line and type “Echo %date%” you’ll get back a response such as:

FRI 01/01/2010

That is a collection of fourteen characters, represented as such:

CHAR F R I _ 0 1 / 0 1 / 2 0 1 0

POS 00 01 02 03 04 05 06 07 08 09 10 11 12 13

In addition, if you go to a command line and type “Echo %time%” you’ll get back a response such as:

01:00:00.00

That is a collection of eleven characters, represented as such:

CHAR 0 1 : 0 0 : 0 0 . 0 0

POS 00 01 02 03 04 05 06 07 08 09 10

Now that we know what character appears at what position, we are ready to augment our file name with the proper syntax to incorporate the date and time.

For the date, we’re going to use “%date:~x,y%” where “x” equals the position and “y” equals the substring length.

So, if I wanted my file name to be “test-01-01-2010” I would use:

Test-%date:~4,2%-%date:~7,2%-%date:~10,4%.txt

Or, if I just wanted it to be “test-2010” I would use:

Test-%date:~10,4%.txt

Saying it another way, that “10” represents position 10 (the start of the year) and that “4” tells it to use four characters from that spot, so I get the entire four digit year (or 2010). If I just wanted a two digit year, I would change the “10” to “12” (to start at position 12) and the “4” to a “2” resulting in “10” instead of “2010.”

Time works much the same way, but with the syntax being “ %time:~x,y%” instead.

In case you have a need, you can use a minus sign to the right of the tilde (i.e. %date:~-x,y%) to count the x backwards. Don’t forget though, that the spaces, colons, dots and slashes will all be included in whichever direction you initiate your count.