After initializing objUser, the script uses the Get method to fetch the user properties. The script retrieves two properties, FullName and UserFlags, and assigns them to strName and cUserFlags, respectively. ADSI Runtime retrieves all the user properties and stores the values in a local, dynamic cache. Because ADSI Runtime caches the values, it reduces the number of network trips required to fetch subsequent data--another important timesaver when you're using ADSI Runtime in large domains.
The script then uses the logical AND operator to compare the bit position defined by the UF_LOCKOUT constant to the corresponding bit value in cUserFlags to determine whether the account is locked. If the result is false, the script displays a message stating the account is not locked, destroys any previously created objects, and exits. If the result is true, the account is locked, in which case the script proceeds to unlock it.
At B, the script uses the Put method to unlock the locked account. Before you can use the Put method for the UserFlags property, you must turn off the LOCKOUT bit. You turn off this bit with XOR, the exclusive OR operator. XOR behaves as follows: If both bits are true (1 and 1) or both bits are false (0 and 0), the result is false (0). If one bit is true (1) and the other bit is false (0), the result is true (1). With locked accounts, both bits are true. Thus, when the script encounters Xor, the result is false, which changes the UF_LOCKOUT bit in the UserFlags property from 1 to 0. However, the Put method updates the cache, not the underlying object in the directory, because ADSI Runtime caches the user information locally. Therefore, the script invokes the SetInfo method to update the corresponding object in the directory and unlock the locked account.
Finally, the script uses the Get method to fetch the UserFlags property a second time to check whether the change was successful. The script uses the same logical AND operation performed earlier and, based on the result, displays an appropriate message to the user.
If You're Still Uneasy ...
If you like the results you can achieve with scripting but still believe using scripts is too time-intensive, here's good news: When NT 5.0 becomes reality, this type of solution will be no different from using a batch file. I'm excited about the path Microsoft has laid for reusable, scriptable components. Technologies such as ActiveX Data Object (ADO), ADSI, and Collaboration Data Object (CDO) combined with hundreds of third-party components offer NT systems administrators flexibility--a feature that's hard to find in prebuilt tools and utilities. However, a huge market still exists for those vendors that eventually figure out that the NT tools and utilities market remains largely untapped. Although the NT resource kits are useful, they are far from being an end-all NT utility suite.
End of Article
milliarddoran September 10, 2008 (Article Rating: