SIMS2AD access manager.vbs
From MoodleDocs
'On Error Resume Next
'/////////////////////////////////////////////////////////////////////////////
'// //
'// NOTICE OF COPYRIGHT //
'// //
'// SIMS2AD - Script to administer active directory accounts from SIMS.net //
'// //
'// Copyright (C) 2008 onwards Ian Tasker http://www.uctc.e-sussex.sch.uk //
'// //
'// This program is free software; you can redistribute it and/or modify //
'// it under the terms of the GNU General Public License as published by //
'// the Free Software Foundation; either version 2 of the License, or //
'// (at your option) any later version. //
'// //
'// This program is distributed in the hope that it will be useful, //
'// but WITHOUT ANY WARRANTY; without even the implied warranty of //
'// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
'// GNU General Public License for more details: //
'// //
'// http://www.gnu.org/copyleft/gpl.html //
'// //
'/////////////////////////////////////////////////////////////////////////////
'+------------------------------------------------------------------------+
'| SIMS-AD Access Manager Script Configuration |
'+------------------------------------------------------------------------+
'The script will configure students access to the college network
'depending on settings stored in User Defined Fields within SIMS.net
'The students account must have the employeeID set as the UPN
'+------------------------------------------------------------------------+
'| Connection Setting for SIMS SQL Server |
'+------------------------------------------------------------------------+
const SIMS_USER = ""
const SIMS_PASS = ""
const SIMS_SERVER = "xx.xx.xx.xx,1427\[Instance Name]"
const SIMS_DB = "sims"
'+------------------------------------------------------------------------+
'| DO NOT EDIT ANYTHING BELOW THIS POINT |
'+------------------------------------------------------------------------+
Const adOpenStatic = 3
Const adLockOptimistic = 3
Const adUseClient = 3
Const adBookMarkFirst = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_PROPERTY_APPEND = 3
Const STUDENT_FORNAME = 1
Const STUDENT_SURNAME = 2
Const STUDENT_UPN = 0
Const STUDENT_TYPE = 3
Const STUDENT_DESCRIPTION = 4
'+------------------------------------------------------------------------+
'| Globals |
'+------------------------------------------------------------------------+
Dim SIMS_Connection
Dim objSIMSConnection 'SIMS database connection
Dim objSIMSRecordSet 'SIMS database connection
Dim objADConnection 'AD connection
Dim objADCommand 'AD command
Dim objADRecordSet 'AD RecordSet
Dim objADObject 'AD Object
Dim objADClass 'AD Class
Dim objADChild 'AD Class
Dim objADAttribute
Dim strCommandType 'The execution type
Dim strSQL 'SQL Query
Dim ArrStudents
Dim count
Dim flgChangedGroups
Const FullAccess = 4
Const NoAccess = 5
Const LessonOnlyE4Group = 0
Const LessonOnlyL4Group = 1
Const Lesson_Evening_OnlyE4Group = 2
Const Lesson_Evening_OnlyL4Group = 3
Const ADGroupName = 0
Const SIMSLookupText = 1
Const LogMessage = 2
Const InternetBannedGroup = 5
dim arrGroups(5,2)
ArrGroups(0,0) = "SIMS2AD_LessonOnly_E4"
ArrGroups(0,1) = "Lesson Only - E4 TT"
ArrGroups(0,2) = "Computer access restricted to Lessons Only, students lunch is E4"
ArrGroups(1,0) = "SIMS2AD_LessonOnly_L4"
ArrGroups(1,1) = "Lesson Only - L4 TT"
ArrGroups(1,2) = "Computer access restricted to Lessons Only, students lunch is L4"
ArrGroups(2,0) = "SIMS2AD_Lesson_Evening_Only_E4"
ArrGroups(2,1) = "Lessons & Evening Only - E4 TT"
ArrGroups(2,2) = "Computer access restricted to Lessons & Evening Access (6-8 PM) Only, students lunch is E4"
ArrGroups(3,0) = "SIMS2AD_Lesson_Evening_Only_L4"
ArrGroups(3,1) = "Lessons & Evening Only - L4 TT"
ArrGroups(3,2) = "Computer access restricted to Lessons & Evening Access (6-8 PM) Only, students lunch is L4"
ArrGroups(4,0) = "Full Access"
ArrGroups(4,1) = "Full Access"
ArrGroups(4,2) = "Computer Access Allowed"
ArrGroups(5,0) = "No Access"
ArrGroups(5,1) = "No Access"
ArrGroups(5,2) = "Computer Access Denied"
ArrGroups(5,0) = "Banned"
ArrGroups(5,1) = "Banned"
ArrGroups(5,2) = "Intenet Access Banned"
'---------LogToFile Configuration---------
'NOTE: Copy the configuration section To
'the beginning of an existing script. The
'values specified here must be set before
'calling the LogToFile sub.
'You can disable logging globally by
'setting the bEnableLogging option to false.
bEnableLogging = True
'Setting this to true will time stamp Each
'message that is logged to the log file
'with the current date and time.
bIncludeDateStamp = True
'This will set the log file name to the
'current date and time. You can use this
'option to create incremental log files.
bPrependDateStampInLogFileName = False
'Specify the log file location here. Path
'must contain a trailing backslash. If you
'would like to log to the same location as
'the currently running script, set this
'value to "relative" or uncomment out the
'line below.
'sLogFileLocation = "C:\LogFiles\"
sLogFileLocation = "relative"
'Specify the log file name here.
sLogFileName = "logtofiletest.txt"
'You can set whether or not you would like
'the script to append to an existing file,
'or if you would like it to overwrite
'existing copies. To overwrite set the
'sOverWriteORAppend variable to "overwrite"
sOverWriteORAppend = "append"
'Here you can set the maximum number of
'lines you like to record. If the maximum
'is reached the beginning of the log file
'will be pruned. Setting this to a value
'of 0 will disable this function.
vLogMaximumLines = 0
'This is just like limiting the log file
'to a number of lines but limits by the
'total size of the log file. This value
'is in bytes. Setting this to 0 will
'disable this function.
vLogMaximumSize = 0
'-------END LogToFile Configuration-------
'+------------------------------------------------------------------------+
'| Create Objects |
'+------------------------------------------------------------------------+
Set objRoot = GetObject("LDAP://rootDSE")
Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNamingContext"))
Set objSIMSConnection = CreateObject("ADODB.Connection")
Set objSIMSRecordset = CreateObject("ADODB.Recordset")
Set objADConnection = CreateObject("ADODB.Connection")
Set objADCommand = CreateObject("ADODB.Command")
Set objSysInfo = CreateObject("ADSystemInfo")
'+------------------------------------------------------------------------+
'| Set SQL Query Strings |
'+------------------------------------------------------------------------+
strSQL = "SELECT * FROM dbo.vbs_admanager"
SIMS_Connection = "DRIVER={SQL Server};SERVER=" & SIMS_SERVER & ";UID=" & SIMS_USER & ";PWD=" & SIMS_PASS & ";" & "DATABASE=" & SIMS_DB &";"
'+------------------------------------------------------------------------+
'| Set Other AD Related Items |
'+------------------------------------------------------------------------+
Set objADRoot = GetObject("LDAP://rootDSE")
Set objADConnection = CreateObject("ADODB.Connection")
Set objADCommand = CreateObject("ADODB.Command")
objADConnection.Provider = "ADsDSOObject"
objADConnection.Open "Active Directory Provider"
Set objADCommand.ActiveConnection = objADConnection
objADCommand.Properties("Timeout") = 90 '60 is OK
objADCommand.Properties("Cache Results") = False
objADCommand.Properties("Page Size") = 1000
objADCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
'+------------------------------------------------------------------------+
'| Get Information from SIMS SQL Server |
'+------------------------------------------------------------------------+
objSIMSConnection.Open SIMS_Connection
objSIMSRecordset.CursorLocation = adUseClient
objSIMSRecordset.Open strSQL, objSIMSConnection, adOpenStatic, adLockOptimistic
ArrStudents = objSIMSRecordset.GetRows(, , Array("unique_pupil_no","forename","surname","type","description"))
objSIMSRecordset.Close
For count = 0 to ubound(ArrStudents,2)
objADCommand.CommandText = _
"SELECT distinguishedName FROM 'LDAP://" & objRoot.Get("defaultNamingContext") & "' WHERE objectCategory='user' " & _
"AND employeeID='" & ArrStudents(STUDENT_UPN,count) &"'"
Set objADRecordSet = objADCommand.Execute
objADRecordSet.MoveFirst
Set objUser = GetObject("LDAP://"& objADRecordSet.Fields("distinguishedName").Value)
Do Until objADRecordSet.EOF
if ArrStudents(STUDENT_TYPE,count) = "Network Access" then
if ArrStudents(STUDENT_DESCRIPTION,count)= arrGroups(FullAccess,SIMSLookupText) then
call AddGroup(arrGroups(FullAccess,0),objADRecordSet.Fields("distinguishedName"))
if objUser.AccountDisabled = True then
objUser.AccountDisabled = False
objUser.SetInfo
LogToFile(objADUser.displayName & ": " & left(objADUser.sAMAccountName,2) & " : " & arrGroups(NoAccess,LogMessage))
Set comDLL=CreateObject("IADsTools.DCFunctions")
Result=comDLL.ReplicaSync("SERVER4",objRoot.Get("defaultNamingContext"),"SERVER-5")
If result=0 then
LogToFile("SUCCESSFUL: Call to force AD replication.")
else
LogToFile("FAILED: Call to force AD replication.")
end if
end if
elseif ArrStudents(STUDENT_DESCRIPTION,count)= arrGroups(LessonOnlyE4Group,SIMSLookupText) then
'call AddGroup(arrGroups(LessonOnlyE4Group,ADGroupName),objADRecordSet.Fields("distinguishedName"))
elseif ArrStudents(STUDENT_DESCRIPTION,count)= arrGroups(LessonOnlyL4Group,SIMSLookupText) then
'call AddGroup(arrGroups(LessonOnlyL4Group,ADGroupName),objADRecordSet.Fields("distinguishedName"))
elseif ArrStudents(STUDENT_DESCRIPTION,count)= arrGroups(Lesson_Evening_OnlyE4Group,SIMSLookupText) then
'call AddGroup(arrGroups(Lesson_Evening_OnlyE4Group,ADGroupName),objADRecordSet.Fields("distinguishedName"))
elseif ArrStudents(STUDENT_DESCRIPTION,count)= arrGroups(Lesson_Evening_OnlyL4Group,SIMSLookupText) then
'call AddGroup(arrGroups(Lesson_Evening_OnlyL4Group,ADGroupName),objADRecordSet.Fields("distinguishedName"))
elseif ArrStudents(STUDENT_DESCRIPTION,count)= "No Access" then
if objUser.AccountDisabled = False then
objUser.AccountDisabled = True
objUser.SetInfo
Set comDLL=CreateObject("IADsTools.DCFunctions")
Result=comDLL.ReplicaSync("SERVER4",objRoot.Get("defaultNamingContext"),"SERVER-5")
If result=0 then
LogToFile("SUCCESSFUL: Call to force AD replication.")
else
LogToFile("FAILED: Call to force AD replication.")
end if
end if
end if
elseif ArrStudents(STUDENT_TYPE,count) = "Internet Access" then
if ArrStudents(STUDENT_DESCRIPTION,count) = "Enabled" then
Set objGroup = GetObject("LDAP://CN="& arrGroups(InternetBannedGroup,ADGroupName) & ",CN=Users," & objRoot.Get("defaultNamingContext"))
If objGroup.IsMember("LDAP://" & objADRecordSet.Fields("distinguishedName").Value) Then
objGroup.remove(objUser.ADsPath)
LogToFile(objUser.displayName & ": " & left(objUser.sAMAccountName,2) & " : Internet Access Enabled.")
End If
elseif ArrStudents(STUDENT_DESCRIPTION,count) = "Disabled" then
Set objGroup = GetObject("LDAP://CN="& arrGroups(InternetBannedGroup,ADGroupName) & ",CN=Users," & objRoot.Get("defaultNamingContext"))
If Not objGroup.IsMember("LDAP://" & objADRecordSet.Fields("distinguishedName").Value) Then
objGroup.add(objUser.ADsPath)
LogToFile(objUser.displayName & ": " & left(objUser.sAMAccountName,2) & " : Internet Access Disabled.")
End If
end if
end if
objADRecordSet.MoveNext
Loop
next
msgbox "done"
function AddGroup(strGroup,strAdUser)
flgChangedGroups = 0
Set objADUser = GetObject("LDAP://" & strAdUser)
for i = 0 to ubound(arrGroups)
if not arrGroups(i,ADGroupName) = ArrGroups(4,0) and not arrGroups(i,ADGroupName) = ArrGroups(5,0) then
if strGroup = ArrGroups(4,0) then
if not strGroup = arrGroups(i,ADGroupName) then
Set objADGroup = GetObject("LDAP://CN="& arrGroups(i,ADGroupName) & ",CN=Users," & objRoot.Get("defaultNamingContext"))
If objADGroup.IsMember("LDAP://" & strAdUser) Then
objADGroup.remove(objADUser.ADsPath)
flgChangedGroups = flgChangedGroups +1
end if
else
If flgChangedGroups > 0 then
LogToFile(objADUser.displayName & ": " & left(objADUser.sAMAccountName,2) & " : " & arrGroups(i,LogMessage))
end if
end if
else
if not arrGroups(i,ADGroupName) = ArrGroups(4,0) or arrGroups(i,ADGroupName) = ArrGroups(4,0) then
Set objADGroup = GetObject("LDAP://CN="& arrGroups(i,ADGroupName) & ",CN=Users," & objRoot.Get("defaultNamingContext"))
If objADGroup.IsMember("LDAP://" & strAdUser) Then
if not strGroup = arrGroups(i,ADGroupName) then
objADGroup.remove(objADUser.ADsPath)
flgChangedGroups = flgChangedGroups +1
end if
Else
if strGroup = arrGroups(i,ADGroupName) then
objADGroup.add(objADUser.ADsPath)
flgChangedGroups = flgChangedGroups +1
LogToFile(objADUser.displayName & ": " & left(objADUser.sAMAccountName,2) & " : " & arrGroups(i,LogMessage))
end if
end if
end if
End If
end if
Next
end function
Sub LogToFile(Message)
'LogToFile.vbs 10-18-07
'This script is provided under the Creative Commons license located
'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
'be used for commercial purposes with out the expressed written consent
'of NateRice.com
If bEnableLogging = False Then Exit Sub
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Set oLogFSO = CreateObject("Scripting.FileSystemObject")
If sLogFileLocation = "relative" Then
Set oLogShell = CreateObject("Wscript.Shell")
sLogFileLocation = oLogShell.CurrentDirectory & "\"
Set oLogShell = Nothing
End If
If bPrependDateStampInLogFileName Then
sNow = Replace(Replace(Now(),"/","-"),":",".")
sLogFileName = sNow & " - " & sLogFileName
bPrependDateStampInLogFileName = False
End If
sLogFile = sLogFileLocation & sLogFileName
If sOverWriteORAppend = "overwrite" Then
Set oLogFile = oLogFSO.OpenTextFile(sLogFile, ForWriting, True)
sOverWriteORAppend = "append"
Else
Set oLogFile = oLogFSO.OpenTextFile(sLogFile, ForAppending, True)
End If
If bIncludeDateStamp Then
Message = Now & " " & Message
End If
oLogFile.WriteLine(Message)
oLogFile.Close
If vLogMaximumLines > 0 Then
Set oReadLogFile = oLogFSO.OpenTextFile(sLogFile, ForReading, True)
sFileContents = oReadLogFile.ReadAll
aFileContents = Split(sFileContents, vbCRLF)
If Ubound(aFileContents) > vLogMaximumLines Then
sFileContents = Replace(sFileContents, aFileContents(0) & _
vbCRLF, "", 1, Len(aFileContents(0) & vbCRLF))
Set oLogFile = oLogFSO.OpenTextFile(sLogFile, ForWriting, True)
oLogFile.Write(sFileContents)
oLogFile.Close
End If
oReadLogFile.Close
End If
If vLogMaximumSize > 0 Then
Set oReadLogFile = oLogFSO.OpenTextFile(sLogFile, ForReading, True)
sFileContents = oReadLogFile.ReadAll
oReadLogFile.Close
sFileContents = RightB(sFileContents, (vLogMaximumSize*2))
Set oLogFile = oLogFSO.OpenTextFile(sLogFile, ForWriting, True)
oLogFile.Write(sFileContents)
oLogFIle.Close
End If
oLogFSO = Null
End Sub
