The third part of this book is dedicated to showing you techniques to access and manipulate Active Directory programmatically. It not only contains a plethora of useful scripts that you will be able to adapt for use in your organization, but it also contains a lot of information on how you can write your own scripts to access Active Directory to do whatever you need. Let's take a quick look at how to get started writing and running scripts.
Since the release of Windows 2000, each operating system Microsoft has produced comes with a technology called the Windows Scripting Host, more commonly known as WSH, which allows scripts to execute directly on the client. WSH-based scripts can open and read files, attach to network resources, automate Word and Excel to create reports and graphs, automate Outlook to manipulate email and news, change values in the registry, and so on. The reason these scripts can be so versatile is that WSH supports scripting access to all Component Object Model (COM) objects installed on the client.
COM is a Microsoft technology that allows programmers to automate and manipulate virtually anything you require on a host by defining each host component as a set of objects. When someone needs to create or manage a new component on a Windows-based host, she creates a COM interface, which can be thought of as the definition of the object and the entire set of operations that can be performed on that object. Interfaces normally are stored in DLL files.
 There are other file types, such as OCX controls that define graphical forms and windows you can use in your scripts, but they are beyond the scope of this book.
For example, if you want to manipulate a file, you actually need to manipulate a file COM object. The file COM object definition is stored in an interface held in a DLL. The interface also holds all of the operations, such as creating the file, deleting the file, writing to the file, and so on. The interface also defines a series of properties of the object, such as the filename and owner, which can be accessed and modified. Procedures that operate on an object are known as methods, whereas the properties of an object are known simply as properties.
In addition to methods and properties provided by interfaces, each scripting language that you use has a series of defined functions, such as writing to the screen or adding two numbers together.
WSH scripts are simple to write. The following example is a very simple script written in VBScript and called simple.vbs:
MsgBox "Hi World!"
All you have to do is open up your favorite text editor type in the command, then save the file with a specific filename extension (VBS for VBScript or JS for JScript). Then you can double-click the script and it will run using WSH. Figure 18-1 shows the output of the script, which is a simple dialog box with a text string in it. The script uses the VBScript MsgBox function.
Now let's take a look at a slightly more complex script called simple adsi.vbs. This script makes use of ADSI to display the description of a user.
Dim objUser 'A variable representing my user Set objUser = _ GetObject("LDAP://cn=Richard Lang,ou=Pre-Sales,ou=Sales,dc=mycorp,dc=com") MsgBox objUser.Description Set objUser = Nothing
The first line is a variable declaration. We are declaring that objUser is the name for an object we are going to retrieve from Active Directory. The Dim keyword is used to declare a variable, and the apostrophe (') indicates that everything following it is a comment that will not be executed.
The second line is too long to print on the page, so we have broken it into two with an underscore (_) continuation character at the end of the line. It tells the interpreter that it should read the next line as if it were joined to the end of the first. The entire line, ignoring the underscore, uses the objUser variable to hold a reference to a user object via a call to VBScript's GetObject function, passing the ADsPath of the user.
The third line simply uses the VBScript MsgBox function again to print out the description of the Richard Lang user object. The dot signifies that we are accessing a property method available for the specific type of object we are accessing, which in this case is a user.
The last line simply discards the reference to Richard Lang, and objUser becomes empty again. Strictly speaking, at the end of a script, the system discards all references anyway, but we are including it for completeness.
As you can see, printing out properties of objects in Active Directory isn't very hard at all.
WSH 2.0 comes bundled with Windows 2000 and Windows 98, while WSH 5.6 comes bundled with Windows Server 2003 and Windows XP. WSH is also available for download for Windows 95 and Windows NT. Do not be alarmed by the dramatic increase in version numbers; 5.6 was the next major version after 2.0. In fact, for most people writing scripts, the differences between 2.0 and 5.6 are not significant enough to worry about. Version 5.6 offers a new security model and, perhaps most importantly, the ability to execute scripts remotely, but neither of these affects our ADSI-based scripts to a large extent.
As of WSH 2.0, two types of file formats are supported. The first is traditional script files, which contain pure VBScript or JScript and have a language-specific file extension (e.g., .vbs), and the second is Windows Script File (WSF), which has a .wsf extension.
WSF is actually an Extensible Markup Language (XML) file, with the scripting code embedded inside <script>...</script> tags which is then embedded in <job>...</job> tags. The following example shows how the simple.vbs example would look using the WSF format:
<job> <script language="VBScript"> MsgBox "Hello World" </script> </job>
The XML defines that the file contains a single script (a job) and that the script to be run is written in VBScript. At its simplest, to write WSF scripts instead the traditional script files, all you have to do is prefix your code with the first two lines and end your code with the last two lines, as shown here:
<job> <script language="VBScript"> Dim objUser 'A variable representing my user Set objUser = _ GetObject("LDAP://cn=Richard Lang,ou=Pre-Sales,ou=Sales,dc=mycorp,dc=com") MsgBox objUser.Description Set objUser = Nothing </script> </job>
To keep the examples straightforward and the focus on scripting Active Directory, only the code will be shown and not the tags necessary to make a WSF file. You can then decide whether you want to utilize the WSF format or just use the traditional script file.
We also encourage you to find out more about WSH to fully utilize its capabilities. For more information on WSH, including advanced functionality and running scripts using WSF, check out Windows Script Host Programmer's Reference by Dino Esposito (Wrox Press) or Bob Wells' WSH articles in Windows Scripting Solutions (http://www.win32scripting.com). Finally, the WSH help file can be a very useful reference. It is available for download at http://msdn.microsoft.com/scripting/.