→ Having trouble accessing our new support portal or creating a ticket? Please notify our team here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jono
Champion Sweeper II

I don't know for sure that this is due to the latest upgrade, but my custom actions that use the {cn} parameter no longer work. If I take a VBS and insert the argument that the {cn} parameter used to insert, then the script works.

So, if I use this (what it has been for years), the script fails:

{actionpath}AcctStat.vbs "{cn}"


But if I use this, the script works:

{actionpath}AcctStat.vbs "CN=Doe\, John,OU=US Users,DC=domain,DC=local"



Is there something that has changed the {cn} parameter, or is there anything else I can look at to troubleshoot this? I have several such actions that no longer work.

Thanks!

7 REPLIES 7
Jono
Champion Sweeper II
Sure. I hope this works well for you.
On Error Resume Next
If WScript.Arguments.Count = 1 Then

'Gather user information
struser = WScript.Arguments(0)
Set objUser = GetObject("LDAP://" & struser)
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
intCurrentValue = objUser.Get("userAccountControl")
strSAMAccountName = objUser.Get("sAMAccountName")
strCN = objUser.Get("cn")
strGN = objUser.Get("givenName")

'If no givenName
If Hex(Err)="8000500D" Then
strGN = " "
End If
'Clear any previous errors
Err.Clear
strSN = objUser.Get("sn")

'If no sn
If Hex(Err)="8000500D" Then
strSN = " "
End If
'Clear any previous errors
Err.Clear
Set objNet = CreateObject("WScript.NetWork")
dtmValue = objUser.PasswordLastChanged
intTimeInterval = int(now - dtmValue)
Set objDomainNT = GetObject("WinNT://" & objNet.UserDomain)
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")/86400
intMinPwdAge = objDomainNT.Get("MinPasswordAge")/86400

For Each Ace In objDACL
If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
(LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
blnEnabled = True
End If
Next


'Clear strMsg

strMsg = ""


'Errors, such as due to No Password Set Date

If Err.Number <> 0 then
If Err.Number = "-2147463155" then
strMsg = strMsg & "An error has occurred while trying to retrieve the date of the last password change. This is most likely because " & strGN & " " & strSN & "'s account is set to force a password change on next logon. Until " & strGN & " " & strSN & " changes his/her password, this may not display all of the requested information. " & VbCrLf & VbCrLf
else
strMsg = strMsg & "An error (number: " & Err.Number & ") has occurred. This may not display all of the requested information." & VbCrLf & VbCrLf
end if
end if


'Account Disabled?

If objuser.AccountDisabled = True Then
MsgBox strGN & " " & strSN & "'s account is Disabled! ***",0,strCN & " (" & strSAMAccountName & ")"
Else


'Account Locked?

If objuser.IsAccountLocked = True Then
strMsg = strMsg & strGN & " " & strSN & "'s account status:" & VbCrLf &_
VBTab & VBTab & VBTab & VBTab & "Enabled" & VbCrLf &_
VBTab & VBTab & VBTab & VBTab & "Locked! ***" & VbCrLf
Else
strMsg = strMsg & strGN & " " & strSN & "'s account status:" & VbCrLf &_
VBTab & VBTab & VBTab & VBTab & "Enabled" & VbCrLf &_
VBTab & VBTab & VBTab & VBTab & "Not Locked" & VbCrLf
End If


'Password Expires?

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
strMsg = strMsg & VBTab & VBTab & VBTab & VBTab & "Password Never Expires" & VbCrLf & VbCrLf & VbCrLf &_
"The Password Never Expires for " & strGN & "'s account due to account settings." & VbCrLf & _
" Password Changed: " & dtmValue & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & VbCrLf
Else

If intMaxPwdAge < 0 Then
strMsg = strMsg & VbCrLf & "The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire." & VbCrLf & VbCrLf
Else


'Password Expired already?

If intTimeInterval >= intMaxPwdAge Then
strMsg = strMsg & VBTab & VBTab & VBTab & VBTab & "Password Expired! ***" & VbCrLf & VbCrLf & VbCrLf &_
strGN & "'s Password information:" & VbCrLf & _
" Last Changed:" & VBTab & dtmValue & VBTab & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
" Expiration:" & VBTab & dtmValue + intMaxPwdAge & VBTab & VBTab & int(now - (dtmValue + intMaxPwdAge)) & " days ago" & VbCrLf & _
" (Maximum password age is " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
Else
strMsg = strMsg & VBTab & VBTab & VBTab & VBTab & "Password Not Expired" & VbCrLf & VbCrLf & VbCrLf &_
strGN & "'s Password information:" & VbCrLf & _
" Last Changed:" & VBTab & dtmValue & VBTab & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
" Expiration:" & VBTab & dtmValue + intMaxPwdAge & VBTab & VBTab & "in " & int((dtmValue + intMaxPwdAge) - now + 1) & " days" & VbCrLf & _
" (Maximum password age is " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
End If
End If
End If


'User can Change the Password?

If blnEnabled Then
strMsg = strMsg & strGN & " cannot change the password due to account settings."
Else
If intMaxPwdAge < 0 Then
strMsg = strMsg & strGN & " can change the password."
Else
If intTimeInterval >= intMaxPwdAge Then
strMsg = strMsg & strGN & " can change the password only while on site with a domain computer."
Else
If intTimeInterval >= intMinPwdAge Then
strMsg = strMsg & strGN & " can change the password."
Else
strMsg = strMsg & strGN & " can change the password after " & DateValue(dtmValue) + intMinPwdAge & "." & VbCrLf & _
" (Minimum password age is "& intMinPwdAge & " days)"
End If
End If
End If
End If
'Display the Info

MsgBox strMsg,0,strCN & " (" & strSAMAccountName & ")"

End If

Else
WScript.Echo "Error"

End If

Set objNet = Nothing
Set objUser = Nothing
Set objSD = Nothing
Set objDACL = Nothing
Set objUserLDAP = Nothing
Set objDomainNT = Nothing

jmont
Engaged Sweeper
Jono,

Can you please share your acctstat.vbs with me? I found 2 samples on this site and neither are working on my local computer. I wanted to add this custom action because it will help us immensely. Thanks
lunja
Engaged Sweeper II
Can you provide solution for this issue, since we also experience same problem.
Jono
Champion Sweeper II
lunja wrote:
Can you provide solution for this issue, since we also experience same problem.

Hi lunja. The solution comes from an update (version 6049) that you can get by emailing support@lansweeper.com.

Sorry, I should have included that in my last comment.
Jono
Champion Sweeper II
Thank you! Everything works well now.
Bert_D
Lansweeper Employee
Lansweeper Employee
Hi Jono,

Please contact support@lansweeper.com for a fix for this issue.
Jono
Champion Sweeper II
Update:

I created an action to echo what {cn} is returning:
cmd /k Echo "{cn}"

When I run that, it comes back with this result:
"CN=Doe^\, John,OU=US Users,DC=send,DC=local"

By using double quotes around {cn}, it inserts the carat after the last name, so the script fails as it can't find such a user.

When I run the same thing without the double quotes:
cmd /k Echo {cn}

it comes back with this result:
CN=Doe\, John,OU=US Users,DC=send,DC=local

The return is correct, but since there are spaces in the result, the double quotes are necessary, so the script still fails.

If anyone has any input on this, I'd be very interested in hearing it. I have several custom actions that use that {cn} variable and it's a pain to have to go to old methods to get the information.

Thanks.