vbscript_Windows系统管理员的VBScript-第1部分

vbscript

Welcome to part one of a multi-part tutorial series, VBScript for Windows System Administrators.  The goal of this series is to teach non-programmers how to write useful VBS code to automate their environment, and perform tasks faster, and in a more consistent fashion.  I am not a professional programmer, and I am not a professional author.  I'm just an admin who has found that VBS has made my life much, much easier, and I'd like to share that with you.  I hope you enjoy this reading this series as much as I've enjoyed writing it.

欢迎使用由多部分组成的系列教程的第一部分，即Windows系统管理员的VBScript。 本系列的目的是教非程序员如何编写有用的VBS代码以自动化其环境，并以一种更一致的方式更快地执行任务。 我不是专业程序员，也不是专业作家。 我只是一个管理员，他发现VBS使我的生活变得非常轻松得多，并且我想与您分享。 我希望您和阅读本系列书一样享受阅读本系列的乐趣。

As Admins, a lot of our job revolves around managing users, user settings, and everything else in Active Directory.  The majority of this series will focus on that.  I will also be going into reading/writing text files, and working with Excel automation.  For the sake of staying on topic, I'm going to make a few assumptions:  You know your way around AD pretty well, and understand basic concepts such as Organizational Units, Containers, Users, Groups, Contacts, etc.  If you need any help understanding those topics, please take a moment to browse this site before continuing:  http://technet.microsoft.com/en-us/library/cc780336.aspx

作为管理员，我们的很多工作都围绕管理用户，用户设置以及Active Directory中的其他所有内容。 本系列的大部分内容将重点放在这一点上。 我还将研究读/写文本文件，以及使用Excel自动化。 为了保持话题性，我将做一些假设：您非常了解AD，并且了解基本概念，例如组织单位，容器，用户，组，联系人等。帮助理解这些主题，请花点时间浏览此站点，然后再继续： http：//technet.microsoft.c om / zh-cn / l 库/ cc7 80336.aspx

Ok.  For the duration of this series, we will be working with a simple forest/domain AD.  One forest, one domain.  The FQDN of the domain is mydomain.local, and the AD structure looks like this:

好。 在本系列的整个过程中，我们将使用简单的林/域AD。 一林一域。 域的FQDN为mydomain.local，AD结构如下所示：

mydomain.local

mydomain.local

   Builtin

内建

   Computers

电脑

   Disabled

残障人士

   DLs

数字图书馆

   Domain Controllers

域控制器

   Employees

雇员

   ForeignSecurityPrincipals

外国安全负责人

   LostAndFound

失物处

   Microsoft Exchange System Objects

Microsoft Exchange系统对象

   NTDS Quotas

NTDS配额

   Program Data

程序数据

   Security Groups

安全组

   Servers

伺服器

   Service Accounts

服务帐号

   System

系统

   Users

用户数

   Workstations

工作站

In the above directory structure, the end-user accounts are all in the Employees OU, PCs are all in the Workstations OU, and servers are all in the Servers OU.  The Disabled OU is where accounts are moved to when they are disabled, and the Service Accounts OU contains various service accounts for the domain (cluster administrator account, custom application service accounts, SQL service accounts, etc).

在上面的目录结构中，最终用户帐户都在员工OU中，PC都在工作站OU中，服务器都在服务器OU中。 禁用帐户是将帐户移动到的位置，“服务帐户” OU包含域的各种服务帐户（群集管理员帐户，自定义应用程序服务帐户，SQL服务帐户等）。

Ok.  With that out of the way, on to the basics of VBS.  Although Notepad will work for writing scripts, I HIGHLY recommend writing your code in an IDE (integrated development environment).  The benefits of this are many, but some of my favorites are the built-in debugging, highlighting of reserved words, and auto-completion.  My personal favorite is PrimalScript, by Sapien (www.sapien.com), but there are lots of them.  For the duration of this series, I will assume you are using PrimalScript (there's a 30-day free trial, so play along).  Now that we have our development environment, let's do something.  Open a new, blank VBScript, and type the following code.

好。 有了这些，就可以了解VBS的基础知识。 尽管记事本可用于编写脚本，但我还是强烈建议在IDE（集成开发环境）中编写代码。 这样做的好处很多，但我最喜欢的一些功能是内置调试，突出显示保留字和自动完成。 我个人最喜欢的是Sapien（ www.sapien.com ）的PrimalScript ，但其中有很多。 在本系列的整个过程中，我将假设您正在使用PrimalScript（有30天的免费试用期，请继续尝试）。 现在我们有了开发环境，让我们做点什么。 打开一个新的空白VBScript，然后键入以下代码。

wscript.echo("Hello World!")

wscript.echo（“ Hello World！”）

Press F7 to run the script.  The output window will display the text       Hello World!          Congratulations, you just wrote your first script!  I know it doesn't look like much, but that one method (wscript.echo) will help you immensely in debugging scripts.  You can insert it nearly anywhere in a script to output the value of a variable to check that the script is actually doing what you want it to do.

按F7运行脚本。 输出窗口将显示文本Hello World!。 恭喜，您刚编写了第一个脚本！ 我知道它看起来不多，但是一种方法（wscript.echo）将极大地帮助您调试脚本。 您可以将其插入脚本中的几乎任何位置，以输出变量的值，以检查脚本是否确实在执行您想要的操作。

Now that you've successfully written your first script, let's cover some basics of logic.  The two logic blocks you'll likely use most are  If...Then...Else  and  For...Next.

现在，您已经成功编写了第一个脚本，让我们介绍一些逻辑基础知识。 您可能最常使用的两个逻辑块是If ... Then ... Else和For ... Next。

If...Then Example:

如果...则示例：

i = 2

我= 2

If i > 0 Then

如果我> 0那么

    Wscript.echo("i is a positive number")

Wscript.echo（“ i是一个正数”）

ElseIf i < 0 Then

否则，如果i <0

    Wscript.echo("i is a negative number")

Wscript.echo（“ i是一个负数”）

End If

万一

The output of the code above would be    i is a positive number

上面代码的输出将是i为正数

For i = 0 to 10

对于i = 0到10

    Wscript.echo(i)

Wscript.echo（i）

Next

下一个

The output of the code above would be  0  1  2  3  4  5   6  7  8  9  10   with each number being displayed on it's own line.     Another example of a For...Next loop is

上面代码的输出为0 1 2 3 4 5 6 7 8 9 10，每个数字都显示在自己的行上。 For ... Next循环的另一个示例是

For each object in objects

对于对象中的每个对象

    wscript.echo(object)

wscript.echo（对象）

Next

下一个

In the code above, objects represents a group of items, and    object    is actually a variable name.  The code below would do the exact same thing

在上面的代码中，对象代表一组项目，而对象实际上是一个变量名。 下面的代码将做完全相同的事情

For each item in objects

对于对象中的每个项目

    wscript.echo(item)

wscript.echo（项目）

Next

下一个

This code is most frequently used when iterating objects in Active Directory.  But before we get to that code, we need to learn how to attach to AD objects.  To do so, we want to use the ADSPath of the object, which is the DN of the object preceeded by   LDAP://     Using our example directory structure above, if we had a user named John Doe in the Employees OU, the ADSPath for the user would be    LDAP://CN=John Doe,OU=Employees,DC=mydomain,DC=local   To get a handle to that user, we would use the following code.

在Active Directory中迭代对象时，最常使用此代码。 但是在获得该代码之前，我们需要学习如何附加到AD对象。 为此，我们要使用对象的ADSPath，它是LDAP：//开头的对象的DN。如果在雇员OU中有一个名为John Doe的用户，则使用上面的示例目录结构，该对象的ADSPath用户将为LDAP：// CN = John Doe，OU = Employees，DC = mydoma in，DC = loca l要获取该用户的句柄，我们将使用以下代码。

Set oUser = GetObject("LDAP://CN=John Doe,OU=Employees,DC=mydomain,DC=local")

设置oUser = GetObject（“ LDAP：// CN = John Doe，OU = Employees，DC = mydoma in，DC = loca l“）

oUser is a variable, and can be anything you want it to be.  Some people like to use objUser to signify a user object, I prefer the shorter method of simply oUser.  You could just as easily use    cat    or     house      or     baseball      and get the same result.

oUser是一个变量，可以是您想要的任何变量。 有些人喜欢使用objUser来表示用户对象，我更喜欢简单的oUser方法。 您可以轻松地使用猫，房屋或棒球来获得相同的结果。

Set baseball = GetObject("LDAP://CN=John Doe,OU=Employees,DC=mydomain,DC=local")

设置棒球= GetObject（“ LDAP：// CN = John Doe，OU = Employees，DC = mydoma in，DC = loca l“）

We will use the oUser version for the remainder of this article (it helps to use descriptive variable names, the script will be easier to understand that way).  Now that we have a handle to the user object in AD, what do we want to do with it?  How about change the user's description?

在本文的其余部分中，我们将使用oUser版本（它有助于使用描述性变量名，该脚本将更易于理解）。 现在我们有了AD中的用户对象的句柄，我们要如何处理它？ 如何更改用户的描述？

Set oUser = GetObject("LDAP://CN=John Doe,OU=Employees,DC=mydomain,DC=local")

设置oUser = GetObject（“ LDAP：// CN = John Doe，OU = Employees，DC = mydoma in，DC = loca l“）

oUser.Description = "My User"

oUser.Description =“我的用户”

Now we have changed the users description.  However, this was only changed in the cache.  To actually commit the change to Active Directory, we need to use the  SetInfo()   method.

现在，我们更改了用户描述。 但是，仅在缓存中进行了更改。 要将更改实际提交到Active Directory，我们需要使用SetInfo（）方法。

Set oUser = GetObject("LDAP://CN=John Doe,OU=Employees,DC=mydomain,DC=local")

设置oUser = GetObject（“ LDAP：// CN = John Doe，OU = Employees，DC = mydoma in，DC = loca l“）

oUser.Description = "My User"

oUser.Description =“我的用户”

oUser.SetInfo()

oUser.SetInfo（）

Viola!  You have just programmatically changed the description of a user.  Now, if we expand on that, and use our For...Next loop, we would want to get a handle to the OU:

中提琴！ 您刚刚以编程方式更改了用户的描述。 现在，如果我们对此进行扩展，并使用For ... Next循环，我们希望获得OU的句柄：

Set oOU = GetObject("LDAP://OU=Employees,DC=mydomain,DC=local")

设置oOU = GetObject（“ LDAP：// OU = Emplo 是的，DC =我 域，DC = 本地”）

For each oUser in oOU

对于oOU中的每个oUser

    oUser.Description = "My User"

oUser.Description =“我的用户”

    oUser.SetInfo()

oUser.SetInfo（）

Next

下一个

Again, in the above code, oUser is simply a variable name.  I chose to use oUser again because it is a good descriptor for the object type I'm working with, but I could have just as easily said

同样，在上面的代码中，oUser只是一个变量名。 我选择再次使用oUser，因为它是我正在使用的对象类型的一个很好的描述符，但是我可以很容易地说

For each baseball in oOU

对于每个单位的棒球

But it just doesn't read as well.  So, what does the above code do?  It goes through each object in the Employees OU and sets the description to    My User     This is one of the reasons that good AD organization is key:  We don't like it when there are OUs that have multiple types of objects in them (users mixed with computers mixed with groups).  It makes coding more difficult.  It can still be done, but now you have to evaluate the type of each object you're working with.  For instance, lets assume there is a fictional OU named    Objects   and it contains a mix of objects.  Our goal is to set the description of all the user objects to      My User      but not modify any of the other objects.  This could be accomplished by doing the following:

但这只是读得不好。 那么，以上代码有什么作用？ 它遍历Employees OU中的每个对象，并将说明设置为“我的用户”。这是良好的AD组织至关重要的原因之一：当有多个OU包含多个对象类型（用户混合时，我们不喜欢它）与计算机混合组）。 这使编码更加困难。 仍然可以完成，但是现在您必须评估正在使用的每个对象的类型。 例如，假设有一个名为Objects的虚构OU，并且其中包含对象的混合。 我们的目标是将所有用户对象的描述设置为“我的用户”，而不修改任何其他对象。 这可以通过执行以下操作来完成：

Set oOU = GetObject("LDAP://OU=Objects,DC=mydomain,DC=local")

设置oOU = GetObject（“ LDAP：// OU = Objec ts，DC = mydo 主DC = lo 校准”）

For each oUser in oOU

对于oOU中的每个oUser

    If oUser.Class = "User" Then

如果oUser.Class =“ User”，则

        oUser.Description = "My User"

oUser.Description =“我的用户”

        oUser.SetInfo()

oUser.SetInfo（）

    End If

万一

Next

下一个

We combined If...Then   and    For...Next   in order to accomplish our goal.

我们将If ... Then和For ... Next结合在一起以实现我们的目标。

Want to modify other attributes of a user?  No problem.  The next installment of VBScripting for Windows System Administrators will focus on how to locate that evasive AD field you want to modify.

是否要修改用户的其他属性？ 没问题。 Windows系统管理员的下一部分VBScripting将着重于如何找到要修改的逃避AD字段。

Until then, spend your time wisely organizing your AD to make it conducive to scripting.  :-)

在此之前，请花时间明智地组织广告，以使其有助于编写脚本。 :-)

-exx1976

-exx1976

翻译自: https://www.experts-exchange.com/articles/266/VBScript-for-Windows-System-Administrators-Part-1.html

vbscript