Jump to content
Macro Express Forums

MEP & AD (Active Directory)


Recommended Posts

Good Morning, Afternoon and Evening,

 

Just curious on a few points:

 

Wondering if anyone here has any experience using MEP with AD.

 

Specifically:

 

1) Just out of curiousity, what have you done with AD & MEP? (I also do a lot of standard password resets, unlocks, etc. Need to automate this - that's on my 'back burner' list).

2) Does AD use / respect Windows controls?

 

Here's the deal:

 

(Some of this is just me "talking out loud" - sorry 'bout that! This whole process was dumped in my lap a few hours ago - but it WILL happen, so I need a plan...)

 

We have a tsunami of of "tickets" (work orders) coming to our group. These will arive via email with a hyperlink in the email to the ticket. The ticket is pre-crafted... The ONLY difference between any one of these tickets and the next relevant one is the timestamp of creation date, and the PC name itself - typically in the form "1234567-abc".

 

All that needs to be done is: Go to AD, Search "Compters" on the domain, Once the PC is found, right click on it, check the properties. And add membership for a SCCM script. Pretty simple. Right now it's strictly a manual operation - 4 guys dealing with maybe 10 of these (each guy) a day. Takes maybe 1-2 minutes per guy to do one. But I know MEP could do it in probably 5 seconds or less. But that's just soon we'll each probably have 40-50 of these tickets a day.

 

So I asked #2 - about AD using Windows controls - because this may be a good opportunity to introduce the company I work for to MEP! ;-) Ideally, I'm thinking, rather than mail these tickets to any one of 4 guys (these are genuine IT tech guys, smarter than your average service desk guys, these guys are pretty sharp and give in-depth support to over 300 in-house apps in addition to all the usual MS Office, AD, VPN, Citrix questions, etc; to over 5,000 users - another reason to free them from this mundane chore!) - we could have the email sent to me (rather than all 4 support specialists). I could do a rule in Outlook to capture all the desired tickets out of the "queue" (a shared Exchange box) and put them in my directory. I could then schedule a MEP macro to run there when there are over X tickets there or once a day - whichever comes first. Or give MEP to each of the 4 agents and let them run a macro that I would craft (and Insight would probably prefer THIS solution for licensing! ;-)). I'd rate myself as a "7 or 8" on a 1-10 scale of MEP macro crafting expertise, with my ignorance of Windows controls being the most limiting factor holding me back from a solid 8 to 9! ;-) My code may not be the most logical, clinically efficitent, etc; but I get the job done, reliably, error trappiing, etc.

 

The reason I'm obsessing about controls is because the windows will appear in different places on different monitors. Even on the same person's PC, it could appear ANYWHERE on any 1 of 7 monitors. So moving to canned pixel co-ords seems to be the lamest way to go. Nothing more gimp than watching a cursor run around randomly on a screen clicking and waiting for things to happen that never will. Nothing worse than having a script run amok and start clicking off in windows it shouldn't be in, etc. Anyone that knows anything about AD can only imagine the "fun" that could result (and how quickly one's phone {and their boss's phone!} could ring) as a result of a script gone wild like a chimp on meth! We typically have at least two AD sessions (one "live" and one Citrix) and SEVERAL other critical network management / monitoring windows, etc. "Scripts Gone Wild" would not be cool at all. So this is kind of a "Hero or zero, Whitehouse or outhouse" undertaking I'm tackling! LOL.

 

One redeeming thing of AD work seems to be that the primary and ancilliary windows seem to be predictably named. Well, sortta! This would make respecive window activation / focus pretty easy, I believe. It would be sweet to use controls, since, as I understand it, that sets me free from pixel co-ords, window locations, screen resolutions, etc. I guess I'll play around and try a little testing in the next day or two. We'll have over 5,000 tickets to play with over the next few months, so I need to get my act together if I'm going to do this.

 

Random options / thoughts include: I can just "scrape" the PC name out of the tickets, shove it in a var go to AD and deal with it and call it good. Or, pre-process them in semi-real time, scrape out the PC's names, build to a text file and batch 'em at the end of the day or whatever. All PC's get the same same same membership modification (addition).

 

The primary 2 BIG errors (aside from total amok-ness) I anticipate are:

1) The target PC may already have the desired membership... somehow need to check that or see what the resultant AD err is if I try it. Then I'll know how to deal with it.

And / or:

2) The target PC name is not found on the domain. This would surely result in an automated kick back ticket saying, in effect "Yo, you gave me PC Name '1234567-abc' but that doesn't appear to exist on our Domain, please re-submit a ticket with the correct PC name, etc..."

 

Any and all comments are welcome! Particulary as regards MEP & AD & Windows controls...

 

Sorry for the longer than normal ramble here...

 

Sincere thanks,

 

--Pete

Link to comment
Share on other sites

Random comments:

 

Regarding controls I always try to implement with them first. Dozens of reasons in many post on this forum.

 

One issue I have with things like you're mentioning is anything with list boxes of variable content. In a control the entire list box is a control and often there's no way to query what is selected. EG search for a computer "Jack" and find "Jackson" as well. Selecting the proper item from the list box is a bit of a challenge. Some time ago I had a similar task I wanted to automate on an SBS2003 box and gave up because of this.I think it could have been done but it would have resulted in the macro engaging in trial and error.

 

For the machine you access via Critrix you need to understand that if you use MEP on the client machine the best you can do is send keystrokes and mouse events blindly. For it to work properly it needs to be running locally. This goes for all remote apps like Remote Desktop.

 

Another issue with remote sessions with Remote Desktop is that the GUI world and it's events 'disappears' when minimized or disconnected. So any macros running on that machine that use any of the GUI need to be up and visible in order to work.

 

You might consider using the Windows Server management tools locally instead of logging into a server. This gives you the ability to do most server tasks with processes running on your local machine.

 

I heard in the latest version of Exchange there's a feature, I'm forgetting the term now, where one can execute Outlook-like rules. For years admins have wanted the ability to automatically process emails like what you're doing and supposedly one can now.

 

It's my understanding that there are many programs out there for automating AD tasks. Might check into some. I have no experience with them. None of my clients have enough users to warrant me buying or researching.

 

I think adding membership for a user can be accomplished with very few or even one command in PowerShell. In case you're not familiar PS is MS's new more powerful and capable command prompt replacement. I know I've seen scripts to get lists of users and perform actions on them with very little code. If you do go this route want to use it in conjunction with MEP realize that MEP is not Unicode aware. But I found a sleazy way to work around that. Essentially UTF-8 is two bytes but if you ignore the second byte which is always null you can convert it into ASCII which MEP understands. IE if you want to get the console contents after running an external script or program.

 

Personally for things that become difficult to do with a macro or are large batches I'm writing more and more of them as programs instead of using MEP. Monday I was looking for info on the DirectoryInfo class and found the DirectoryServices namespace. It uses the ADSI (Think of it as an API for AD) with a couple of classes that allow one to do most anything. If you have any programming skills you might want to check them out. Or even if you don't have the skills you could probably hire someone to do it on eLance.com for real cheap. I'm guessing you could use this class in VBScript or PowerShell as well. Oh, and probably VBA which you could run as a rule in Outlook. You could have a single button in the ribbon of OL that you could fire from the mail message you get.

 

One trick I have used in the past with Outlook was to make a rule that saved the email to a file folder. Then I set an MEP macro up with directory change activation to launch when a new message was dropped there. You can also run MEP from within a rule but I found that having as text on the drive meant I could then induct the message text easily with MEP.

 

Good luck!

Link to comment
Share on other sites

Random comments:

 

Regarding controls I always try to implement with them first. Dozens of reasons in many post on this forum.

 

 

I entirely agree. Until now I've been 'too lazy' (read: project deadline / requirements wouldn't permit me the leisure to stop and learn controls to my satisfaction, so I 'worked around' it some other way - albeit a cobble!) to take up mastering Windows controls in MEP. I don't have any other pressure on this task other than what I place on myself. It's do it manually or I'll be a hero with a macro. So I'll try to take some time this weekend, I guess, and learn some control stuff. I know, at one point at least, it was my impression that MEP explanation was, umm, "lacking" on examples & specific info, etc;

 

One issue I have with things like you're mentioning is anything with list boxes of variable content. In a control the entire list box is a control and often there's no way to query what is selected. EG search for a computer "Jack" and find "Jackson" as well. Selecting the proper item from the list box is a bit of a challenge. Some time ago I had a similar task I wanted to automate on an SBS2003 box and gave up because of this.I think it could have been done but it would have resulted in the macro engaging in trial and error.

 

 

Spot on point, however, in this case - and within our domain, the "computer name" is the PC's serial number + a 3 letter corp suffice. So if there's more than ONE return for the search on the domain then "Houston, we have a problem!" (and I mean other than with my Macro!). Still, it COULD happen, I suppose. Your point is good food for thought.

 

For the machine you access via Critrix you need to understand that if you use MEP on the client machine the best you can do is send keystrokes and mouse events blindly. For it to work properly it needs to be running locally. This goes for all remote apps like Remote Desktop.

 

 

Yeah, I'm painfully aware of the Citrix is a mirage effect as regards MEP. Fortunately any MEP / Citrix stuff is a back burner issue compared to the more pressing tasks in AD (confused? I understand - I co-admin 2 domains - 1 "live" off my PC and the other is the Citrix managed one. My upcoming project is in the 'real' AD session on my local PC.

 

Another issue with remote sessions with Remote Desktop is that the GUI world and it's events 'disappears' when minimized or disconnected. So any macros running on that machine that use any of the GUI need to be up and visible in order to work.

 

You might consider using the Windows Server management tools locally instead of logging into a server. This gives you the ability to do most server tasks with processes running on your local machine.

 

I heard in the latest version of Exchange there's a feature, I'm forgetting the term now, where one can execute Outlook-like rules. For years admins have wanted the ability to automatically process emails like what you're doing and supposedly one can now.

 

It's my understanding that there are many programs out there for automating AD tasks. Might check into some. I have no experience with them. None of my clients have enough users to warrant me buying or researching.

 

I think adding membership for a user can be accomplished with very few or even one command in PowerShell. In case you're not familiar PS is MS's new more powerful and capable command prompt replacement. I know I've seen scripts to get lists of users and perform actions on them with very little code. If you do go this route want to use it in conjunction with MEP realize that MEP is not Unicode aware. But I found a sleazy way to work around that. Essentially UTF-8 is two bytes but if you ignore the second byte which is always null you can convert it into ASCII which MEP understands. IE if you want to get the console contents after running an external script or program.

 

 

These are all excellent points and I'll try to file them away in my MEP gray matter storage... Subject to retrival errors... :blink:

 

I've only recently even played briefly in PS. I heard of it a couple months ago when I was taking a MS cert course in Windows 7 Admin. It sure looks cool. The instructor got off on it. I sat next to one of our Windows Admin guys (a partial paygrade above me! ;-)) and asked hom a little bit about it. It definetly sounds worth investigating. Time for "PowweShell For Dummies" I guess!! I just thought I might not be able to master it quick enough to help here. So many projects... so little time (at least that I'd get paid for! LOL!).

 

Personally for things that become difficult to do with a macro or are large batches I'm writing more and more of them as programs instead of using MEP. Monday I was looking for info on the DirectoryInfo class and found the DirectoryServices namespace. It uses the ADSI (Think of it as an API for AD) with a couple of classes that allow one to do most anything. If you have any programming skills you might want to check them out. Or even if you don't have the skills you could probably hire someone to do it on eLance.com for real cheap. I'm guessing you could use this class in VBScript or PowerShell as well. Oh, and probably VBA which you could run as a rule in Outlook. You could have a single button in the ribbon of OL that you could fire from the mail message you get.

 

Cory, I dunno if you're old enough to remember Artie Johnson from "Rowan and Martin's Laugh In" - but I want to say "V-e-e-e-r-r-r-y I-n-n-n-t-e-r-e-s-t-i-n-g!!!" I'll be looking at that along the way - if not for this project, then a future one.

 

One trick I have used in the past with Outlook was to make a rule that saved the email to a file folder. Then I set an MEP macro up with directory change activation to launch when a new message was dropped there. You can also run MEP from within a rule but I found that having as text on the drive meant I could then induct the message text easily with MEP.

 

Good luck!

 

If you don't mind, Cory, I might drop you a line - and/or - continue the thread here - if / as I run into snags.

 

I genuinely appreciate you taking the time to salt me with a few hints, tips, thoughts...

 

Kind Regards,

 

--Pete

Link to comment
Share on other sites

  • 2 weeks later...

Yes I do remember Artie! As kids we often emulated that line from backyard hedges. I also remember transferring game programs on audio cassettes via 10-speed bike. Schwinn-net. Transfer speeds were dependent on how large the program, how far the distance to your buddies house, and how fast you could pedal. And of course huge delays would often occur it the transit neared a video arcade singularity. One could lose hours in there.

 

Contact me anytime. I'm available for hire as well ;)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...