Modify user Terminal Services settings for a Windows 2000 OU

A step-by-step process for applying the same Terminal Services settings to all the users in the same Active Directory organizational unit.

Windows 2000 Active Directory does not expose the Terminal Services attributes of a user. These settings are stored

as a string in the UserParameters attribute. This attribute also stores the settings for Remote Access. I suggest that any testing that can affect multiple users should be tried and tested in a lab environment.

In order to apply the same Terminal Services Settings to all the users in the same OU you can perform the following steps:

  1. Create a test user with the terminal services settings adjusted to your environment.

  2. Perform an LDIFDE export of the test user. Then using notepad copy the UserParameters information to a textfile called UP.txt. The following is an example listing of UP.TXT:

    UserParameters::
    ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUBAaCAFDdHhDZ mdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm46Cy44C5FggBQ3R4Q2FsbG JhY2vjgLDjgLDjgLDjgLASCAFDdHhTaGFkb3fjhLDjgLDjgLDjgLAoCAFDdHhNYXhDb25uZWN0aW9 uVGltZeOAsOOAsOOAsOOAsC4IAUN0eE1heERpc2Nvbm5lY3Rpb25UaW1l44C045y35oix44CwHAgB Q3R4TWF4SWRsZVRpbWXjgLTjnLfmiLHjgLAiCAFDdHhLZXlib2FyZExheW91dOOAsOOAsOOAsOOAs CoCAUN0eE1pbkVuY3J5cHRpb25MZXZlbOOEsCACAUN0eFdvcmtEaXJlY3RvcnnjgLAgAgFDdHhOV0 xvZ29uU2VydmVy44CwGAIBQ3R4V0ZIb21lRGly44CwIgIBQ3R4V0ZIb21lRGlyRHJpdmXjgLAgKAF DdHhXRlByb2ZpbGVQYXRo5oy144C144i15pi045i046S05oy045S044y15oy145S144y145S044i1 44y15pSy5pC044S05pS044CwIgIBQ3R4SW5pdGlhbFByb2dyYW3jgLAiAgFDdHhDYWxsYmFja051b WJlcuOAsA===

  3. Create the following script file with a wsf extension. You will need to modify the LDAP path for your environment.

    Listing of TS.WSF

    <package>
    <job id = "get user objects and create ldifde formated file">
    <script language = "VBScript">
    
    Const ForReading = 1
    Const ForWriting = 2
    Const ForAppending = 8
    Input = InputBox("Please Enter an OU Name:","OU Select") WScript.Echo
    Input Dim aFile 
    aFile = "users.txt"
    
    Set Up = CreateObject ("Scripting.FileSystemObject")
    set u = Up.OpenTextFile ("up.txt", ForReading, True)
    uContents = u.ReadAll
    u.close
    
    Set objOu = GetObject _
    ("LDAP://ou=****,ou=" + Input + ",ou=****,dc=****,dc=****,dc=****")
    For Each objUser In objOu
     
    Set fy = CreateObject ("Scripting.FileSystemObject")
     If (fy.FileExists(aFile)) Then
     Set x = fy.OpenTextFile (aFile, ForAppending) 
     x.WriteLine "dn: " & objUser.Get("distinguishedName")
     x.WriteLine "changetype: modify"
     x.WriteLine "replace: UserParameters"
     x.WriteLine uContents
     x.WriteLine "-"
     x.WriteLine ()
     x.close()
     
     Else
     Set x = fy.OpenTextFile (aFile, ForWriting, True)
     x.WriteLine "dn: " & objUser.Get("distinguishedName")
     x.WriteLine "changetype: modify"
     x.WriteLine "replace: UserParameters"
     x.WriteLine uContents
     x.WriteLine "-"
     x.WriteLine ()
     x.close()
    End If
    Next
    </Script>
    <script language = "JScript">
    
    var aFile = "users.txt"
    var w = WScript.CreateObject("WScript.Shell")
    w.Run("ldifde -i -f " + aFile, 1, "True")
    WScript.Echo ("FINISHED LDIFDE IMPORT")
    var fs = new ActiveXObject ("Scripting.FileSystemObject"); 
    fs.DeleteFile (aFile); </Script> </job> </package>
    

Explanation of TS.WSF:

The VB portion of the script is used to format the LDIF file used to apply the changes. It first prompts the user for an OU to apply the changes to. It then searches the OU for User objects and formats the Users.txt file in the proper LDIFE format using the UserParameters settings from the UP.TXT file.

The JavaScript portion of TS.WSF basically runs LDIFDE import with the proper switches to apply the changes.

This was first published in December 2003

Dig deeper on Microsoft Active Directory Scripting

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close