' ------------------------------------------------------------------------- ' Related to the book Inside Active Directory, ISBN 0-201-61621-1 ' Copyright (C) 2002 by Sakari Kouti ' Version: November 16, 2001 ' (see http://www.kouti.com) ' You have a royalty-free right to use, modify, reproduce and distribute ' this script (and/or any modified version) in any way you find useful, ' provided that you agree that Addison-Wesley or Sakari Kouti has no ' warranty, obligations or liability for the script. If you modify ' the script, you must retain this copyright notice. ' ------------------------------------------------------------------------- ' =============================================================== ' See CH10-10 IncludeExample.wsf for an example of how to include ' this file in your script. ' =============================================================== ' This file includes all the constant defitions that are used in the ' script samples of the Inside Active Directory book, as well as some ' other constant defitions. The constants represent the following ' categories: ' - VBScript ' - WSH ' - Windows ' - Active Directory/ADSI ' --------------------------------------------------------------- ' Category: VBScript ' --------------------------------------------------------------- 'Error codes Const E_VBS_OBJECT_REQUIRED = 424 'For more error codes, see VBScript help 'OpenTextFile method options Const ForReading = 1 ' --------------------------------------------------------------- ' Category: WSH ' --------------------------------------------------------------- 'WshShell Run method options Const WAIT_ON_RETURN = True Const HIDE_WINDOW = 0 'For more options, see WSH help ' --------------------------------------------------------------- ' Category: Windows ' --------------------------------------------------------------- 'NTFS ACE options 'NTFS ACE options: AccessMask Const FILE_READ_DATA = &H1 'file & pipe Const FILE_LIST_DIRECTORY = &H1 'folder Const FILE_WRITE_DATA = &H2 'file & pipe Const FILE_ADD_FILE = &H2 'folder Const FILE_APPEND_DATA = &H4 'file Const FILE_ADD_SUBDIRECTORY = &H4 'folder Const FILE_CREATE_PIPE_INSTANCE = &H4 'named pipe Const FILE_READ_EA = &H8 'file & folder Const FILE_WRITE_EA = &H10 'file & folder Const FILE_EXECUTE = &H20 'file Const FILE_TRAVERSE = &H20 'folder Const FILE_DELETE_CHILD = &H40 'folder Const FILE_READ_ATTRIBUTES = &H80 'all Const FILE_WRITE_ATTRIBUTES = &H100 'all Const DELETE = &H10000 Const READ_CONTROL = &H20000 Const WRITE_DAC = &H40000 Const WRITE_OWNER = &H80000 Const SYNCHRONIZE = &H100000 Const ACCESS_SYSTEM_SECURITY = &H1000000 Const GENERIC_ALL = &H10000000 Const GENERIC_EXECUTE = &H20000000 Const GENERIC_WRITE = &H40000000 Const GENERIC_READ = &H80000000 Const FULL_CONTROL = &H1F01FF '14 permissions Const MODIFY = &H1301BF '11 permissions 'NTFS ACE options: ACE flags Const OBJECT_INHERIT_ACE = &H1 Const CONTAINER_INHERIT_ACE = &H2 Const NO_PROPAGATE_INHERIT_ACE = &H4 Const INHERIT_ONLY_ACE = &H8 Const INHERITED_ACE = &H10 Const SUCCESSFUL_ACCESS_ACE_FLAG = &H40 Const FAILED_ACCESS_ACE_FLAG = &H80 'NTFS ACE options: ACE types Const ACCESS_ALLOWED_ACE_TYPE = &H0 Const ACCESS_DENIED_ACE_TYPE = &H1 Const SYSTEM_AUDIT_ACE_TYPE = &H2 Const SYSTEM_ALARM_ACE_TYPE = &H3 Const ACCESS_ALLOWED_COMPOUND_ACE_TYPE = &H4 Const ACCESS_ALLOWED_OBJECT_ACE_TYPE = &H5 Const ACCESS_DENIED_OBJECT_ACE_TYPE = &H6 Const SYSTEM_AUDIT_OBJECT_ACE_TYPE = &H7 Const SYSTEM_ALARM_OBJECT_ACE_TYPE = &H8 'NTFS ACE options: Flags Const ADS_OBJECT_TYPE_PRESENT = &H1 Const ADS_INHERITED_OBJECT_TYPE_PRESENT = &H2 ' --------------------------------------------------------------- ' Category: Active Directory/ADSI ' --------------------------------------------------------------- 'Security descriptor control flags Const ADS_SD_CONTROL_SE_OWNER_DEFAULTED = &H0001 Const ADS_SD_CONTROL_SE_GROUP_DEFAULTED = &H0002 Const ADS_SD_CONTROL_SE_DACL_PRESENT = &H0004 Const ADS_SD_CONTROL_SE_DACL_DEFAULTED = &H0008 Const ADS_SD_CONTROL_SE_SACL_PRESENT = &H0010 Const ADS_SD_CONTROL_SE_SACL_DEFAULTED = &H0020 Const ADS_SD_CONTROL_SE_DACL_AUTO_INHERIT_REQ = &H0100 Const ADS_SD_CONTROL_SE_SACL_AUTO_INHERIT_REQ = &H0200 Const ADS_SD_CONTROL_SE_DACL_AUTO_INHERITED = &H0400 Const ADS_SD_CONTROL_SE_SACL_AUTO_INHERITED = &H0800 Const ADS_SD_CONTROL_SE_DACL_PROTECTED = &H1000 Const ADS_SD_CONTROL_SE_SACL_PROTECTED = &H2000 Const ADS_SD_CONTROL_SE_SELF_RELATIVE = &H8000 'AD ACE options 'AD ACE options: AccessMask Const ADS_RIGHT_DS_CREATE_CHILD = &H1 Const ADS_RIGHT_DS_DELETE_CHILD = &H2 Const ADS_RIGHT_ACTRL_DS_LIST = &H4 Const ADS_RIGHT_DS_SELF = &H8 Const ADS_RIGHT_DS_READ_PROP = &H10 Const ADS_RIGHT_DS_WRITE_PROP = &H20 Const ADS_RIGHT_DS_DELETE_TREE = &H40 Const ADS_RIGHT_DS_LIST_OBJECT = &H80 Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 Const ADS_RIGHT_DELETE = &H10000 Const ADS_RIGHT_READ_CONTROL = &H20000 Const ADS_RIGHT_WRITE_DAC = &H40000 Const ADS_RIGHT_WRITE_OWNER = &H80000 Const ADS_RIGHT_SYNCHRONIZE = &H100000 Const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &H1000000 Const ADS_RIGHT_GENERIC_ALL = &H10000000 Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000 Const ADS_RIGHT_GENERIC_WRITE = &H40000000 Const ADS_RIGHT_GENERIC_READ = &H80000000 Const ADS_RIGHT_FULL_CONTROL = &HF01FF 'AD ACE options: ACE flags Const ADS_ACEFLAG_INHERIT_ACE = &H2 Const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &H4 Const ADS_ACEFLAG_INHERIT_ONLY_ACE = &H8 Const ADS_ACEFLAG_INHERITED_ACE = &H10 Const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &H40 Const ADS_ACEFLAG_FAILED_ACCESS = &H80 'AD ACE options: ACE types Const ADS_ACETYPE_ACCESS_ALLOWED = 0 Const ADS_ACETYPE_ACCESS_DENIED = &H1 Const ADS_ACETYPE_SYSTEM_AUDIT = &H2 Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5 Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7 'AD ACE options: Flags Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1 Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2 'Some schemaIDGUIDs Const SCHEMAIDGUID_USER = "{BF967ABA-0DE6-11D0-A285-00AA003049E2}" Const SCHEMAIDGUID_GROUP = "{BF967A9C-0DE6-11D0-A285-00AA003049E2}" Const SCHEMAIDGUID_COMPUTER = "{BF967A86-0DE6-11D0-A285-00AA003049E2}" Const SCHEMAIDGUID_CONTACT = "{5CB41ED0-0E4C-11D0-A286-00AA003049E2}" Const SCHEMAIDGUID_OU = "{BF967AA5-0DE6-11D0-A285-00AA003049E2}" Const SCHEMAIDGUID_PRINTER = "{BF967AA8-0DE6-11D0-A285-00AA003049E2}" 'Some extended rights Const GUID_ACCOUNT_RESTRICTIONS = "{4C164200-20C0-11D0-A768-00AA006E0529}" Const GUID_VALIDATED_SPN = "{F3A64788-5306-11D1-A9C5-0000F80367C1}" Const GUID_VALIDATED_DNSHOST = "{72E39547-7B18-11D1-ADEF-00C04FD8D5CD}" Const GUID_RESET_PASSWORD = "{00299570-246D-11D0-A768-00AA006E0529}" 'ADs Types Const ADSTYPE_INVALID = 0 Const ADSTYPE_DN_STRING = 1 Const ADSTYPE_CASE_EXACT_STRING = 2 Const ADSTYPE_CASE_IGNORE_STRING = 3 Const ADSTYPE_PRINTABLE_STRING = 4 Const ADSTYPE_NUMERIC_STRING = 5 Const ADSTYPE_BOOLEAN = 6 Const ADSTYPE_INTEGER = 7 Const ADSTYPE_OCTET_STRING = 8 Const ADSTYPE_UTC_TIME = 9 Const ADSTYPE_LARGE_INTEGER = 10 Const ADSTYPE_PROV_SPECIFIC = 11 Const ADSTYPE_OBJECT_CLASS = 12 Const ADSTYPE_CASEIGNORE_LIST = 13 Const ADSTYPE_OCTET_LIST = 14 Const ADSTYPE_PATH = 15 Const ADSTYPE_POSTALADDRESS = 16 Const ADSTYPE_TIMESTAMP = 17 Const ADSTYPE_BACKLINK = 18 Const ADSTYPE_TYPEDNAME = 19 Const ADSTYPE_HOLD = 20 Const ADSTYPE_NETADDRESS = 21 Const ADSTYPE_REPLICAPOINTER = 22 Const ADSTYPE_FAXNUMBER = 23 Const ADSTYPE_EMAIL = 24 Const ADSTYPE_NT_SECURITY_DESCRIPTOR = 25 Const ADSTYPE_UNKNOWN = 26 Const ADSTYPE_DN_WITH_BINARY = 27 Const ADSTYPE_DN_WITH_STRING = 28 'Error codes Const E_ADS_PROPERTY_NOT_FOUND = &H8000500D Const ERROR_OBJECT_ALREADY_EXISTS = &H80071392 Const ERROR_DS_NO_ATTRIBUTE_OR_VALUE = &H8007200A Const ERROR_DS_NO_SUCH_OBJECT = &H80072030 Const ERROR_DS_UNWILLING_TO_PERFORM = &H80072035 'Schema searchFlags Const ATTR_INDEXED = &H1 Const ATTR_INDEXED_OVER_CONT_AND_ATTR = &H2 Const ATTR_PART_OF_ANR_SET = &H4 Const ATTR_SURVIVE_DELETION = &H8 Const ATTR_COPY_WITH_USER = &H10 'Schema systemFlags Const ATTR_NOT_REPLICATED = &H1 Const ATTR_IS_CONSTRUCTED = &H4 Const ATTR_IS_BASE_SCHEMA = &H10 'User account options Const UF_SCRIPT = &H0001 Const UF_ACCOUNTDISABLE = &H0002 Const UF_HOMEDIR_REQUIRED = &H0008 Const UF_LOCKOUT = &H0010 Const UF_PASSWD_NOTREQD = &H0020 Const UF_PASSWD_CANT_CHANGE = &H0040 Const UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H0080 Const UF_DONT_EXPIRE_PASSWD = &H10000 Const UF_MNS_LOGON_ACCOUNT = &H20000 Const UF_SMARTCARD_REQUIRED = &H40000 Const UF_TRUSTED_FOR_DELEGATION = &H80000 Const UF_NOT_DELEGATED = &H100000 Const UF_USE_DES_KEY_ONLY = &H200000 Const UF_DONT_REQUIRE_PREAUTH = &H400000 Const UF_TEMP_DUPLICATE_ACCOUNT = &H0100 'local account Const UF_NORMAL_ACCOUNT = &H0200 'global account Const UF_INTERDOMAIN_TRUST_ACCOUNT = &H0800 'incoming trust Const UF_WORKSTATION_TRUST_ACCOUNT = &H1000 'ws or ms comp Const UF_SERVER_TRUST_ACCOUNT = &H2000 'dc computer 'Group scopes and types Const ADS_GROUP_TYPE_GLOBAL_GROUP = &H2 Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = &H4 Const ADS_GROUP_TYPE_LOCAL_GROUP = &H4 Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &H8 Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000 'Well-known GUIDs Const GUID_USERS_CONTAINER = "a9d1ca15768811d1aded00c04fd8d5cd" Const GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd" Const GUID_SYSTEMS_CONTAINER = "ab1d30f3768811d1aded00c04fd8d5cd" Const GUID_DOMAIN_CONTROLLERS_CONTAINER = "a361b2ffffd211d1aa4b00c04fd7d83a" Const GUID_INFRASTRUCTURE_CONTAINER = "2fbac1870ade11d297c400c04fd8d5cd" Const GUID_DELETED_OBJECTS_CONTAINER = "18e2ea80684f11d2b9aa00c04f79f805" Const GUID_LOSTANDFOUND_CONTAINER = "ab8153b7768811d1aded00c04fd8d5cd" 'Service status codes Const ADS_SERVICE_STOPPED = 1 Const ADS_SERVICE_START_PENDING = 2 Const ADS_SERVICE_STOP_PENDING = 3 Const ADS_SERVICE_RUNNING = 4 Const ADS_SERVICE_CONTINUE_PENDING = 5 Const ADS_SERVICE_PAUSE_PENDING = 6 Const ADS_SERVICE_PAUSED = 7 Const ADS_SERVICE_ERROR = 8 'OpenDSObject authentication mode Const ADS_SECURE_AUTHENTICATION = &H1 Const ADS_USE_ENCRYPTION = &H2 Const ADS_USE_SSL = &H2 Const ADS_READONLY_SERVER = &H4 Const ADS_PROMPT_CREDENTIALS = &H8 Const ADS_NO_AUTHENTICATION = &H10 Const ADS_FAST_BIND = &H20 Const ADS_USE_SIGNING = &H40 Const ADS_USE_SEALING = &H80 Const ADS_USE_DELEGATION = &H100 Const ADS_SERVER_BIND = &H200 'ADO/LDAP referral chasing options Const ADS_CHASE_REFERRALS_NEVER = 0 Const ADS_CHASE_REFERRALS_SUBORDINATE = &H20 Const ADS_CHASE_REFERRALS_EXTERNAL = &H40 Const ADS_CHASE_REFERRALS_ALWAYS = &H60 '&H20 + &H40 'ADO/LDAP search scope options Const ADS_SCOPE_BASE = 0 Const ADS_SCOPE_ONELEVEL = 1 Const ADS_SCOPE_SUBTREE = 2 'PutEx modes Const ADS_PROPERTY_CLEAR = 1 Const ADS_PROPERTY_UPDATE = 2 Const ADS_PROPERTY_APPEND = 3 Const ADS_PROPERTY_DELETE = 4 'IADsNameTranslate name types Const ADS_NAME_TYPE_1779 = 1 Const ADS_NAME_TYPE_CANONICAL = 2 Const ADS_NAME_TYPE_NT4 = 3 Const ADS_NAME_TYPE_DISPLAY = 4 Const ADS_NAME_TYPE_DOMAIN_SIMPLE = 5 Const ADS_NAME_TYPE_ENTERPRISE_SIMPLE = 6 Const ADS_NAME_TYPE_GUID = 7 Const ADS_NAME_TYPE_UNKNOWN = 8 Const ADS_NAME_TYPE_USER_PRINCIPAL_NAME = 9 Const ADS_NAME_TYPE_CANONICAL_EX = 10 Const ADS_NAME_TYPE_SERVICE_PRINCPAL_NAME = 11 Const ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME = 12