Active Directory doesn\’t let you edit the Dial-up of VPN access policies for multiple users at once through the GUI. You have to edit this setting one at a time for each user. This can be painstaking if you a lot of users. Luckily there is a VB script available like for almost everything else in AD.
Dim aConnection, aCommand, aResult, strLDAPPath, user, objUser
Const ADS_PROPERTY_CLEAR = 1
strLDAPPath = InputBox(\"Please enter the LDAP path of the OU:\")
WScript.Echo strLDAPPath
Set aConnection = CreateObject(\"ADODB.Connection\")
Set aCommand = CreateObject(\"ADODB.Command\")
aConnection.Provider = \"ADsDSOObject\"
aConnection.Open
aCommand.ActiveConnection = aConnection
aCommand.CommandText=\"
Set aResult = aCommand.Execute()
Do While Not aResult.EOF
strDN = aResult.Fields(\"distinguishedName\")
WScript.Echo strDN
Set objUser = GetObject(\"LDAP://\" & strDN)
\' Comment the following line to manage connection through Remote Access Policy
objUser.Put \"msNPAllowDialin\", FALSE
\' Uncomment the following line to manage connection through Remote Access Policy
\' objUser.PutEx ADS_PROPERTY_CLEAR, \"msNPAllowDialin\", 0
objUser.SetInfo
aResult.MoveNext
Loop
This script will update the access settings for a group of users in a particular OU. Once you run the script, a dialog box will ask you for this OU. Once this is set all users in that OU will be updated.
The AD property this script modifies is \’msNPAllowDialin\’. This property is accepts boolean values. So the three options are
To manage access via the Remote Access Policy, comment out the
objUser.Put \"msNPAllowDialin\", FALSE
and uncomment the
\' objUser.PutEx ADS_PROPERTY_CLEAR, \"msNPAllowDialin\", 0
line.
