I assume that it can be done by using a vbscript. You can check the example below and try the script in a test environment and fix any errors that is appearing during copy and paste:
Code:
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Const SE_DACL_PROTECTED = 0
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Size Limit")= 10000
objCommand.Properties("Page Size") = 10000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"<LDAP://ou=accounts,dc=itboard,dc=local>;"_
& "(objectCategory=user);sAMAccountName,distinguishedname;subtree"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
userDN = objRecordSet.Fields("distinguishedName").Value
set objObject = getobject("LDAP://" & userDN & "")
Set objntSD = objObject.Get("nTSecurityDescriptor")
intNTSDControl = objNtSD.Control
If intNTSDControl <> 35844 Then
‘ Enable "allow inheritable permissions".
intNTSDControl = intNTSDControl And SE_DACL_PROTECTED
objntSD.Control = intNTSDControl
objObject.Put "nTSecurityDescriptor", objntSD
objObject.SetInfo
WScript.Echo "Obiectul " & userDN & " a fost modificat"
End If
objRecordSet.MoveNext
Loop
Bookmarks