How to get llama 2 up and running , in a VM, with no GPU, and limited memory on Ubuntu

-
Image
OK I decided to write this up after unsuccessfully being able to find all the required info I needed in one place. In this setup we will be using Ubuntu Server 22.04.2 LTS as the OS. I have this running on a home lab ESXi server 8, on a HP Compaq Pro 6300 SFF CPU = Intel Core i7-3770 Installed Memory 16 GB I have some 10K SAS drives installed for the VM's If you have not already, navigate to  Get Ubuntu Server | Download | Ubuntu and download the 22.04.2 LTS ISO Next Lets create our VM that we are going to run this in. *Note Im using ESXi however you can probably do this in Workstation, Fusion, VirtualBox etc The main things to note on the VM creation. Set Ubuntu 64 bit as the guest OS Set your CPU relevant to the physicals CPU, I will be starting with 4 VCPU Set your Memory to as much as you can tolerate, I will be using 12 Disk Space - we are creating a 100G swap file, and the rest of the file can take up some room , so more is better if you can afford it Dont forget to add the U
Post a Comment

Active Directory Scripting

-
I was looking for a script the other day and found this post very helpful

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/groups/


Adding 1,000 Users to a Security Group


Demonstration script that creates a security group named Group1, and adds one thousand users (UserNo1 through UserNo10000) to that group. This script is not intended for use in a production environment.
Const ADS_PROPERTY_APPEND = 3
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
                             objRootDSE.Get("defaultNamingContext"))
Set objGroup = objContainer.Create("Group", "cn=Group1")
objGroup.Put "sAMAccountName","Group1"
objGroup.SetInfo
For i = 1 To 1000
strDN = ",cn=Users," & objRootDSE.defaultNamingContext
objGroup.PutEx ADS_PROPERTY_APPEND, "member", _
  Array("cn=UserNo" & i & strDN)
objGroup.SetInfo
Next
WScript.Echo "Group1 created and 1000 Users added to the group."

Adding New Members to a Group


Adds two groups (Executives and Scientists) and one user account (MyerKen) to the Sea-Users group in Active Directory. 
Const ADS_PROPERTY_APPEND = 3

Set objGroup = GetObject _
("LDAP://cn=Sea-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")

objGroup.PutEx ADS_PROPERTY_APPEND, "member", _
  Array("cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com", _
    "cn=Executives,ou=Management,dc=NA,dc=fabrikam,dc=com", _
    "cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")

objGroup.SetInfo

Assigning a Group Manager


Assigns user MyerKen as the manager of the Active Directory security group named Scientists. 
Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

objGroup.Put "managedBy", "cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com"
objGroup.SetInfo

Changing the Scope of a Group


Changes a global distribution group named Scientists to a universal security group. 
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000

Set objGroup = GetObject _
 ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

objGroup.Put "groupType", _
ADS_GROUP_TYPE_GLOBAL_GROUP + ADS_GROUP_TYPE_SECURITY_ENABLED

objGroup.SetInfo

Creating a Domain Local Distribution Group


Creates a domain local Active Directory distribution group named Vendors.
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")
Set objGroup = objOU.Create("Group", "cn=Vendors")
objGroup.Put "sAMAccountName", "vendors"
objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
objGroup.SetInfo

Creating a Global Security Group


Creates a global Active Directory security group named HR-Employees. 
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")
Set objGroup = objOU.Create("Group", "cn=HR-Employees")
objGroup.Put "sAMAccountName", "HRStaff"
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
  ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

Creating a Universal Distribution Group


Creates a universal Active Directory distribution group named Customers. 
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Set objOU = GetObject("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
Set objGroup = objOU.Create("Group", "cn=Customers")
objGroup.Put "sAMAccountName", "customers"
objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP
objGroup.SetInfo

Creating a Universal Security Group


Creates a universal Active Directory security group named All-Employees. 
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Set objOU = GetObject("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")
Set objGroup = objOU.Create("Group", "cn=All-Employees")
objGroup.Put "sAMAccountName", "AllEmployees"
objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP Or _
 ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo

Deleting a Group from Active Directory


Deletes a group named atl-users from the HR organizational unit in the hypothetical domain fabrikam.com. 
Set objOU = GetObject("LDAP://ou=hr, dc=fabrikam,dc=com")
objOU.Delete "group", "cn=atl-users"

Determining Other Groups a Group Belongs To


Returns a list of all the groups that the Active Directory security group Scientists is a member of. 
On Error Resume Next

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo

arrMembersOf = objGroup.GetEx("memberOf")

WScript.Echo "MembersOf:"
For Each strMemberOf in arrMembersOf
WScript.Echo strMemberOf
Next

Determining the Primary Group for a User Account


Reports the primary group for the MyerKen Active Directory user account. 
On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
intPrimaryGroupID = objUser.Get("primaryGroupID")

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
  ";(objectCategory=Group);" & _
      "distinguishedName,primaryGroupToken;subtree"
Set objRecordSet = objCommand.Execute

While Not objRecordset.EOF
  If objRecordset.Fields("primaryGroupToken") = intPrimaryGroupID Then
      WScript.Echo "Primary group:"
      WScript.Echo objRecordset.Fields("distinguishedName") & _
          " (primaryGroupID: " & intPrimaryGroupID & ")"
  End If
  objRecordset.MoveNext
Wend

objConnection.Close

Enumerating Group Members


Retrieves the memberOf and primaryGroupID attributes of a user account to display group membership. Note that the primaryGroupID attribute contains an integer that maps to the name of the primary group. The memberOf attribute does not contain the name of the primary group of which the user is a member.
On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Set objOU = GetObject _
  ("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")

ObjOU.Filter= Array("user")

For Each objUser in objOU
  WScript.Echo objUser.cn & " is a member of: "
  WScript.Echo vbTab & "Primary Group ID: " & _
  objUser.Get("primaryGroupID")

  arrMemberOf = objUser.GetEx("memberOf")

  If Err.Number <>  E_ADS_PROPERTY_NOT_FOUND Then
      For Each Group in arrMemberOf
      WScript.Echo vbTab & Group
      Next
  Else
      WScript.Echo vbTab & "memberOf attribute is not set"
      Err.Clear
    End If
  Wscript.Echo VbCrLf
Next

Identifying the Owner of a Group


Returns the owner of an Active Directory security group named Scientists. 
Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

Set objNtSecurityDescriptor = objGroup.Get("ntSecurityDescriptor")

WScript.Echo "Owner Tab"
WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner

Modifying Group Properties


Modifies both single-value (samAccountName, mail, info) and multi-value (description) attributes for a group named Scientists. 
Const ADS_PROPERTY_UPDATE = 2
Set objGroup = GetObject _
 ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

objGroup.Put "sAMAccountName", "Scientist01"
objGroup.Put "mail", "YoungRob@fabrikam.com"
objGroup.Put "info", "Use this group for official communications " & _
"with scientists who are contracted to work with Contoso.com."

objGroup.PutEx ADS_PROPERTY_UPDATE, _
  "description", Array("Scientist Mailing List")

objGroup.SetInfo

Modifying Group Type


Changes a local group named Scientists to a global security group.
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000

Set objGroup = GetObject _
 ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

objGroup.Put "groupType", _
ADS_GROUP_TYPE_UNIVERSAL_GROUP + ADS_GROUP_TYPE_SECURITY_ENABLED

objGroup.SetInfo

Moving a Group Within a Domain


Moves a group account from the HR OU to the Users container.
Set objOU = GetObject("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")
objOU.MoveHere "LDAP://cn=atl-users,ou=HR,dc=NA,dc=fabrikam,dc=com", _
  vbNullString

Reading the General Properties for a Group


Reads the values found on the General Properties page in Active Directory Users and Computers for a group named Scientists.
On Error Resume Next
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo

strName = objGroup.Get("name")
strSAMAccountName = objGroup.Get("sAMAccountName")
strMail = objGroup.Get("mail")
intgroupType = objGroup.Get("groupType")
strInfo = objGroup.Get("info")

strDescription = objGroup.GetEx("description")

WScript.Echo "name: " & strName
WScript.Echo "sAMAccountName: " & strSAMAccountName
WScript.Echo "mail: " & strMail
WScript.Echo "info: " & strInfo

WScript.StdOut.Write "Group scope: "
If intGroupType AND ADS_GROUP_TYPE_LOCAL_GROUP Then
WScript.Echo "Domain local"
ElseIf intGroupType AND ADS_GROUP_TYPE_GLOBAL_GROUP Then
WScript.Echo "Global"
ElseIf intGroupType AND ADS_GROUP_TYPE_UNIVERSAL_GROUP Then
WScript.Echo "Universal"
Else
WScript.Echo "Unknown"
End If

WScript.StdOut.Write "Group type: "
If intGroupType AND ADS_GROUP_TYPE_SECURITY_ENABLED Then
WScript.Echo "Security group"
Else
WScript.Echo "Distribution group"
End If

For Each strValue in strDescription
WScript.Echo "description: " & strValue
Next

Reading the Security Descriptor for a Group


Returns information found on the security descriptor for the Active Directory group named Scientists. This script must be run under CScript.
Const SE_DACL_PROTECTED = &H1000

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

Set objNtSecurityDescriptor = objGroup.Get("ntSecurityDescriptor")

intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control

WScript.Echo "Permissions Tab"
WScript.StdOut.WriteLine "Allow inheritable permissions from the parent to"
WScript.StdOut.Write "propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
Wscript.Echo "is disabled."
Else
WScript.Echo "is enabled."
End If
WScript.Echo VbCr

Set objDiscretionaryAcl = objNtSecurityDescriptor.DiscretionaryAcl
DisplayAceInformation objDiscretionaryAcl, "DACL"

Sub DisplayAceInformation(SecurityStructure, strType)
Const ADS_ACETYPE_ACCESS_ALLOWED = &H0
Const ADS_ACETYPE_ACCESS_DENIED = &H1
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
intAceCount = 0
For Each objAce In SecurityStructure
  strTrustee = Mid(objAce.Trustee,1,12)
  If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
    intAceCount = intAceCount + 1
    WScript.Echo strType & " permission entry: " & intAceCount
    WScript.Echo "Name: " & objAce.Trustee

    intAceType = objAce.AceType
    If (intAceType = ADS_ACETYPE_ACCESS_ALLOWED Or _
      intAceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT) Then
      WScript.Echo "Type: Allow Access"
    ElseIf (intAceType = ADS_ACETYPE_ACCESS_DENIED Or _
      intAceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) Then
      WScript.StdOut.Write "Type: Deny Acess"
    Else
      WScript.Echo "Acess Type Unknown."
    End If
    ReadBitsInAccessMask(objAce.AccessMask)
    WScript.Echo VbCr
  End If
Next
End Sub

Sub ReadBitsInAccessMask(AccessMask)
Const ADS_RIGHT_DELETE = &H10000
Const ADS_RIGHT_READ_CONTROL = &H20000
Const ADS_RIGHT_WRITE_DAC = &H40000
Const ADS_RIGHT_WRITE_OWNER = &H80000
Const ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_DELETE_CHILD = &H2
Const ADS_RIGHT_ACTRL_DS_LIST = &H4
Const ADS_RIGHT_DS_SELF = &H8
Const ADS_RIGHT_DS_READ_PROP = &H10
Const ADS_RIGHT_DS_WRITE_PROP = &H20
Const ADS_RIGHT_DS_DELETE_TREE = &H40
Const ADS_RIGHT_DS_LIST_OBJECT = &H80
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100

WScript.Echo VbCrLf & "Standard Access Rights"
If (AccessMask And ADS_RIGHT_DELETE) Then _
  WScript.Echo vbTab & "-Delete an object."
If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
  WScript.Echo vbTab & "-Read permissions."
If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
  WScript.Echo vbTab & "-Write permissions."
If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
  WScript.Echo vbTab & "-Modify owner."

WScript.Echo VbCrLf & "Directory Service Specific Access Rights"
If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
  WScript.Echo vbTab & "-Create child objects."
If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
  WScript.Echo vbTab & "-Delete child objects."
If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
  WScript.Echo vbTab & "-Enumerate an object."
If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
  WScript.Echo vbTab & "-Read the properties of an object."
If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
  WScript.Echo vbTab & "-Write the properties of an object."
If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
  WScript.Echo vbTab & "-Delete a tree of objects"
If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
  WScript.Echo vbTab & "-List a tree of objects."

WScript.Echo VbCrLf & "Control Access Rights"
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
  (AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
  WScript.Echo "-None"
Else
  If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
    WScript.Echo vbTab & "-Extended access rights."
  If (AccessMask And ADS_RIGHT_DS_SELF) Then
    WScript.Echo vbTab & "-Active Directory must validate a property "
    WScript.Echo vbTab & " write operation beyond the schema definition "
    WScript.Echo vbTab & " for the attribute."
  End If
End If
End Sub

Reading the System Access Control List for a Group


Returns information found on the System Access Control List (SACL) for an Active Directory security group named Scientists. 
Const SE_SACL_PROTECTED = &H2000
Const ADS_SECURITY_INFO_OWNER = &H1
Const ADS_SECURITY_INFO_GROUP = &H2
Const ADS_OPTION_SECURITY_MASK =&H3
Const ADS_SECURITY_INFO_DACL = &H4
Const ADS_SECURITY_INFO_SACL = &H8

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

objGroup.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_OWNER _
Or ADS_SECURITY_INFO_GROUP Or ADS_SECURITY_INFO_DACL _
Or ADS_SECURITY_INFO_SACL

Set objNtSecurityDescriptor = objGroup.Get("ntSecurityDescriptor")

intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control

WScript.Echo "Auditing Tab"
WScript.StdOut.WriteLine "Allow inheritable auditing entries from" & _
"the parent to "
WScript.StdOut.Write "propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_SACL_PROTECTED) Then
Wscript.Echo "is disabled."
Else
WScript.Echo "is enabled."
End If
WScript.Echo VbCr

Set objSacl = objNtSecurityDescriptor.SystemAcl
DisplayAceInformation objSacl, "SACL"

Sub DisplayAceInformation(SecurityStructure, strType)
Const ADS_ACETYPE_SYSTEM_AUDIT = &H2
Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7

intAceCount = 0
For Each objAce In SecurityStructure
  strTrustee = Mid(objAce.Trustee,1,12)
  If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
    intAceCount = intAceCount + 1
    WScript.Echo strType & " permission entry: " & intAceCount
    WScript.Echo "Name: " & objAce.Trustee

    intAceType = objAce.AceType
    WScript.Echo "ACETYPE IS: " & intAceType
    If (intAceType = ADS_ACETYPE_SYSTEM_AUDIT or _
     intAceType = ADS_ACETYPE_SYSTEM_AUDIT_OBJECT) Then
      WScript.StdOut.Write "Type: Success or Failure Audit"
    Else
      WScript.StdOut.Write "Audit Type Unknown."
    End If
    ReadBitsInAccessMask(objAce.AccessMask)
    WScript.Echo VbCr
  End If
Next
End Sub

Sub ReadBitsInAccessMask(AccessMask)
Const ADS_RIGHT_DELETE = &H10000
Const ADS_RIGHT_READ_CONTROL = &H20000
Const ADS_RIGHT_WRITE_DAC = &H40000
Const ADS_RIGHT_WRITE_OWNER = &H80000
Const ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_DELETE_CHILD = &H2
Const ADS_RIGHT_ACTRL_DS_LIST = &H4
Const ADS_RIGHT_DS_SELF = &H8
Const ADS_RIGHT_DS_READ_PROP = &H10
Const ADS_RIGHT_DS_WRITE_PROP = &H20
Const ADS_RIGHT_DS_DELETE_TREE = &H40
Const ADS_RIGHT_DS_LIST_OBJECT = &H80
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100

WScript.Echo VbCrLf & "Standard Access Rights"
If (AccessMask And ADS_RIGHT_DELETE) Then _
  WScript.Echo vbTab & "-Delete an object."
If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
  WScript.Echo vbTab & "-Read permissions."
If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
  WScript.Echo vbTab & "-Write permissions."
If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
  WScript.Echo vbTab & "-Modify owner."

WScript.Echo VbCrLf & "Directory Service Specific Access Rights"
If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
  WScript.Echo vbTab & "-Create child objects."
If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
  WScript.Echo vbTab & "-Delete child objects."
If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
  WScript.Echo vbTab & "-Enumerate an object."
If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
  WScript.Echo vbTab & "-Read the properties of an object."
If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
  WScript.Echo vbTab & "-Write the properties of an object."
If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
  WScript.Echo vbTab & "-Delete a tree of objects"
If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
  WScript.Echo vbTab & "-List a tree of objects."

WScript.Echo VbCrLf & "Control Access Rights"
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
  (AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
  WScript.Echo "-None"
Else
  If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
    WScript.Echo vbTab & "-Extended access rights."
  If (AccessMask And ADS_RIGHT_DS_SELF) Then
    WScript.Echo vbTab & "-Active Directory must validate a property "
    WScript.Echo vbTab & " write operation beyond the schema definition "
    WScript.Echo vbTab & " for the attribute."
  End If
End If
End Sub

Removing All the Members of a Group


Removes all the members of an Active Directory group named Sea-Users. 
Const ADS_PROPERTY_CLEAR = 1

Set objGroup = GetObject _
("LDAP://cn=Sea-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")

objGroup.PutEx ADS_PROPERTY_CLEAR, "member", 0

objGroup.SetInfo

Removing a Group Manager


Removes the manager entry for the Active Directory security group named Scientists. When this script is run, the group will no longer have an assigned manager.
Const ADS_PROPERTY_CLEAR = 1

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.PutEx ADS_PROPERTY_CLEAR, "managedBy", 0
objGroup.SetInfo

Removing a User from All Active Directory Security Groups


Removes the MyerKen user account from all Active Directory security groups.
On Error Resume Next
Const ADS_PROPERTY_DELETE = 4
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
arrMemberOf = objUser.GetEx("memberOf")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
  WScript.Echo "This account is not a member of any security groups."
  WScript.Quit
End If

For Each Group in arrMemberOf
  Set objGroup = GetObject("LDAP://" & Group)
  objGroup.PutEx ADS_PROPERTY_DELETE, _
      "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
  objGroup.SetInfo
Next

Removing a User from a Group


Removes user MyerKen from the group Sea-Users. 
Const ADS_PROPERTY_DELETE = 4

Set objGroup = GetObject _
("LDAP://cn=Sea-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")

objGroup.PutEx ADS_PROPERTY_DELETE, _
"member", _
  Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")

objGroup.SetInfo

Replacing Group Membership


Replaces the existing membership of a group named Scientists with two new group members: YoungRob and ShenAlan. 
Const ADS_PROPERTY_UPDATE = 2

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

objGroup.PutEx ADS_PROPERTY_UPDATE, "member", _
  Array("cn=YoungRob,ou=R&D,dc=NA,dc=fabrikam,dc=com", _
    "cn=ShenAlan,ou=R&D,dc=NA,dc=fabrikam,dc=com")

objGroup.SetInfo

Retrieving the Active Directory Groups a User Belongs To


Returns a list of all the Active Directory security groups (including the primary group) that include the MyerKen user account as a member. 
On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")

intPrimaryGroupID = objUser.Get("primaryGroupID")
arrMemberOf = objUser.GetEx("memberOf")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
  WScript.Echo "The memberOf attribute is not set."
Else
  WScript.Echo "Member of: "
  For each Group in arrMemberOf
      WScript.Echo Group
  Next
End If

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
";(objectCategory=Group);" & _
"distinguishedName,primaryGroupToken;subtree"
Set objRecordSet = objCommand.Execute

While Not objRecordset.EOF
  If objRecordset.Fields("primaryGroupToken") = intPrimaryGroupID Then
      WScript.Echo "Primary group:"
      WScript.Echo objRecordset.Fields("distinguishedName") & _
          " (primaryGroupID: " & intPrimaryGroupID & ")"
  End If
  objRecordset.MoveNext
Wend

objConnection.Close

Returns a list of mandatory and optional attributes of the group class (as stored in the Active Directory schema).


Returning the Attributes of the Group Class
Set objGroupClass = GetObject("LDAP://schema/group")
Set objSchemaClass = GetObject(objGroupClass.Parent)

i = 0
WScript.Echo "Mandatory attributes:"
For Each strAttribute in objGroupClass.MandatoryProperties
i= i + 1
WScript.StdOut.Write i & vbTab & strAttribute
Set objAttribute = objSchemaClass.GetObject("Property",  strAttribute)
WScript.StdOut.Write " (Syntax: " & objAttribute.Syntax & ")"
If objAttribute.MultiValued Then
  WScript.Echo " Multivalued"
Else
  WScript.Echo " Single-valued"
End If
Next

WScript.Echo VbCrLf & "Optional attributes:"
For Each strAttribute in objGroupClass.OptionalProperties
i= i + 1
WScript.StdOut.Write i & vbTab & strAttribute
Set objAttribute = objSchemaClass.GetObject("Property",  strAttribute)
WScript.StdOut.Write " [Syntax: " & objAttribute.Syntax & "]"
If objAttribute.MultiValued Then
  WScript.Echo " Multivalued"
Else
  WScript.Echo " Single-valued"
End If
Next

Returning Group Object Information


Retrieves the information found on the Object page in Active Directory Users and Computers for a security group named Scientists. 
Set objGroup = GetObject _
("GC://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

strWhenCreated = objGroup.Get("whenCreated")
strWhenChanged = objGroup.Get("whenChanged")

Set objUSNChanged = objGroup.Get("uSNChanged")
dblUSNChanged = _
Abs(objUSNChanged.HighPart * 2^32 + objUSNChanged.LowPart)

Set objUSNCreated = objGroup.Get("uSNCreated")
dblUSNCreated = _
Abs(objUSNCreated.HighPart * 2^32 + objUSNCreated.LowPart)

objGroup.GetInfoEx Array("canonicalName"), 0
arrCanonicalName = objGroup.GetEx("canonicalName")

WScript.echo "CanonicalName of object:"
For Each strValue in arrCanonicalName
WScript.echo vbTab & strValue
Next
WScript.Echo vbCr

WScript.Echo "Object class: " & objGroup.Class & vbCrLf
WScript.echo "whenCreated: " & strWhenCreated & " (Created - GMT)"
WScript.echo "whenChanged: " & strWhenChanged & " (Modified - GMT)"
WScript.Echo VbCrLf
WScript.Echo "uSNChanged: " & dblUSNChanged & " (USN Current)"
WScript.Echo "uSNCreated: " & dblUSNCreated & " (USN Original)"

Returning a List of Group Members


Returns the members of an Active Directory group named Scientists.
On Error Resume Next

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

WScript.Echo "Members:"
For Each strMember in arrMemberOf
WScript.echo strMember
Next

Returning Managed By Information for a Group


Returns information about the manager assigned to an Active Directory security group named Scientists. 
On Error Resume Next

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

strManagedBy = objGroup.Get("managedBy")

If IsEmpty(strManagedBy) = TRUE Then
WScript.Echo "No user account is assigned to manage " & _
  "this group."
Else
Set objUser = GetObject("LDAP://" & strManagedBy)
strPhysicalDeliveryOfficeName = _
  objUser.Get("physicalDeliveryOfficeName")
strStreetAddress = objUser.Get("streetAddress")
strLocalityName = objUser.Get("l")
strStateProvince = objUser.Get("st")
strCountryName = objUser.Get("c")
strTelephoneNumber = objUser.Get("telephoneNumber")
strFacsimileTelephoneNumber = _
  objUser.Get("facsimileTelephoneNumber")

Call GetUpdateMemberList

WScript.echo "physicalDeliveryOfficeName: " & _
  strPhysicalDeliveryOfficeName
WScript.echo "streetAddress: " & strStreetAddress
WScript.echo "l: " & strLocalityName
WScript.echo "state/province: " & strStateProvince
WScript.echo "c: " & strCountryName
WScript.echo "telephoneNumber: " & strTelephoneNumber
WScript.echo "facsimileTelephoneNumber: " & _
  strFacsimileTelephoneNumber
End If

Sub GetUpdateMemberList
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const Member_SchemaIDGuid = "{BF9679C0-0DE6-11D0-A285-00AA003049E2}"
Const ADS_RIGHT_DS_WRITE_PROP = &H20
objUser.GetInfoEx Array("canonicalName"),0
strCanonicalName = objUser.Get("canonicalName")
strDomain = Mid(strCanonicalName,1,InStr(1,strCanonicalName,".")-1)
strSAMAccountName = objUser.Get("sAMAccountName")

Set objNtSecurityDescriptor = objGroup.Get("ntSecurityDescriptor")
Set objDiscretionaryAcl = objNtSecurityDescriptor.DiscretionaryAcl

blnMatch = False
For Each objAce In objDiscretionaryAcl
  If LCase(objAce.Trustee) = _
    LCase(strDomain & "\" & strSAMAccountName) AND _
    objAce.ObjectType =  Member_SchemaIDGuid AND _
    objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT AND _
    objAce.AccessMask And ADS_RIGHT_DS_WRITE_PROP Then
    blnMatch = True
  End If
Next
If blnMatch Then
  WScript.Echo "Manager can update the member list"
Else
  WScript.Echo "Manager cannot update the member list."
End If
End Sub

Comments

Post a Comment

Popular posts from this blog

vSphere 7 - Specify a vmkernel adapter to use for NFS datastores Step By Step \ Walkthrough on a DVS

-
Image
 Recently I needed to setup a NFS server but needed it to specifically be on a specific vmkernel adapter. I found this KB https://kb.vmware.com/s/article/50112854 however there were some things missing so I decided to write this walkthrough incase it helps any one else. First thing , remove all NFS mounted datastores if you haven't already. I ran through this on 7.0.2 however is probably the same for other versions. Step 1: This is going to be on a DVS, so we want to go ahead and create a port group to silo off our NFS traffic. To make life easy, we will just call it NFS Static binding and elastic port allocation were the defaults so I let these there. If you are VLAN'ing your traffic modify this info here, and complete the wizard. Next put your host into Maintenance Mode We are going to add a New TCP/IP stack to the host. First check that you have not already created one in the UI by opening a browser to the ESXi host, navigate to networking > TCP/IP Stacks SSH into your ES
Read more

Horizon View 2-factor Authentication for Free! with Google Authenticator or others

-
Image
So after quite a bit of work on my proof of concept google authenticator server, a colleague pointed out that LinOPT has already created this, along a whole slew of other options. So after spending a couple of nights reading and testing I figured id post a simple walk-through to get this up and running in your environment. As mentioned in the title this is a Free solution , however if you are wanting to scale this in a large organization you would most likely want to explore their support contracts , this is a good fall back when things just don't work and this also help the developers keep this type of software free for the rest of us. To start off we want to create 2 objects in Active Director. The first is just a standard user account LinOTP will use to connect to your domain. You can put these any where in your domain as we will access them directly later. In my case i create one called 'LinOTP Svc' and put it in the default Users OU. Next create a Global or
Read more

How to get llama 2 up and running , in a VM, with no GPU, and limited memory on Ubuntu

-
Image
OK I decided to write this up after unsuccessfully being able to find all the required info I needed in one place. In this setup we will be using Ubuntu Server 22.04.2 LTS as the OS. I have this running on a home lab ESXi server 8, on a HP Compaq Pro 6300 SFF CPU = Intel Core i7-3770 Installed Memory 16 GB I have some 10K SAS drives installed for the VM's If you have not already, navigate to  Get Ubuntu Server | Download | Ubuntu and download the 22.04.2 LTS ISO Next Lets create our VM that we are going to run this in. *Note Im using ESXi however you can probably do this in Workstation, Fusion, VirtualBox etc The main things to note on the VM creation. Set Ubuntu 64 bit as the guest OS Set your CPU relevant to the physicals CPU, I will be starting with 4 VCPU Set your Memory to as much as you can tolerate, I will be using 12 Disk Space - we are creating a 100G swap file, and the rest of the file can take up some room , so more is better if you can afford it Dont forget to add the U
Read more