Using the DigitalPersona LDS Administration Scripts

Some of the DigitalPersona LDS administrative functions are implemented through the use of VBScript.

These scripts are automatically copied to your computer during installation of the DigitalPersona LDS Administration Tools.

By default, they will be located in the following directory on the target computer:

Program Files\DigitalPersona\Altus Administration Tools\Scripts

Note: If a previous DigitalPersona product has been installed on the computer, scripts will be copied to [Install Directory]/DigitalPersona\Altus Administration Tools\Scripts

The available scripts are:

* Scripts designated by asterisks in the above list use text files (.csv) to input parameters to the scripts. These text files have the same name as the script with “UserList” added to the script name and a .csv extension. They require previous installation of the Microsoft Access Database Engine 2010 Redistributable in order to process the scripts. It is available for free download from http://www.microsoft.com/en-us/download/details.aspx

CSV Files

Each CSV file has a heading on the first line, “name.”

Important: This should not be changed.

The names of users to be processed by the script are then listed, one to each line.

The user name listed must be the exact user names as shown in the DigitalPersona LDS database. These can be viewed and verified using the Microsoft ADSI Edit tool.

Running the Scripts

Run a script by double-clicking on it, or from a command prompt.

Copy

For example:

cscript CountUtilizedLicenses.vbs

You can also choose to output any script results to a text file.

Copy

For example:

cscript CountUtilizedLicenses.vbs >> results.txt

The purpose and use of each script is explained in the following sections.

CountUtilizedLicenses

This script counts the number of utilized DigitalPersona LDS licenses (that is, every user from either Active Directory or AD LDS consumes one license).

Prerequisites: Requires the Microsoft Access Database Engine 2010 Redistributable.

In the CountUtilizedLicenses file, under the Constants section, verify the server name and port specified for the constant C_Server.

If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

CreateUserList

This script creates a list of users specified in the CreateUserList.csv file.

DeleteCredentials

This script deletes credentials for those users specified in the DeleteCredentials.csv file.

Prerequisites: Requires the Microsoft Access Database Engine 2010 Redistributable.
  1. In the DeleteCredentials.vbs file, under the Constants section, verify the server name and port specified for the constant C_Server.

    If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

  2. Find the GUID for the credential that you want to delete and copy it to the DeleteToken parameter “guidCredential”

  3. Under the Setup section, verify the location of the associated DeleteCredentialsUserList.csv file and revise the strCSVFolder string as necessary.

  4. In the associated text file, DeleteCredentials.cvs, list the user names whose specified credentials are to be deleted.

Note: Only one credential may be specified and deleted at a time. To delete an additional credential for the same list of users, simply change the “guid credential” parameter and run the script again.

DeleteUserList

This script creates a list of users specified in the CreateUserList.csv file.

FP+Pwd

This script sets the User must user Windows Password and Fingerprint to logon flag for all users specified in the associated .csv file.

Prerequisites: Requires the Microsoft Access Database Engine 2010 Redistributable.
  1. In the Fp+Pwd.vbs file, under the Setup section, edit the following variables:

    • strSearchAttribute - Enter the Active Directory attribute that is to be used to match rows in the CSV file to Active Directory user accounts.

      You should make sure to use unique attributes (for example, sAMAccountName (Pre Windows 2000 Login) or userPrincipalName).

      Other attributes can be used but are not guaranteed to be unique. If multiple user accounts are found, an error is returned and no update is performed.

    • strCSVFolder - Enter (or leave as default) the folder where the associated .csv file is located.

    • strCSVFile - Enter (or leave as default) the name of the associated .csv file.

  2. Run this script from a command prompt in cscript mode (for example, cscript Fp+Pwd.vbs or cscript Fp+Pwd.vbs >> results.txt) to output the results to a text file.

RandomizePassword

This script sets the Randomize user’s Windows password and User must change password at next logon flags for all users specified in the associated .csv file.

To force the specified users to change their passwords on their next logon the Password never expires flag should not be set.

Prerequisites: Requires the Microsoft Access Database Engine 2010 Redistributable.
  1. In the DeleteCredentials.vbs file, under the Constants section, verify the server name and port specified for the constant C_Server.

    If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

  2. Under the Setup section, verify the location of the associated RandomizePasswordUserList.csv file and revise the strCSVFolder string as necessary.

  3. In the associated text file, RandomizePassword.cvs, list the user names whose passwords are to be randomized.

UnlockAccount

This script removes the lock preventing the use of a fingerprint credential or DigitalPersona password for authentication, for any users specified in the associated .csv file.

Prerequisites: Requires the Microsoft Access Database Engine 2010 Redistributable.
  1. In the DeleteCredentials.vbs file, under the Constants section, verify the server name and port specified for the constant C_Server.

    If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

  2. Under the Setup section, verify the location of the associated UnlockAccountUserList.csv file and revise the strCSVFolder string as necessary.

  3. In the associated text file, UnlockAccountUserList.cvs, list the user names whose accounts are to be unlocked.