Active Directory Users

AutomateCreationofActiveDirectoryUserAccounts
Larry KeyesMicrodesign ConsultingInc. IamcurrentlyconfiguringuseraccountsforaWindows2003server,andIwanttoautomate addingaccounts. CheckingtheWindowsCommandLineAdministratorsPocketConsultantI findthefollowingcommandsyntax:

dsadduserUserDN samidSAMName [upnUPN][fnFirstName][miInitial] [lnLastName][displayDisplayName] [empidEmployeeID][pwd{Password|*}] [descDescription][memberofGroup...] [officeOffice][telPhoneNumber] [emailEmail][hometelHomePhoneNumber] [pagerPagerNumber][mobileCellPhoneNumber] [faxFaxNumber][iptelIPPhoneNumber][webpgWebPage] [titleTitle][deptDepartment][companyCompany] [mgrManager][hmdirHomeDirectory] [hmdrvDriveLetter:][profileProfilePath] [loscrScriptPath][mustchpwd{yes|no}] [canchpwd{yes|no}][reversiblepwd{yes|no}] [pwdneverexpires{yes|no}][acctexpiresNumberOfDays] [disabled{yes|no}][{sServer|dDomain}] [uUserName][p{Password|*}][q]
Eventryingthistoaddasingleaccountisprettydiscouraging.Thesyntaxisdescribedonthe MicrosoftXPwebsite. ThenIrememberthatImadatabaseprogrammer,andthatActiveDirectoryisreallyonlya database.Andyouwouldthinkthatyoucouldputalltheusersintoadatabasefile,andwritea reportwhichisreallya.CMDfiletoaddalloftheusers. Inotherwords,whatIwanttoend upwithisacommandfilethatlookslikethis:

ECHOCreatingUser:StefanAndres md\\mdwin2003\users\sandres dsadduser"CN=StefanAndres,CN=Users,DC=microdesign,& DC=mxdesign,DC=net"samid"sandres"display"StefanAndres"&pwd ztx98gwpfn"Stefan"ln"Andres"canchpwdnopwdneverexpiresyes& desc"TeachingStaff"officeColumbiahmdir\\mdwin2003\users\sandres& memberof"CN=CVABE,CN=users,DC=microdesign,DC=mxdesign,DC=net" ECHO. ECHOCreatingUser:KendraRome md\\mdwin2003\users\krome dsadduser"CN=KendraRome,CN=Users,DC=microdesign,& DC=mxdesign,DC=net"samid"krome"display"KendraRome"pwdxur24ebs& fn"Kendra"ln"Rome"&canchpwdnopwdneverexpiresyes&desc"Teaching Staff"officeColumbiahmdir\\mdwin2003\users\krome& memberof"CN=CVABE,CN=users,DC=microdesign,DC=mxdesign,DC=net" PAUSE
AutomatingCreationofActiveDirectoryUsers
Page1 of 4
Thebatchfiledoestwothings.TheMDcommandmakesahomedirectoryfortheuserina sharedfoldercalled\users.Nomysterythere.Thedsaddcommandistheallsingingalldancing commandtoaddtheusersnameandpassword,andanyotherinformationthatyouwanttoadd totheActiveDirectory.Thesesaredomainaccountsintendedforstaff usingworkstations attachedtotheserver.OncetheaccountsareaddedthroughtheCMDfile,theyappearinthe ActiveDirectoryUsersandComputersmanagementconsole. Walkingthroughthisversionofdsadd,itshowsthat: 1. Kendrasloginiskrome Herdisplayname,isKendraRome 2. Herpasswordisadded,withthreelowercaseletters,twodigitsandthreemorelower caseletters.Notethatthisdoesnotmeetthedefaultcomplexity passwordrequirements setinWindows2003.Thedefaultcanbealteredin thegrouppolicysnapin. 3. Thepasswordcannotbechangedanditdoesnotexpire. 4. ImcurrentlyusingtheADdescriptionfieldtoholdtheuserstitle. 5. TheADoffice fieldissettothenameofheroffice. 6. Isetherhomedirectorybasedonhername,tomatchthedirectorycreatedinthefirst command. 7. Finally,Iaddhertoagroup CVABE thatIvepreviouslycreated.Usersarealso automaticallyaddedtothebuiltin domainusersgroup.
Definingthedatabasetable
Thedatabaseisasingletable,whichcouldbecreatedinprettymuchanyprogram.Iendedup startingthetableinExcel,andthenexportedtheexcelspreadsheettoVisualFoxPro.However, aslongasyoucaneventuallyusethetabletowritetextoutput,youcanuseanyprogramtohold thedata.Evenacommadelimitedtextfilewilldo. FieldName Common Login Password First Last Canchpwd Passexpire Descrip Office Homedir Type Character Character Character Character Character Character Character Character Character Character Width 25 16 12 12 12 3 3 25 25 16 Comment CommonName,i.e.MarySmith LoginName,i.e.msmith Userspassword,i.e.,abc99xyz Usersfirstname Userslastname YesorNo(writtenout,notabooleanfield) YesorNo(writtenout,notabooleanfield) Userdescription Userslocation Sameastheloginname
InthespreadsheetoraFoxProBrowse, thedataitselfwilllooksomethinglikethis:
Page2 of 4
Thedatabasefieldnamesandlengtharearbitrary.Theymatchonetooneasubsetofthefields intheActivedirectorydialogboxes.IfIhadwantedtofillmoreoftheADfields,Iwouldcreate correspondingfieldsinmyusertable. Tocreatethecommandfilethatwilladdtheseusers,IusedtheVisualFoxProTextMerge function.

*MakeUserAdd.prg *CreatesabatchcommandfileforaddinguserstoMSActiveDirectory *Requiresanexistingdatabasefilecalled'users'whichholdstheADdata andparameters *Theprogramcreatesauserhomedirectorybasedontheloginname.Assumes thatthereisanexistingsharecalled"Users" *LKMicrodesignConsultingInc.April11,2005 *lkeyes@mxdesign.net SELECTUSERS *Suppressmessages SETSAFETYOFF CLEAR SETTEXTMERGETOusers.cmd SETTEXTMERGEON SCAN \ECHO. \ECHOCreatingUser:<<ALLTRIM(First)+''+ALLTRIM(Last)>> \md\\mdwin2003\users\<<homedir>> \ \\dsadduser"CN=<<ALLTRIM(Common)>>,CN=Users,DC=microdesign,DC=mxdesign, DC=net" \\samid"<<ALLTRIM(Login)>>" \\display"<<ALLTRIM(First)+''+ALLTRIM(Last)>>" \\pwd<<ALLTRIM(Password)>> \\fn"<<ALLTRIM(First)>>" \\ln"<<ALLTRIM(Last)>>" \\canchpwdno \\pwdneverexpiresyes \\desc"<<ALLTRIM(descrip)>>" \\office<<ALLTRIM(office)>> \\hmdir\\mdwin2003\users\<<ALLTRIM(homedir)>> \\memberof"CN=CVABE,CN=users,DC=microdesign,DC=mxdesign,DC=net" ENDSCAN \PAUSE SETTEXTMERGEOFF SETTEXTMERGETO
ThetextmergeprogramcreatesanASCIIfilecalleduser.cmd. Theuser.cmdfileisthefilethat isactuallyrunatthecommandlinewhichcreatestheusers. AutomatingCreationofActiveDirectoryUsers Page3 of 4
Oncetheuser.cmdiscreated,itisrunontheserverscommandline.
Enhancements
OnethingInoticedwaswhenIrantheuser.cmdprogram,thefirsttime,Ireceivedseveral errors.SoImadeahardcodedremovalprogramwhichremovedallofmynewusers.This consistsofasinglelineforeachuser,usingthedsrmcommand:
dsrm"CN=StefanNichols,CN=Users,DC=microdesign,DC=mxdesign,DC=net"& noprompt
Thedsrmcommandisusedtoremoveanydirectoryobject.Aslongasithasthefullyqualified nameoftheobject,thenitcanfinditwithininthedirectory.Thenopromtsuppressesa messageaskingdoyoureally wanttodeletethisobject? Thisdelusers.cmdprogramwouldbeacandidatefor anothertextmergeprogram. Anotherpossibleenhancementmightbeafrontendfortheuserdatabasewhichmakesdataentry easierandcouldenforcenamingconventions.
Alternatives
ThedatabasetablecanbebuiltinanythingthatcanoutputASCIItext.TheTextMergeprogram couldalsobewritteninPerl,orevenSQL. Eventually,withtheabilitytoquerytheActive Directory with dsqueryyouhavethebeginningsofacompleteadusermanagementsystem. Finally,youcouldeliminatethewholecommandfileinterfacebycreatingasimilarprogramthat wrotetotheActiveDirectoryobjectsinVisualBasic,C#orAccess.
LarryKeyesisaprincipal atMicrodesignConsultingInc.Hespecializesinstrategic informationsystemsplanninganddevelopmentfornonprofit,governmentandhealthcare. www.mxdesign.netandwww.techfornonprofits.com
Page4 of 4

Active Directory Users

Cargado por

Información del documento

Descripción original:

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Active Directory Users

Cargado por

Copyright:

Formatos disponibles

AutomateCreationofActiveDirectoryUserAccounts

Larry KeyesMicrodesign ConsultingInc. IamcurrentlyconfiguringuseraccountsforaWindows2003server,andIwanttoautomate addingaccounts. CheckingtheWindowsCommandLineAdministratorsPocketConsultantI findthefollowingcommandsyntax:

Thedatabasefieldnamesandlengtharearbitrary.Theymatchonetooneasubsetofthefields intheActivedirectorydialogboxes.IfIhadwantedtofillmoreoftheADfields,Iwouldcreate correspondingfieldsinmyusertable. Tocreatethecommandfilethatwilladdtheseusers,IusedtheVisualFoxProTextMerge function.

ThetextmergeprogramcreatesanASCIIfilecalleduser.cmd. Theuser.cmdfileisthefilethat isactuallyrunatthecommandlinewhichcreatestheusers. AutomatingCreationofActiveDirectoryUsers Page3 of 4

LarryKeyesisaprincipal atMicrodesignConsultingInc.Hespecializesinstrategic informationsystemsplanninganddevelopmentfornonprofit,governmentandhealthcare. www.mxdesign.netandwww.techfornonprofits.com

También podría gustarte