#195568 - 2009-08-25 12:20 AM
LDAP Account creation.
|
5861king
Fresh Scripter
Registered: 2006-09-28
Posts: 48
Loc: UK
|
Hi Folks, I tried useing this snippet of code but for some reasons its not working. I was wondering if some kind soul to take a look at it, if not does anyone have a script to create an NT account useing LDAP that they could post. Any help would be much appreciated.
Thanks
Glyn
Below is the code i'm trying to use and the error message when runng the program.
Please try this code, you've made a few errors, one of which is having "LoginScript" 2 times, LoginScript is actually "scriptPath", You need to use .SetInfo 2 times, one before you enable the account and set password. And some "" errors. here is the cleaned up code:
CreateAccount("123456","Lastname Test", "LDAP://OU=test,OU=ouinformation,OU=nextleaveOU, dc=Domain ,dc=ad")
Function CreateAccount($UserName, $FullName, $ADsPath)
$OU = GetObject($ADsPath)
$UserObj = $OU.Create("User","cn="+$FullName)
$UserObj.Put("sAMAccountName", $UserName)
$UserObj.Put("givenName", "John") ;First Name
$UserObj.Put("Initials", "Frank") ;Initials
$UserObj.Put("sn", "Smith") ;Last Name(Surname)
$UserObj.Put("displayName","Smith" + IIf("smith", ", ","") + "John" + IIf("Frank", " ", "") + "Frank") ;Display name
$UserObj.Put("description", "Head Man in charge") ;Description
$UserObj.Put("physicalDeliveryOfficeName","Wahington, DC") ;Office
$UserObj.Put("telephoneNumber","222-555-5555");Telephone
$UserObj.Put("mail","first_Last@company.com") ;E-mail
$UserObj.Put("wWWHomePage","www.kixtart.org") ;Web page
$UserObj.Put("userPrincipalName", "123456") ;userPrincipalName
$UserObj.Put("scriptPath", "common.bat") ;Logon Script
$UserObj.Put("Street", "1234 A Street, NW") ;Street
$UserObj.Put("Password", "gensler")
$UserObj.SetInfo
; Added Code
$userObj.SetPassword("password") ;Sets the password to "newpassword"
$userObj.Put("pwdLastSet", 0) ;User has to change the pw as soon as he/she logs in
$userObj.AccountDisabled = 0 ;Enables the account
$UserObj.SetInfo
; Objects cleanup
$UserObj = 0
$OU = 0
EndFunction
Hi ya.
Can you help when I run this code on Kix 4.60 I get an error message see below.
ERROR : expected ')'!
Script: H:\Folder Lock\Locker\Misc Stuff\Kix\AdminScriptEditor\ldap6.kix
Line : 36
This is what the line is
$UserObj = $OU.Create("User", "cn=" + $FullName)
can any one help me with this one, I would love to get this working.
Thanks
Glyn
|
|
Top
|
|
|
|
|
#195575 - 2009-08-25 08:50 AM
Re: LDAP Account creation.
[Re: 5861king]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1896
Loc: Hilversum, The Netherlands
|
Remove the line:
$UserObj.Put("Password", "gensler")
And please take care of the values you put in.
They are not correct but will not pose an error.
I think you will find out when you remove the line I said.
You can then correct the values.
As far as the function goes, it works correctly as is provided you remove the above line. If you still get the same error then it is either:
A) Somewhere else in the script.
B) You haven't got the correct LDAP path.
C) You don't have enough privilidges to create accounts.
|
|
Top
|
|
|
|
|
#195577 - 2009-08-25 11:06 AM
Re: LDAP Account creation.
[Re: Arend_]
|
5861king
Fresh Scripter
Registered: 2006-09-28
Posts: 48
Loc: UK
|
thanks for the quick responce, the reason why I did not post the full code, as the rest code before that was all commented out!
;<ScriptSettings xmlns="http://tempuri.org/ScriptSettings.xsd">
; <ScriptPackager>
; <process>kix32.exe</process>
; <arguments />
; <extractdir>%TEMP%</extractdir>
; <files />
; <usedefaulticon>true</usedefaulticon>
; <showinsystray>false</showinsystray>
; <altcreds>false</altcreds>
; <efs>true</efs>
; <ntfs>true</ntfs>
; <local>false</local>
; <abortonfail>true</abortonfail>
; <product />
; <version>1.0.0.1</version>
; <versionstring />
; <comments />
; <includeinterpreter>false</includeinterpreter>
; <forcecomregistration>false</forcecomregistration>
; <consolemode>false</consolemode>
; <EnableChangelog>false</EnableChangelog>
; <AutoBackup>false</AutoBackup>
; <snapinforce>false</snapinforce>
; <snapinshowprogress>false</snapinshowprogress>
; <snapinautoadd>0</snapinautoadd>
; <snapinpermanentpath />
; </ScriptPackager>
;</ScriptSettings>
;endregion
CreateAccount("123456","Lastname Test", "LDAP://OU=test,OU=ouinformation,OU=nextleaveOU, dc=Domain ,dc=ad")
Function CreateAccount($UserName, $FullName, $ADsPath)
$OU = GetObject($ADsPath)
$UserObj = $OU.Create("User","cn="+$FullName)
$UserObj.Put("sAMAccountName", $UserName)
$UserObj.Put("givenName", "John") ;First Name
$UserObj.Put("Initials", "Frank") ;Initials
$UserObj.Put("sn", "Smith") ;Last Name(Surname)
$UserObj.Put("displayName","Smith" + IIf("smith", ", ","") + "John" + IIf("Frank", " ", "") + "Frank") ;Display name
$UserObj.Put("description", "Head Man in charge") ;Description
$UserObj.Put("physicalDeliveryOfficeName","Wahington, DC") ;Office
$UserObj.Put("telephoneNumber","222-555-5555");Telephone
$UserObj.Put("mail","first_Last@company.com") ;E-mail
$UserObj.Put("wWWHomePage","www.kixtart.org") ;Web page
$UserObj.Put("userPrincipalName", "123456") ;userPrincipalName
$UserObj.Put("scriptPath", "common.bat") ;Logon Script
$UserObj.Put("Street", "1234 A Street, NW") ;Street
$UserObj.Put("Password", "gensler")
$UserObj.SetInfo
; Added Code
$userObj.SetPassword("password") ;Sets the password to "newpassword"
$userObj.Put("pwdLastSet", 0) ;User has to change the pw as soon as he/she logs in
$userObj.AccountDisabled = 0 ;Enables the account
$UserObj.SetInfo
; Objects cleanup
$UserObj = 0
$OU = 0
EndFunction
@apronk
thanks for pointing me in the right direction, it turns out that it does not allow me to create the account in one of the domain, even though I have full rights to the system. As when useing the Microsoft AD it allows me to create the account.
We have 2 forrests and 1 domain in each forest.
the ldap connection string for each of these is listed below.
Forest 1
LDAP://dc=wallington, dc=co, dc=uk
Forest 2
LDAP://dc=staff, dc=wallington, dc=co, dc=uk
Both forests have a 2 way trusts.
I'm logged in via Forest 1 and trying to create the accounts in Forest 2.
for whatever reason I cant creat the accounts in forest 2, however if I modify the script to create the accounts in forest 1 it works.
When useing microsoft AD i'm able to create the accounts in both forests. do you have any ideas why this is happening.
Thanks
Glyn
P.S.
I have also removed the password object aswell.
|
|
Top
|
|
|
|
|
#195600 - 2009-08-26 12:34 AM
Re: LDAP Account creation.
[Re: Arend_]
|
5861king
Fresh Scripter
Registered: 2006-09-28
Posts: 48
Loc: UK
|
Hi there tried the GC:// but nothing, also I have full admin rights to both domains, Member of Domain Admins and Administrators. anyhow Its not a major issue i will log into the other domain and run the script.
Thanks for your help
Glyn
Edited by 5861king (2009-08-26 12:35 AM)
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 978 anonymous users online.
|
|
|
