Hey all...
Well, now it really works like a Charme... ![[Wink]](images/icons/wink.gif)
The Document Mapping between IADsUser Properties and Active Directory Properties gave me the clue: It seems that you've got to use the AD (Ldap) Property names, not the ADSI property names.
at least, this code now works in our Createuser-Script (Create users based on .ini-Files; Those ini-Files are generated by our Unix-Adduser-Script)
Sorry for the german Comments, but I don't want to translate them now and am confident that you'll figure it out
code:
BREAK ON
$showinfo=false
;initially based on (from http://www.winscriptingsolutions.com/Articles/Index.cfm?AuthorID=306
;LISTING 3: Creating a Fully Featured User Account in Win2K
; Define some Constants
$UF_SCRIPT = 1
$UF_ACCOUNTDISABLE = 2
$UF_HOMEDIR_REQUIRED = 8
$UF_LOCKOUT = 16
$UF_PASSWD_NOTREQD = 32
$UF_PASSWORD_CANT_CHANGE = 64
$UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128
$UF_DONT_EXPIRE_PASSWD = 65536
$ADS_PROPERTY_UPDATE = 2
;So sieht die Ini-Datei aus, die dieses Script verarbeiten kann...
;[newuser]
;username=<Username> => $username
;firstname=<Vorname> => $firstname
;lastname=<Name> => $lastname
;password=<Passwort> => $password
debug off
$filename = Dir("*.ini")
if $filename = ""
;or @ERROR<>0
? @SERROR + " (" + @ERROR + ")"
quit 1
endif
$adsDomain = GetObject("LDAP://<our user OU>")
if $adsDomain=0
? "Fehler beim Verbinden mit dem Server"
? @SERROR + " (" + @ERROR + ")"
quit 1
endif
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Hier Schleife, die die User kreiert...
While $FileName <> "" and @ERROR = 0
$filename = @curdir + "\"+ $filename
;? $FileName
$username = ReadProfileString($filename, "newuser", "username")
? "Username: " + $username
if $username=""
? Ein Fehler ist aufgetreten: "username" ist nicht angegeben
? Gehe zum nächsten file.
goto nextfile
endif
$firstname = ReadProfileString($filename, "newuser", "firstname")
? "Firstname: " +$firstname
$lastname = ReadProfileString($filename, "newuser", "lastname")
? "Lastname: " + $lastname
$password = ReadProfileString($filename, "newuser", "password")
if $password=""
? Ein Fehler ist aufgetreten: "password" ist nicht angegeben
? Gehe zum nächsten file.
goto nextfile
endif
;CALLOUT A Benutzer erstellen
$adsUser = $adsDomain.Create("user","cn="+$username)
; Fehlerprüfung
;? "Fehlercode von Create: " + @ERROR
If $adsuser=0
? "Fehler beim Erstellen des Users"
? @SERROR + " (" + @ERROR + ")"
goto nextfile
endif
$adsUser.Put("sAMAccountName", $username)
;$adsUser.Put("userPrincipalName", "vlaunders@mycorp.com")
; Kein UPN da Benutzer dumm sind und es dann unter Unix nicht geregelt bekommen, weil sie dort kein @... angeben dürfen. ;)
;Write the newly created object out from the property cache
$adsUser.SetInfo
? "Setinfo 1 Errorcode"
? "@error @Serror"
If not @error=0
?"Fehler beim Setinfo nach Create"
?"(Fehlercode " + @ERROR + ")"
goto nextfile
endif
;Read all the properties for the object, including
;the ones set by the system on creation
$adsUser.GetInfo
;If not @error=0
; ?"(Fehlercode " + @ERROR + ")"
; goto nextfile
;endif
$adsUser.AccountDisabled = False
$adsUser.IsAccountLocked = False
$adsUser.PasswordRequired = True
;$adsUser.FirstName = "$firstname"
$adsUser.givenName = "$firstname"
;$adsUser.LastName = "$lastname"
$adsUser.sn = "$lastname"
$adsUser.displayName = "$firstname $lastname"
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;$adsUser.Description = "My description goes here!"
$adsUser.scriptPath = "kix32 login.kix"
$adsUser.profilePath = "\\<Server>\home\profile"
$adsUser.HomeDirectory = "\\<Server>\home"
$adsUser.Put("homeDrive", "M:")
;;;; Thanks for this snippet
;$adsUser.givenName = "Egon"
;$adsUser.sn = "Bottlebeer"
;$adsUser.DisplayName = "Egon Bottlebeer"
;$adsUser.Profile = "\\bigserver\homedir\profile"
;$adsUser.loginscript = "kix32 login.kix"
;$adsUser.HomeDirectory = "\\bigserver\homedir"
;$adsUser.Put ("homeDrive", "p:")
;Set all the properties for the user
$adsUser.SetInfo
? "Setinfo 2 Errorcode"
? "@error @Serror"
If not @error=0
?"Fehler beim Setinfo nach Properties"
?"(Fehlercode " + @ERROR + ")"
goto nextfile
endif
;Read back the data, including any defaults so that you can set the flags.
$adsUser.GetInfo
;If not @error=0
; ?"(Fehlercode " + @ERROR + ")"
; goto nextfile
;endif
;Make sure the password never expires and the user can't change it.
$intUserFlags = $adsUser.Get("userAccountControl")
$intNewUserFlags = $intUserFlags | $UF_DONT_EXPIRE_PASSWD
;$intNewUserFlags = $intNewUserFlags | $UF_PASSWORD_CANT_CHANGE ; Für uns nicht angebracht.
$adsUser.Put("userAccountControl", $intNewUserFlags)
$adsUser.SetInfo
? "Setinfo 3 Errorcode"
? "@error @Serror"
If not @error=0
?"Fehler beim Setinfo nach Flags"
?"(Fehlercode " + @ERROR + ")"
goto nextfile
endif
;Set the password.
$adsUser.SetPassword($password)
if $showinfo = true
??"User Infos"
? $adsUser.sAMAccountname
? $adsUser.AccountDisabled
? $adsUser.IsAccountLocked
? $adsUser.PasswordRequired
? $adsUser.FirstName
? $adsUser.LastName
? $adsUser.DisplayName
? $adsUser.LoginScript
? $adsUser.Profile
? $adsUser.HomeDirectory
? $adsUser.homeDrive
??
endif
;END CALLOUT A
; Datei mit Timestamp versehen...
$err=writeprofilestring($filename, "Log", "created_on","@date @time")
;Datei verschieben, erledigt.
md "done"
shell "mv "+ $filename+" done"
:nextfile ; Nimm das nächste file...
$FileName = Dir() ; retrieve next file
Loop
quit 0
This may look like a beast, because I don't write nice but functional scripts. Well, that may not be the best Way, but it worked 'til now.
bye
Christian
