#86983 - 2002-07-24 01:00 PM
ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
Hello...
I wrote a script to create Users in AD using kixtart. When I tested it, everything seemed ok (otherwise it wouldn't have gone to production use):
The User was created and properties set correctly. But now $adsi_userobject.setinfo
doesn't work anymore and the user properties aren't set.
I tried
$adsi_userobject.Put("FirstName", "einhirn")
and ? $adsUser.FirstName gives back the right value. But after
$adsi_userobject.setinfo
$adsi_userobject.getinfo
the old value is returned...
Can Anyone help?
bye
einhirn
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
#86984 - 2002-07-24 01:34 PM
Re: ADSI Create User with Kixtart...
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Place error checking in your script in an effort to determine why it is failing.
Add:
? "@error @serror"
after the put and setinfo lines. What is printed?
|
|
Top
|
|
|
|
|
#86985 - 2002-07-24 02:16 PM
Re: ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
Hello.
The Puts all return 0, but the Setinfo returns 1:
COM exception error "SetInfo" ((null) - (null))[1/1]
So, what shall I do now?
bye
einhirn
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
|
#86987 - 2002-07-24 03:36 PM
Re: ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
This is a Script I wrote to find the error. Replace the names with something useful and try it, if you want. For me it just issues the following error:
1 COM exception error "SetInfo" ((null) - (null)) [1/1]
(All other @error are zero...)
bye
einhirn
PS: I didn't post the code first because I didn't want to produce much traffic, but now I realize we aren't on a mailing list...
--------------------------------
BREAK ON
$adsUser = GetObject("LDAP://cn=einhirn,ou=someou,ou=myusers,dc=rz,dc=mydomain,dc=de")
if @ERROR<>0
? @SERROR + " (" + @ERROR + ")"
quit 1
endif
? $adsUser.sAMAccountname
? $adsUser.AccountDisabled
? $adsUser.IsAccountLocked
? $adsUser.PasswordRequired
? $adsUser.FirstName
? $adsUser.LastName
? $adsUser.DisplayName
? $adsUser.LoginScript
? $adsUser.Profile
? $adsUser.HomeDirectory
? $adsUser.homeDrive
$adsUser.Put("FirstName", "Egon")
? "@error @serror"
$adsUser.Put("LastName", "Bottlebeer")
? "@error @serror"
$adsUser.Put("DisplayName", "Egon Bottlebeer")
? "@error @serror"
$adsUser.Put("LoginScript", "kix32 login.kix")
? "@error @serror"
$adsUser.Put("Profile", "\\bigserver\homedir\profile")
? "@error @serror"
$adsUser.Put("HomeDirectory", "\\bigserver\homedir")
? "@error @serror"
$adsUser.Put("homeDrive", "u:")
? "@error @serror"
$adsUser.SetInfo
? "@error @serror"
$adsUser.GetInfo
? "@error @serror"
?? "After Change"
? $adsUser.sAMAccountname
? $adsUser.AccountDisabled
? $adsUser.IsAccountLocked
? $adsUser.PasswordRequired
? $adsUser.FirstName
? $adsUser.LastName
? $adsUser.DisplayName
? $adsUser.LoginScript
? $adsUser.Profile
? $adsUser.HomeDirectory
? $adsUser.homeDrive
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
|
#86988 - 2002-07-24 04:11 PM
Re: ADSI Create User with Kixtart...
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
I wonder if 'firstname' is the correct property. Try 'givenname' instead...
code:
$objUser.Put ("givenName", "Fred")
Reference: Change User Account Attributes
|
|
Top
|
|
|
|
#86989 - 2002-07-24 04:39 PM
Re: ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
Hello...
It doesn't matter if I do it one way or the other. According to other Microsoft Doc ( IadsUser) FirstName and LastName are the correct property names. Anyway, both variants produce the same results: The requested Properties show what I entered in DSA.MSC, the new Properties are set in the Property Cache (and afterwards display correctly, until I call the set/getinfo pair...), but the Setinfo call fails, so it doesn't work...
I now use KiXtart 2001 4.10a and get other errors:
$adsuser.setinfo
-2147352567
COM exception error "SetInfo" ((null) - (null)) [-2147352567/80020009]
I thought, $adsuser.getinfo should reset @error and @serror, but it doesn't. It shows above error again. Is it a bug or is it a feature?
In 4.02 setinfo shows error 1, and getinfo reset the error code to 0...
bye
Christian
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
|
#86991 - 2002-07-24 05:17 PM
Re: ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
Ok. It seems to get really weird, because the script stopped working someday. Of course I don't have any logs that would show on which day that was. I added some more Error handling code and a timestamp feature to my adduser script, now Its going to be tested...
Perhaps I can search Microsoft with the ErrorCode Kix4.10 spits out...
Thanks anyway...
bye4now
Christian
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
|
#86994 - 2002-07-24 10:10 PM
Re: ADSI Create User with Kixtart...
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11625
Loc: CA
|
Christian,
Not sure why the problems with the .Put style... seems to work well for WSH and works for "some" properties using KiXtart, but not all of them. However doing it this way seems to work quite well for me using KiXtart v4.10
Please give it a try and let us know how it goes. The .SetInfo on the end only verifies the last entry was updated correctly. You would need to put that same code after each update command in order to see the error code for each command.
code:
Break On
$adsUser = GetObject("LDAP://cn=einhirn,ou=someou,ou=myusers,dc=rz,dc=mydomain,dc=de")
if @ERROR<>0
? @SERROR + " (" + @ERROR + ")"
Quit 1
endif
? $adsUser.sAMAccountname
? $adsUser.AccountDisabled
? $adsUser.IsAccountLocked
? $adsUser.PasswordRequired
? $adsUser.FirstName
? $adsUser.LastName
? $adsUser.DisplayName
? $adsUser.LoginScript
? $adsUser.Profile
? $adsUser.HomeDirectory
? $adsUser.HomeDrive
? $adsUser.Title
? $adsUser.EmailAddress
$adsUser.sAMAccountname = "EgonBeer"
$adsUser.givenName = "Egon"
$adsUser.sn = "Bottlebeer"
$adsUser.DisplayName = "Egon Bottlebeer"
$adsUser.Profile = "\\bigserver\homedir\profile"
$adsUser.loginscript = "kix32 login.kix"
$adsUser.HomeDirectory = "\\bigserver\homedir"
$adsUser.Put ("homeDrive", "p:")
$adsUser.title = "Finance Dept Manager"
$adsUser.userPrincipalName = "Egon.Bottlebeer"
$adsUser.telephoneNumber = "(213) 777 8888"
$adsUser.EmailAddress = "egon.beer@@mycompany.com"
$adsUser.SetInfo
? "SetInfo errorlevel is:"+@error+" "+@Serror
$adsUser = ""
|
|
Top
|
|
|
|
|
#86995 - 2002-07-25 05:10 PM
Re: ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
Shawn,
I tested it as PCadmin and am now running it as PCadmin. The problem occurs with setinfo...
bye
Christian
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
|
#86996 - 2002-07-25 05:25 PM
Re: ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
NTdoc, it works like a charme...
I don't know why, but that doesn't matter that much...
Now I'll try to do the same in the Adduser script.
Hope it works there, too.
thanks.
bye
Christian
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
|
#86997 - 2002-07-25 06:04 PM
Re: ADSI Create User with Kixtart...
|
einhirn
Fresh Scripter
Registered: 2002-03-20
Posts: 12
|
Hey all...
Well, now it really works like a Charme... ![[Wink]](images/icons/wink.gif)
The Document Mapping between IADsUser Properties and Active Directory Properties gave me the clue: It seems that you've got to use the AD (Ldap) Property names, not the ADSI property names.
at least, this code now works in our Createuser-Script (Create users based on .ini-Files; Those ini-Files are generated by our Unix-Adduser-Script)
Sorry for the german Comments, but I don't want to translate them now and am confident that you'll figure it out
code:
BREAK ON
$showinfo=false
;initially based on (from http://www.winscriptingsolutions.com/Articles/Index.cfm?AuthorID=306
;LISTING 3: Creating a Fully Featured User Account in Win2K
; Define some Constants
$UF_SCRIPT = 1
$UF_ACCOUNTDISABLE = 2
$UF_HOMEDIR_REQUIRED = 8
$UF_LOCKOUT = 16
$UF_PASSWD_NOTREQD = 32
$UF_PASSWORD_CANT_CHANGE = 64
$UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128
$UF_DONT_EXPIRE_PASSWD = 65536
$ADS_PROPERTY_UPDATE = 2
;So sieht die Ini-Datei aus, die dieses Script verarbeiten kann...
;[newuser]
;username=<Username> => $username
;firstname=<Vorname> => $firstname
;lastname=<Name> => $lastname
;password=<Passwort> => $password
debug off
$filename = Dir("*.ini")
if $filename = ""
;or @ERROR<>0
? @SERROR + " (" + @ERROR + ")"
quit 1
endif
$adsDomain = GetObject("LDAP://<our user OU>")
if $adsDomain=0
? "Fehler beim Verbinden mit dem Server"
? @SERROR + " (" + @ERROR + ")"
quit 1
endif
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Hier Schleife, die die User kreiert...
While $FileName <> "" and @ERROR = 0
$filename = @curdir + "\"+ $filename
;? $FileName
$username = ReadProfileString($filename, "newuser", "username")
? "Username: " + $username
if $username=""
? Ein Fehler ist aufgetreten: "username" ist nicht angegeben
? Gehe zum nächsten file.
goto nextfile
endif
$firstname = ReadProfileString($filename, "newuser", "firstname")
? "Firstname: " +$firstname
$lastname = ReadProfileString($filename, "newuser", "lastname")
? "Lastname: " + $lastname
$password = ReadProfileString($filename, "newuser", "password")
if $password=""
? Ein Fehler ist aufgetreten: "password" ist nicht angegeben
? Gehe zum nächsten file.
goto nextfile
endif
;CALLOUT A Benutzer erstellen
$adsUser = $adsDomain.Create("user","cn="+$username)
; Fehlerprüfung
;? "Fehlercode von Create: " + @ERROR
If $adsuser=0
? "Fehler beim Erstellen des Users"
? @SERROR + " (" + @ERROR + ")"
goto nextfile
endif
$adsUser.Put("sAMAccountName", $username)
;$adsUser.Put("userPrincipalName", "vlaunders@mycorp.com")
; Kein UPN da Benutzer dumm sind und es dann unter Unix nicht geregelt bekommen, weil sie dort kein @... angeben dürfen. ;)
;Write the newly created object out from the property cache
$adsUser.SetInfo
? "Setinfo 1 Errorcode"
? "@error @Serror"
If not @error=0
?"Fehler beim Setinfo nach Create"
?"(Fehlercode " + @ERROR + ")"
goto nextfile
endif
;Read all the properties for the object, including
;the ones set by the system on creation
$adsUser.GetInfo
;If not @error=0
; ?"(Fehlercode " + @ERROR + ")"
; goto nextfile
;endif
$adsUser.AccountDisabled = False
$adsUser.IsAccountLocked = False
$adsUser.PasswordRequired = True
;$adsUser.FirstName = "$firstname"
$adsUser.givenName = "$firstname"
;$adsUser.LastName = "$lastname"
$adsUser.sn = "$lastname"
$adsUser.displayName = "$firstname $lastname"
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;$adsUser.Description = "My description goes here!"
$adsUser.scriptPath = "kix32 login.kix"
$adsUser.profilePath = "\\<Server>\home\profile"
$adsUser.HomeDirectory = "\\<Server>\home"
$adsUser.Put("homeDrive", "M:")
;;;; Thanks for this snippet
;$adsUser.givenName = "Egon"
;$adsUser.sn = "Bottlebeer"
;$adsUser.DisplayName = "Egon Bottlebeer"
;$adsUser.Profile = "\\bigserver\homedir\profile"
;$adsUser.loginscript = "kix32 login.kix"
;$adsUser.HomeDirectory = "\\bigserver\homedir"
;$adsUser.Put ("homeDrive", "p:")
;Set all the properties for the user
$adsUser.SetInfo
? "Setinfo 2 Errorcode"
? "@error @Serror"
If not @error=0
?"Fehler beim Setinfo nach Properties"
?"(Fehlercode " + @ERROR + ")"
goto nextfile
endif
;Read back the data, including any defaults so that you can set the flags.
$adsUser.GetInfo
;If not @error=0
; ?"(Fehlercode " + @ERROR + ")"
; goto nextfile
;endif
;Make sure the password never expires and the user can't change it.
$intUserFlags = $adsUser.Get("userAccountControl")
$intNewUserFlags = $intUserFlags | $UF_DONT_EXPIRE_PASSWD
;$intNewUserFlags = $intNewUserFlags | $UF_PASSWORD_CANT_CHANGE ; Für uns nicht angebracht.
$adsUser.Put("userAccountControl", $intNewUserFlags)
$adsUser.SetInfo
? "Setinfo 3 Errorcode"
? "@error @Serror"
If not @error=0
?"Fehler beim Setinfo nach Flags"
?"(Fehlercode " + @ERROR + ")"
goto nextfile
endif
;Set the password.
$adsUser.SetPassword($password)
if $showinfo = true
??"User Infos"
? $adsUser.sAMAccountname
? $adsUser.AccountDisabled
? $adsUser.IsAccountLocked
? $adsUser.PasswordRequired
? $adsUser.FirstName
? $adsUser.LastName
? $adsUser.DisplayName
? $adsUser.LoginScript
? $adsUser.Profile
? $adsUser.HomeDirectory
? $adsUser.homeDrive
??
endif
;END CALLOUT A
; Datei mit Timestamp versehen...
$err=writeprofilestring($filename, "Log", "created_on","@date @time")
;Datei verschieben, erledigt.
md "done"
shell "mv "+ $filename+" done"
:nextfile ; Nimm das nächste file...
$FileName = Dir() ; retrieve next file
Loop
quit 0
This may look like a beast, because I don't write nice but functional scripts. Well, that may not be the best Way, but it worked 'til now.
bye
Christian
_________________________
SIGSIG: No Signature found
|
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 581 anonymous users online.
|
|
|
