Page 1 of 1 1
Topic Options
#127212 - 2004-09-30 12:18 AM LDAP User Creation Question
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Hopefully this question wont make me look too stupid. But Ive looked around and havent been able to find the answer anywhere. Not saying that its not out there...just havent been able to find it yet and I figure it would be faster to just ask here. Im using the below code to read the contents of an excel spreadsheet, using lonk's readexcel2 udf. Im then using this info to create new AD user accounts accordingly. Im pretty stupid when it comes to LDAP, so here comes my question. The ID's are being created with no problem...But when I look at them in AD, on the account tab, the 'User logon name' is blank and the domain drop down just to the right of that has nothing selected. Only the (pre-windows 2000) login name fields are filled in. Is this normal? If I manually create a user account it does not allow me to finish creating it unless I specify this info so I would think it is important. Am I missing a .Put or something to insert this info?

Here is the code Im trying...

Code:

$users = ReadExcel2(@ScriptDir+'\users.xls',,-1,6)

For $counter=1 to ubound($users,1)
$user = $users[$counter,0]
$domainstring = $users[$counter,5]
$objOU = GetObject($domainstring)
$objUser = $objOU.Create("User", "cn="+$user)
$objUser.Put("sAMAccountName", $user)
$objUser.fullname = $users[$counter,1]
$objUser.firstname = $users[$counter,2]
$objUser.lastname = $users[$counter,3]
$objUser.description = $users[$counter,4]
$objUser.SetInfo
$userpath = Split($domainstring,'//')
$userpath = $userpath[0]+"//cn="+$user+","+$userpath[1]
$objuser2 = getobject($userpath)
$objUser2.AccountLocked=0
$objUser2.AccountDisabled=0
$objuser2.SetInfo
Next


Top
#127213 - 2004-10-01 07:08 AM Re: LDAP User Creation Question
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Wow, I never thought I would be the one to stump the korg members. Or am I just getting the cold shoulder here.
Top
#127214 - 2004-10-01 07:18 AM Re: LDAP User Creation Question
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
I have Perl code somewhere that I can translate. I wanted to get back here before this, but have been very busy. I think you should start by using $user.PUT("property") for each item you want to set and check @error @serror after each PUT and setinfo.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#127215 - 2004-10-02 10:19 AM Re: LDAP User Creation Question
jpeachman Offline
Fresh Scripter

Registered: 2002-11-18
Posts: 39
The missing 'User logon name' value is set through sAMAccountName. Try changing
Code:
$objUser.Put("sAMAccountName", $user)


to
Code:
$objUser.Put "sAMAccountName", $user



Joe

Top
#127216 - 2004-10-02 02:42 PM Re: LDAP User Creation Question
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Quote:

$objUser.Put "sAMAccountName", $user




Is VBS syntax. The original code is correct for KiXtart.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#127217 - 2004-10-02 04:09 PM Re: LDAP User Creation Question
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
I'd really try a .SetInfo after the .Put and before making other changes to the user object.
_________________________
There are two types of vessels, submarines and targets.

Top
#127218 - 2004-10-02 06:51 PM Re: LDAP User Creation Question
pvds Offline
Hey THIS is FUN
*****

Registered: 2001-04-14
Posts: 201
Hi,

Here is some Italian food code but it works for me.

Every year I have to put +1400 Students to AD and this is the part of my script for the creation of the user accounts.

Code:
 		$adsDomain = GetObject("LDAP://$userOU,dc=$DomainName,dc=$Toplevel")
$adsGroup = GetObject("LDAP://cn=$Group,$GroupOU,dc=$DomainName,dc=$Toplevel")

; Gebruiker met gegevens aanmaken

$adsUser = $adsDomain.Create("user","cn=$UserName")
$adsUser.Put("SamAccountName",$UserName)
$adsUser.Put("UserPrincipalName",$UserName + "@@" + $DomainName + "." + $TopLevel)
$adsUser.SetInfo

$adsUser.AccountDisabled = False
$adsUser.IsAccountLocked = False
$adsUser.PasswordRequired = True
$adsUser.SetPassword("$PassWrd")

If $changepasswrd = 1
$adsUser.put("pwdLastSet", 0)
EndIf

$adsUser.scriptPath = "wkix32 -i " + $scriptname

If $profilename <> ""
$adsUser.profilePath = "\\" + $homeserver + "\profielen$\" + $profilename
Shell "c:\windows\system32\tsprof /update /local /profile://l01s01s02/profielen$/terminalserver $UserName"
EndIf

$adsUser.HomeDirectory = "\\" + $homeserver + "\home$\$username"
$adsUser.Put("homeDrive", $homedrive)

$adsUser.FirstName = $FirstName
$adsUser.givenName = $FirstName
$adsUser.LastName = $LastName
$adsUser.sn = $LastName
$adsUser.displayName = "$FirstName $LastName"
$adsUser.Description = $UserDiscr
$adsUser.mail = "$UserName@@$DomainName.$TopLevel"
$adsUser.initials = $initial
$adsUser.SetInfo

$adsGroup.add("LDAP://cn=$UserName,$UserOU,dc=$DomainName,dc=$Toplevel")



Hop it helps

Regards

Peter

Top
#127219 - 2004-10-02 08:12 PM Re: LDAP User Creation Question
jpeachman Offline
Fresh Scripter

Registered: 2002-11-18
Posts: 39
Quote:

$objUser.Put "sAMAccountName", $user

Is VBS syntax. The original code is correct for KiXtart



Right you are . I guess it shows that I never quite got around to converting my working adduser VB scripts to KiX. Sorry!

I was drawn to that line because it does appear that the sAMAccountName is not being set. Jens' suggestion to try a .SetInfo after the .Put is certainly worth trying, but it isn't required there in my VB scripts, which do produce the correct results on Windows Server 2000, so I'm unsure if it will help (can't hurt, though!).

What is the format for $user? I understand some people have problems if there is a space in samAccountName (which is being set to $user), though others say it seems to work fine or that you may need to enclose it in quotes and then it should work.

However, I should have read the original problem more carefully. Shane also mentions "the domain drop down just to the right of that has nothing selected", which is because UserPrincipalName is not being set. See the example posted by Peter.

Joe

Top
#127220 - 2004-10-02 09:36 PM Re: LDAP User Creation Question
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Very good, thanks for all of the suggestions. My guess is that the UserPrincipalName is indeed what I am missing. I wont be back in the office to try it until Monday. Will let you all know if that fixes it. Thanks again.
Top
#127221 - 2004-10-02 09:44 PM Re: LDAP User Creation Question
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
The code in the post contains an error. See a later post in this thread for the corrected code and an explanation of the problem. Can you spot it before reading the updated post?

Well I seem to be a little late to the party.
Code:

CreateUserAccount("my.domain.com",
"cn=Users",
"BullockTest",
"Howard",
"A",
"Bullock",
"Super Admin",
"Corner with a view",
"999-555-1212",
"habullock@@comcast.net",
"http://home.comcast.net/~habullock" )

Function CreateUserAccount($Domain,
$ContainerDN,
$Account,
optional $FirstName,
optional $MiddleInitial,
optional $LastName,
optional $Description,
optional $Office,
optional $Telephone,
optional $Email,
optional $WebPage,
optional $userPrincipalName )

Dim $aDom, $sDNdom, $LDAPpath, $oContainer, $oUser

if VarTypeName($userPrincipalName) = "Empty"
$userPrincipalName = $Account + "@@" + $Domain
endif

$aDom = split($Domain,".")
$sDNdom = ",dc=" + $aDom[0] + ",dc=" + $aDom[1] + ",dc=" + $aDom[2]

$LDAPpath = "LDAP://" + $Domain + "/" + $ContainerDN + $sDNdom
;? $LDAPpath

$oContainer = GetObject($LDAPpath)
if @error
? "GetObject Error: " + @error + " " + @Serror
endif

$oUser = $oContainer.Create("User", "cn=" + $Account)
if @error
? "Create Error: " + @error + " " + @Serror
endif

$oUser.Put("sAMAccountName", $Account)
$oUser.Put("givenName", $FirstName) ;First Name
$oUser.Put("Initials", $MiddleInitial) ;Initials
$oUser.Put("sn", $LastName) ;Last Name(Surname)
$oUser.Put("displayName",$LastName + iif($LastName, ", ","") +
$FirstName + iif($MiddleInitial, " ", "") +
$MiddleInitial) ;Display name
$oUser.Put("description", $Description) ;Description
$oUser.Put("physicalDeliveryOfficeName",$Office) ;Office
$oUser.Put("telephoneNumber",$Telephone);Telephone
$oUser.Put("mail",$Email) ;E-mail
$oUser.Put("wWWHomePage",$WebPage) ;Web page
$oUser.Put("userPrincipalName", $userPrincipalName) ;userPrincipalName

$oUser.SetInfo
$CreateUserAccount = @error
if $CreateUserAccount
? "SetInfo Error: " + @error + " " + @Serror
endif
Endfunction



Edited by Howard Bullock (2004-10-08 04:08 AM)
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#127222 - 2004-10-02 10:12 PM Re: LDAP User Creation Question
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Better late than never Howard. Very nice function none the less. I will give it a shot on Monday as well. Thanks again.
Top
#127223 - 2004-10-04 10:12 PM Re: LDAP User Creation Question
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
The UserPrincipalName did indeed do the trick as expected. Also taking into consideration some of the other suggestions about using Put rather than setting the fields directly, I came out with this. Seems to work great. Thanks for all the help as usual.

Code:

$users = ReadExcel2($usersheet,,-1,11)

For $counter=1 to ubound($users,1)
$user = $users[$counter,0]
$domainstring = $users[$counter,10]
"Creating user account "+$user+" in "+$domainstring ?
$objOU = GetObject($domainstring)
$objUser = $objOU.Create("User", "cn="+$user)
$objUser.Put("sAMAccountName", $user)
$objUser.Put("displayName",$users[$counter,1])
$objUser.Put("givenName",$users[$counter,2])
$objUser.Put("Initials",$users[$counter,3])
$objUser.Put("sn",$users[$counter,4])
$objUser.Put("description",$users[$counter,5])
$objUser.Put("physicalDeliveryOfficeName",$users[$counter,6])
$objUser.Put("telephoneNumber",$users[$counter,7])
$objUser.Put("mail",$users[$counter,8])
$objUser.Put("WWWHomePage",$users[$counter,9])
$domainname = Join(Split(Join(Split($domainstring,'dc='),'.'),','),'')
$domainname = SubStr($domainname,InStr($domainname,'.')+1)
$objUser.Put("UserPrincipalName",$user + "@@" + $domainname)
$objUser.SetInfo
$userpath = Split($domainstring,'//')
$userpath = $userpath[0]+"//cn="+$user+","+$userpath[1]
$objuser2 = getobject($userpath)
$objUser2.AccountLocked=0
$objUser2.AccountDisabled=0
$objuser2.SetInfo
Next


Top
#127224 - 2004-10-08 04:02 AM Re: LDAP User Creation Question
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Updated code.

A problem was pointed out to me. The lines:
Code:
$aDom = split($Domain,".")
$sDNdom = ",dc=" + $aDom[0] + ",dc=" + $aDom[1] + ",dc=" + $aDom[2]



will fail if the text for the first paramater ($Domain) does not contain two periods. The following code is more tolerance and will work with if there are any number of periods, including zero, in the domain name.
Code:
CreateUserAccount("my.domain.com",
"cn=Users",
"BullockTest",
"Howard",
"A",
"Bullock",
"Super Admin",
"Corner with a view",
"999-555-1212",
"habullock@@comcast.net",
"http://home.comcast.net/~habullock" )

Function CreateUserAccount($Domain,
$ContainerDN,
$Account,
optional $FirstName,
optional $MiddleInitial,
optional $LastName,
optional $Description,
optional $Office,
optional $Telephone,
optional $Email,
optional $WebPage,
optional $userPrincipalName )

Dim $aDom, $part, $sDNdom, $LDAPpath, $oContainer, $oUser

if VarTypeName($userPrincipalName) = "Empty"
$userPrincipalName = $Account + "@@" + $Domain
endif

$aDom = split($Domain,".")
for each $part in $aDom
$sDNdom = "" + $sDNdom + ",dc=" + $part
next

$LDAPpath = "LDAP://" + $Domain + "/" + $ContainerDN + $sDNdom
;? $LDAPpath

$oContainer = GetObject($LDAPpath)
if @error
? "GetObject Error: " + @error + " " + @Serror
endif

$oUser = $oContainer.Create("User", "cn=" + $Account)
if @error
? "Create Error: " + @error + " " + @Serror
endif

$oUser.Put("sAMAccountName", $Account)
$oUser.Put("givenName", $FirstName) ;First Name
$oUser.Put("Initials", $MiddleInitial) ;Initials
$oUser.Put("sn", $LastName) ;Last Name(Surname)
$oUser.Put("displayName",$LastName + iif($LastName, ", ","") +
$FirstName + iif($MiddleInitial, " ", "") +
$MiddleInitial) ;Display name
$oUser.Put("description", $Description) ;Description
$oUser.Put("physicalDeliveryOfficeName",$Office) ;Office
$oUser.Put("telephoneNumber",$Telephone);Telephone
$oUser.Put("mail",$Email) ;E-mail
$oUser.Put("wWWHomePage",$WebPage) ;Web page
$oUser.Put("userPrincipalName", $userPrincipalName) ;userPrincipalName

$oUser.SetInfo
$CreateUserAccount = @error
if $CreateUserAccount
? "SetInfo Error: " + @error + " " + @Serror
endif
Endfunction

_________________________
Home page: http://www.kixhelp.com/hb/

Top
#127225 - 2004-10-08 02:08 PM Re: LDAP User Creation Question
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
Howard,

I am looking at this code with interest.. The reason being is that we have some admins that continually miss creating the user personal drives and other information. If this was combined with the ADSSECURITY.DLL, this would be pretty slick..

Re- Kent- Review a WSH script - Part Deux

Thanks,

Kent


_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
#127226 - 2004-10-08 08:06 PM Re: LDAP User Creation Question
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Not sure where ADsSecurity.DLL fits into the picture, but there should be no reason additional functions could not be daisy-chained to this to provide complete automation of creating and configuring a user.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#127227 - 2004-10-08 09:56 PM Re: LDAP User Creation Question
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
One issue is replication time. You can't add a user permissios to a new share on a remote server that does not recognize the account name yet.
Top
#127228 - 2004-10-08 10:33 PM Re: LDAP User Creation Question
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
But if you are smart about the binding, you could bind to a specific domain controller to create the user. If you select the DC that is in the same site as the file/print resource the account would be immediately available.

One could add an additional option parmeter call $DCname. Then the LDAP string would look like:
Code:
 $LDAPpath = "LDAP://" + $DCname + "/" + $ContainerDN + $sDNdom 

if the parm was used. $DCname would default back to the $Domain value if not used. This would permit the creation of objects on a specific DC.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#127229 - 2004-10-12 02:29 PM Re: LDAP User Creation Question
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
Let me explain..

ADSSECURITY.DLL is used to apply persms where you would traditionally use CALCS/XCACLS to set persm on folders. This would be when create a new user, you would also setup the personal drive too.

Kent
_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
Page 1 of 1 1


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.073 seconds in which 0.026 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org