#127212 - 2004-09-30 12:18 AM
LDAP User Creation Question
|
ShaneEP
MM club member
Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
|
Hopefully this question wont make me look too stupid. But Ive looked around and havent been able to find the answer anywhere. Not saying that its not out there...just havent been able to find it yet and I figure it would be faster to just ask here. Im using the below code to read the contents of an excel spreadsheet, using lonk's readexcel2 udf. Im then using this info to create new AD user accounts accordingly. Im pretty stupid when it comes to LDAP, so here comes my question. The ID's are being created with no problem...But when I look at them in AD, on the account tab, the 'User logon name' is blank and the domain drop down just to the right of that has nothing selected. Only the (pre-windows 2000) login name fields are filled in. Is this normal? If I manually create a user account it does not allow me to finish creating it unless I specify this info so I would think it is important. Am I missing a .Put or something to insert this info?
Here is the code Im trying...
Code:
$users = ReadExcel2(@ScriptDir+'\users.xls',,-1,6)
For $counter=1 to ubound($users,1) $user = $users[$counter,0] $domainstring = $users[$counter,5] $objOU = GetObject($domainstring) $objUser = $objOU.Create("User", "cn="+$user) $objUser.Put("sAMAccountName", $user) $objUser.fullname = $users[$counter,1] $objUser.firstname = $users[$counter,2] $objUser.lastname = $users[$counter,3] $objUser.description = $users[$counter,4] $objUser.SetInfo $userpath = Split($domainstring,'//') $userpath = $userpath[0]+"//cn="+$user+","+$userpath[1] $objuser2 = getobject($userpath) $objUser2.AccountLocked=0 $objUser2.AccountDisabled=0 $objuser2.SetInfo Next
|
Top
|
|
|
|
#127213 - 2004-10-01 07:08 AM
Re: LDAP User Creation Question
|
ShaneEP
MM club member
Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
|
Wow, I never thought I would be the one to stump the korg members. Or am I just getting the cold shoulder here.
|
Top
|
|
|
|
#127214 - 2004-10-01 07:18 AM
Re: LDAP User Creation Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I have Perl code somewhere that I can translate. I wanted to get back here before this, but have been very busy. I think you should start by using $user.PUT("property") for each item you want to set and check @error @serror after each PUT and setinfo.
|
Top
|
|
|
|
#127215 - 2004-10-02 10:19 AM
Re: LDAP User Creation Question
|
jpeachman
Fresh Scripter
Registered: 2002-11-18
Posts: 39
|
The missing 'User logon name' value is set through sAMAccountName. Try changing Code:
$objUser.Put("sAMAccountName", $user)
to Code:
$objUser.Put "sAMAccountName", $user
Joe
|
Top
|
|
|
|
#127216 - 2004-10-02 02:42 PM
Re: LDAP User Creation Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Quote:
$objUser.Put "sAMAccountName", $user
Is VBS syntax. The original code is correct for KiXtart.
|
Top
|
|
|
|
#127218 - 2004-10-02 06:51 PM
Re: LDAP User Creation Question
|
pvds
Hey THIS is FUN
Registered: 2001-04-14
Posts: 201
|
Hi,
Here is some Italian food code but it works for me.
Every year I have to put +1400 Students to AD and this is the part of my script for the creation of the user accounts.
Code:
$adsDomain = GetObject("LDAP://$userOU,dc=$DomainName,dc=$Toplevel") $adsGroup = GetObject("LDAP://cn=$Group,$GroupOU,dc=$DomainName,dc=$Toplevel")
; Gebruiker met gegevens aanmaken
$adsUser = $adsDomain.Create("user","cn=$UserName") $adsUser.Put("SamAccountName",$UserName) $adsUser.Put("UserPrincipalName",$UserName + "@@" + $DomainName + "." + $TopLevel) $adsUser.SetInfo
$adsUser.AccountDisabled = False $adsUser.IsAccountLocked = False $adsUser.PasswordRequired = True $adsUser.SetPassword("$PassWrd")
If $changepasswrd = 1 $adsUser.put("pwdLastSet", 0) EndIf
$adsUser.scriptPath = "wkix32 -i " + $scriptname If $profilename <> "" $adsUser.profilePath = "\\" + $homeserver + "\profielen$\" + $profilename Shell "c:\windows\system32\tsprof /update /local /profile://l01s01s02/profielen$/terminalserver $UserName" EndIf $adsUser.HomeDirectory = "\\" + $homeserver + "\home$\$username" $adsUser.Put("homeDrive", $homedrive)
$adsUser.FirstName = $FirstName $adsUser.givenName = $FirstName $adsUser.LastName = $LastName $adsUser.sn = $LastName $adsUser.displayName = "$FirstName $LastName" $adsUser.Description = $UserDiscr $adsUser.mail = "$UserName@@$DomainName.$TopLevel" $adsUser.initials = $initial $adsUser.SetInfo
$adsGroup.add("LDAP://cn=$UserName,$UserOU,dc=$DomainName,dc=$Toplevel")
Hop it helps
Regards
Peter
|
Top
|
|
|
|
#127219 - 2004-10-02 08:12 PM
Re: LDAP User Creation Question
|
jpeachman
Fresh Scripter
Registered: 2002-11-18
Posts: 39
|
Quote:
$objUser.Put "sAMAccountName", $user
Is VBS syntax. The original code is correct for KiXtart
Right you are . I guess it shows that I never quite got around to converting my working adduser VB scripts to KiX. Sorry!
I was drawn to that line because it does appear that the sAMAccountName is not being set. Jens' suggestion to try a .SetInfo after the .Put is certainly worth trying, but it isn't required there in my VB scripts, which do produce the correct results on Windows Server 2000, so I'm unsure if it will help (can't hurt, though!).
What is the format for $user? I understand some people have problems if there is a space in samAccountName (which is being set to $user), though others say it seems to work fine or that you may need to enclose it in quotes and then it should work.
However, I should have read the original problem more carefully. Shane also mentions "the domain drop down just to the right of that has nothing selected", which is because UserPrincipalName is not being set. See the example posted by Peter.
Joe
|
Top
|
|
|
|
#127221 - 2004-10-02 09:44 PM
Re: LDAP User Creation Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
The code in the post contains an error. See a later post in this thread for the corrected code and an explanation of the problem. Can you spot it before reading the updated post?
Well I seem to be a little late to the party.
Code:
CreateUserAccount("my.domain.com",
"cn=Users",
"BullockTest",
"Howard",
"A",
"Bullock",
"Super Admin",
"Corner with a view",
"999-555-1212",
"habullock@@comcast.net",
"http://home.comcast.net/~habullock" )
Function CreateUserAccount($Domain,
$ContainerDN,
$Account,
optional $FirstName,
optional $MiddleInitial,
optional $LastName,
optional $Description,
optional $Office,
optional $Telephone,
optional $Email,
optional $WebPage,
optional $userPrincipalName )
Dim $aDom, $sDNdom, $LDAPpath, $oContainer, $oUser
if VarTypeName($userPrincipalName) = "Empty"
$userPrincipalName = $Account + "@@" + $Domain
endif
$aDom = split($Domain,".")
$sDNdom = ",dc=" + $aDom[0] + ",dc=" + $aDom[1] + ",dc=" + $aDom[2]
$LDAPpath = "LDAP://" + $Domain + "/" + $ContainerDN + $sDNdom
;? $LDAPpath
$oContainer = GetObject($LDAPpath)
if @error
? "GetObject Error: " + @error + " " + @Serror
endif
$oUser = $oContainer.Create("User", "cn=" + $Account)
if @error
? "Create Error: " + @error + " " + @Serror
endif
$oUser.Put("sAMAccountName", $Account)
$oUser.Put("givenName", $FirstName) ;First Name
$oUser.Put("Initials", $MiddleInitial) ;Initials
$oUser.Put("sn", $LastName) ;Last Name(Surname)
$oUser.Put("displayName",$LastName + iif($LastName, ", ","") +
$FirstName + iif($MiddleInitial, " ", "") +
$MiddleInitial) ;Display name
$oUser.Put("description", $Description) ;Description
$oUser.Put("physicalDeliveryOfficeName",$Office) ;Office
$oUser.Put("telephoneNumber",$Telephone);Telephone
$oUser.Put("mail",$Email) ;E-mail
$oUser.Put("wWWHomePage",$WebPage) ;Web page
$oUser.Put("userPrincipalName", $userPrincipalName) ;userPrincipalName
$oUser.SetInfo
$CreateUserAccount = @error
if $CreateUserAccount
? "SetInfo Error: " + @error + " " + @Serror
endif
Endfunction
Edited by Howard Bullock (2004-10-08 04:08 AM)
|
Top
|
|
|
|
#127223 - 2004-10-04 10:12 PM
Re: LDAP User Creation Question
|
ShaneEP
MM club member
Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
|
The UserPrincipalName did indeed do the trick as expected. Also taking into consideration some of the other suggestions about using Put rather than setting the fields directly, I came out with this. Seems to work great. Thanks for all the help as usual.
Code:
$users = ReadExcel2($usersheet,,-1,11)
For $counter=1 to ubound($users,1) $user = $users[$counter,0] $domainstring = $users[$counter,10] "Creating user account "+$user+" in "+$domainstring ? $objOU = GetObject($domainstring) $objUser = $objOU.Create("User", "cn="+$user) $objUser.Put("sAMAccountName", $user) $objUser.Put("displayName",$users[$counter,1]) $objUser.Put("givenName",$users[$counter,2]) $objUser.Put("Initials",$users[$counter,3]) $objUser.Put("sn",$users[$counter,4]) $objUser.Put("description",$users[$counter,5]) $objUser.Put("physicalDeliveryOfficeName",$users[$counter,6]) $objUser.Put("telephoneNumber",$users[$counter,7]) $objUser.Put("mail",$users[$counter,8]) $objUser.Put("WWWHomePage",$users[$counter,9]) $domainname = Join(Split(Join(Split($domainstring,'dc='),'.'),','),'') $domainname = SubStr($domainname,InStr($domainname,'.')+1) $objUser.Put("UserPrincipalName",$user + "@@" + $domainname) $objUser.SetInfo $userpath = Split($domainstring,'//') $userpath = $userpath[0]+"//cn="+$user+","+$userpath[1] $objuser2 = getobject($userpath) $objUser2.AccountLocked=0 $objUser2.AccountDisabled=0 $objuser2.SetInfo Next
|
Top
|
|
|
|
#127224 - 2004-10-08 04:02 AM
Re: LDAP User Creation Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Updated code.
A problem was pointed out to me. The lines: Code:
$aDom = split($Domain,".") $sDNdom = ",dc=" + $aDom[0] + ",dc=" + $aDom[1] + ",dc=" + $aDom[2]
will fail if the text for the first paramater ($Domain) does not contain two periods. The following code is more tolerance and will work with if there are any number of periods, including zero, in the domain name. Code:
CreateUserAccount("my.domain.com", "cn=Users", "BullockTest", "Howard", "A", "Bullock", "Super Admin", "Corner with a view", "999-555-1212", "habullock@@comcast.net", "http://home.comcast.net/~habullock" )
Function CreateUserAccount($Domain, $ContainerDN, $Account, optional $FirstName, optional $MiddleInitial, optional $LastName, optional $Description, optional $Office, optional $Telephone, optional $Email, optional $WebPage, optional $userPrincipalName )
Dim $aDom, $part, $sDNdom, $LDAPpath, $oContainer, $oUser
if VarTypeName($userPrincipalName) = "Empty" $userPrincipalName = $Account + "@@" + $Domain endif
$aDom = split($Domain,".") for each $part in $aDom $sDNdom = "" + $sDNdom + ",dc=" + $part next
$LDAPpath = "LDAP://" + $Domain + "/" + $ContainerDN + $sDNdom ;? $LDAPpath
$oContainer = GetObject($LDAPpath) if @error ? "GetObject Error: " + @error + " " + @Serror endif
$oUser = $oContainer.Create("User", "cn=" + $Account) if @error ? "Create Error: " + @error + " " + @Serror endif
$oUser.Put("sAMAccountName", $Account) $oUser.Put("givenName", $FirstName) ;First Name $oUser.Put("Initials", $MiddleInitial) ;Initials $oUser.Put("sn", $LastName) ;Last Name(Surname) $oUser.Put("displayName",$LastName + iif($LastName, ", ","") + $FirstName + iif($MiddleInitial, " ", "") + $MiddleInitial) ;Display name $oUser.Put("description", $Description) ;Description $oUser.Put("physicalDeliveryOfficeName",$Office) ;Office $oUser.Put("telephoneNumber",$Telephone);Telephone $oUser.Put("mail",$Email) ;E-mail $oUser.Put("wWWHomePage",$WebPage) ;Web page $oUser.Put("userPrincipalName", $userPrincipalName) ;userPrincipalName
$oUser.SetInfo $CreateUserAccount = @error if $CreateUserAccount ? "SetInfo Error: " + @error + " " + @Serror endif Endfunction
|
Top
|
|
|
|
#127225 - 2004-10-08 02:08 PM
Re: LDAP User Creation Question
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Howard,
I am looking at this code with interest.. The reason being is that we have some admins that continually miss creating the user personal drives and other information. If this was combined with the ADSSECURITY.DLL, this would be pretty slick..
Re- Kent- Review a WSH script - Part Deux
Thanks,
Kent
|
Top
|
|
|
|
#127226 - 2004-10-08 08:06 PM
Re: LDAP User Creation Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Not sure where ADsSecurity.DLL fits into the picture, but there should be no reason additional functions could not be daisy-chained to this to provide complete automation of creating and configuring a user.
|
Top
|
|
|
|
#127228 - 2004-10-08 10:33 PM
Re: LDAP User Creation Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
But if you are smart about the binding, you could bind to a specific domain controller to create the user. If you select the DC that is in the same site as the file/print resource the account would be immediately available.
One could add an additional option parmeter call $DCname. Then the LDAP string would look like: Code:
$LDAPpath = "LDAP://" + $DCname + "/" + $ContainerDN + $sDNdom if the parm was used. $DCname would default back to the $Domain value if not used. This would permit the creation of objects on a specific DC.
|
Top
|
|
|
|
#127229 - 2004-10-12 02:29 PM
Re: LDAP User Creation Question
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Let me explain..
ADSSECURITY.DLL is used to apply persms where you would traditionally use CALCS/XCACLS to set persm on folders. This would be when create a new user, you would also setup the personal drive too.
Kent
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
1 registered
(Allen)
and 466 anonymous users online.
|
|
|