JSI Tip 5297. Basic user account creation with ADSI scripting.

NOTE: The text in the following Microsoft Knowledge Base article is provided so that the site search can find this page. Please click the Knowledge Base link to insure that you are reading the most current information.

Microsoft Knowledge Base article Q230750 contains:

The Active Directory Services Interface (ADSI) tool provides a single consistent set of interfaces that can be called in scripts using the Microsoft Windows Script Host, or other scripting languages (VBScript and JScript are supported natively).

This article demonstrates how an administrator can use ADSI to script the creation of user accounts within Active Directory.


MORE INFORMATION

The following sample script is used for demonstration purposes.

NOTE : This script requires the appropriate security context to operate. It must be run from a session in which the logged-on user has permission to create an object in the target organizational unit (OU).

Sample Script

Set ou = GetObject("LDAP://OU=Marketing,OU=DSys,DC=adsidev,DC=nttest,DC=microsoft,DC=com")
Set usr = ou.Create("user", "CN=John Smith")
'--- Mandatory Attributes----
usr.Put "samAccountName", "jsmith"

'---- Optional Attributes, you can optionally skip these----
usr.Put "sn", "Smith"
usr.Put "givenName", "John"
usr.Put "userPrincipalName", "[email protected]"
usr.Put "telephoneNumber", "(425) 123 4567"
usr.Put "title", "Marketing Administrator Dept"
usr.SetInfo

'--Now that the user is created, reset the user's password and
'--enable its account

usr.SetPassword "secret***!"
usr.AccountDisabled = False
usr.SetInfo

Explanation of the Sample Script

  1. First, bind to a specific OU using the GetObject function. Pass this function the Lightweight Directory Access Protocol (LDAP) path to the specific object desired.


  2. A user object is created by performing the Create method directly on the OU object. The object type (user), and canonical name (John Smith) are passed as parameters of the create method.


  3. The only required property is samAccountName, which is passed in the next line. All other properties are optional. Properties are inserted into the object using the Put method.


  4. The SetInfo method is used to apply the current set of changes against the object. Once the object has been created, it is then possible to set its password and make the account enabled.


For more information, visit the following Microsoft Web site:
http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/adsilinks.asp


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish