#71885 - 2002-11-28 09:10 AM
A little help with ADSI
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
Hi all,
I'm not too familiar with ADSI yet, and can't find an answer to the following issue;
I need to create a local user account on all NT based systems in the domain (NT4 & 2000 clients):
Username: Test
Full Name: Test account
Description: Local account for testing purposes
Password: secret
The account must only have flags set for 'User cannot change password' and 'Password never expires'. The account also must be part of the local administrators group.
I've downloaded the ADSI SDK, helpfiles, and browsed through the forum, but can't seem to get it though. This is all I've got so far:
(by the way; account name, password, description etc are fake, but show what I need to do)
code:
; User to create
$UserName = "Test"
; Password to set for the user
$UserPass = "secret"
; Computername to create the account on
$TargetPC = "TESTNAME"
; Bind to the remote machine
$Object = GetObject("WinNT://$TargetPC")
; Create the user on the remote machine
$Create = $Object.Create("User",$UserName)
; Set the password for the user
$Create.SetPassword($UserPass)
; Apply changes currently in cache
$Create.SetInfo
; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on)
$Create.PasswordExpired = 0
; Apply changes currently in cache
$Create.SetInfo
Exit
Who can help me with this? And where can I find a website where I can learn how to figure these things out for myself? In laymen terms that is..?
Thanks for the help!
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
|
Top
|
|
|
|
|
#71886 - 2002-11-28 10:23 AM
Re: A little help with ADSI
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11631
Loc: CA
|
Hi Jeroen,
This Microsoft website has all this kind of information. It is related to WSH, but most of the code is very easily converted to KiXtart.
Microsoft TechNet Script Center
This is also a very good site for this type of scripting.
Win32 Scripting
I see from your post count that you've been around for at least a little while. Don't forget that the board has a search engine that can help to locate all the correct pieces of code.
I am one of the few that will sometimes write ALL the code for you, but I'm currently too distracted with other things ![[Roll Eyes]](images/icons/rolleyes.gif)
MCA is also known to write complete pieces of code for people sometimes, but he seems to be rather silent lately.
Hope these resources help. Work on it some more and if still stuck, post a more direct single ended post asking for assistance with a single portion of the task.
|
|
Top
|
|
|
|
|
#71887 - 2002-11-28 03:10 PM
Re: A little help with ADSI
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
To set userflags, you have to do a put on the property. I've taken the liberty to modify your code...
code:
; UserFlag Constants....
; SCRIPT = &1
; ACCOUNTDISABLE = &2
; HOMEDIR_REQUIRED = &8
; LOCKOUT = &10
; PASSWD_NOTREQD = &20
; PASSWD_CANT_CHANGE = &40
; ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80
; TEMP_DUPLICATE_ACCOUNT = &100
; NORMAL_ACCOUNT = &200
; INTERDOMAIN_TRUST_ACCOUNT = &800
; WORKSTATION_TRUST_ACCOUNT = &1000
; SERVER_TRUST_ACCOUNT = &2000
; DONT_EXPIRE_PASSWD = &10000
; MNS_LOGON_ACCOUNT = &20000
; SMARTCARD_REQUIRED = &40000
; TRUSTED_FOR_DELEGATION = &80000
; NOT_DELEGATED = &100000
; USE_DES_KEY_ONLY = &200000
; DONT_REQUIRE_PREAUTH = &400000
; PASSWORD_EXPIRED = &800000
; TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &1000000
; User to create
$UserName = "Test"
; Password to set for the user
$UserPass = "secret"
; Computername to create the account on
$TargetPC = "TESTNAME"
; Bind to the remote machine
$Object = GetObject("WinNT://$TargetPC")
; Create the user on the remote machine
$Create = $Object.Create("User",$UserName)
; Set the password for the user
$Create.SetPassword($UserPass)
; Disable the User Must Change Password at Next Logon flag (value 0 = off, 1 = on)
$Create.PasswordExpired = 0
$UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires
$Create.Put("UserFlags",$UserFlags)
; Apply changes currently in cache
$Create.SetInfo
$group = GetObject("WinNT://"+$TargetPC+"/Administrators")
$group.Add($Create.ADSPath)
Exit
I took out the 'extra' SetInfo's. You only need to do that once, not each time you set a new property.
[ 28. November 2002, 15:44: Message edited by: Chris S. ]
|
|
Top
|
|
|
|
|
#71889 - 2002-11-28 03:46 PM
Re: A little help with ADSI
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Chris, you're too kind. Even I will vote for you. ![[Smile]](images/icons/smile.gif)
[ 28. November 2002, 15:47: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#71890 - 2002-11-28 03:52 PM
Re: A little help with ADSI
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
Well, thank you, Howard. Makes me glad I already voted for you. ![[Wink]](images/icons/wink.gif)
Happy Thanksgiving.
|
|
Top
|
|
|
|
#71891 - 2002-12-10 12:55 AM
Re: A little help with ADSI
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
Hi guys,
Sorry for the late response, I've been ill... Anyway, I've tried the script exactly as posted above, and all works, except the flags for Password never expires and User cannot change password. The account is created as expected, is also placed in the Administrators group, bu the flags are not set. Any ideas?
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
|
Top
|
|
|
|
|
#71892 - 2002-12-09 02:14 PM
Re: A little help with ADSI
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
To actually create the account you need flags of Decimal(513) Hex (201)as a base. Generally when altering the user flags, I recommend that the account be created and then read the flags and perform the required binary OR or XOR to set or remove the additional flags.
But in this case I think that all you need to do would be to alter: code:
$UserFlags = &40 + &10000 ; User cannot change pswd + pswd never expires
to:
code:
$UserFlags = &1 + &200 + &40 + &10000 ; User cannot change pswd + pswd never expires
Try it and let us know.
[ 09. December 2002, 14:14: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
#71893 - 2002-12-09 02:40 PM
Re: A little help with ADSI
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
Howard,
That's it !! Thanks, works fine now!
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
|
Top
|
|
|
|
#71894 - 2002-12-10 09:45 PM
Re: A little help with ADSI
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
Dear NTDOC,
The silence has been gone. Only one forum to read with old stuff.
So our TO-DO list gets complete.
The first TO-DO issue will be a review of FAQ forum. Some topics need some
additional input.
greetings.
|
|
Top
|
|
|
|
|
#71896 - 2002-12-10 10:26 PM
Re: A little help with ADSI
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
Dear Lonkero,
So our TO-DO list gets complete had to deal with the feedback from topic content.
Before going on vacation we had already a TO-DO list. To prevent unnecessary work
we found it important to read what people are telling about f.e. our tools.
Also the reactions inspire us to make some effort to our site.
The most important part was first to get and to keep the list of unread mes-
sages low. Making changes to the tools, creating documentation and redesigning
site need a little bit of quiet environment.
greetings.
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 764 anonymous users online.
|
|
|
![[Razz]](images/icons/tongue.gif){kind=icon}
