| rossw |
| (Fresh Scripter) |
| 2008-01-10 11:19 PM |
AD.User.Creation
|
I am a newbie to using kix to control Active directory functions. I have been looking at the scripts others have created and taking pieces to play with them to better understand how to make things work. I have know hit a wall and need some more direct help. I have created (via other scripts) this script to add a user to the OU in AD. I am having the following problems:
1) Account shows as disabled
2) Can not add Login Script, password, Street information, exchange account and some other fields. (it would be great if someone could explain how I could find the information for all the fields)
Any help will be great!
;Sets up User ID and Name in Test OU
Code:
CreateAccount("123456","Lastname Test", "LDAP://OU=test,OU=ouinformation,OU=nextleaveOU, dc=Domain ,dc=ad")
Function CreateAccount($UserName, $FullName, $ADsPath)
$OU = GetObject($ADsPath)
$UserObj = $OU.Create("User","cn=$FullName")
$UserObj.Put ("sAMAccountName", $UserName)
$UserObj.Put ("givenName", "John") ;First Name
$UserObj.Put ("Initials", "Frank") ;Initials
$UserObj.Put ("sn", "Smith") ;Last Name(Surname)
$UserObj.Put("displayName","Smith" + IIf("smith", ", ","") +
"John" + IIf("Frank", " ", "") +
"Frank") ;Display name
$UserObj.Put ("description", "Head Man in charge") ;Description
$UserObj.Put ("physicalDeliveryOfficeName","Wahington, DC") ;Office
$UserObj.Put ("telephoneNumber","222-555-5555");Telephone
$UserObj.Put ("mail","first_Last@company.com") ;E-mail
$UserObj.Put ("wWWHomePage","www.kixtart.org") ;Web page
$UserObj.Put ("userPrincipalName", "123456") ;userPrincipalName
$UserObj.Put ("LoginScript", "common.bat") ;Logon Script
$UserObj.Put ("Street", "1234 A Street, NW") ;Street
$UserObj.Put ("Password", "gensler")
$UserObj.Put ("AccountDisabled", "False")
$UserObj.Put ("LoginScript", "gensler_dc\common.bat")
$UserObj.SetInfo
; Objects cleanup
$UserObj = 0
$OU = 0
EndFunction| rossw |
| (Fresh Scripter) |
| 2008-01-11 09:04 PM |
|
AD.User.Creation - Help
|
****Second Post**** No replys on other post.... :-(
I am a newbie to using kix to control Active directory functions. I have been looking at the scripts others have created and taking pieces to play with them to better understand how to make things work. I have know hit a wall and need some more direct help. I have created (via other scripts) this script to add a user to the OU in AD. I am having the following problems:
1) Account shows as disabled
2) Can not add Login Script, password, Street information, exchange account and some other fields. (it would be great if someone could explain how I could find the information for all the fields)
Any help will be great!
;Sets up User ID and Name in Test OU
Code:
CreateAccount("123456","Lastname Test", "LDAP://OU=test,OU=ouinformation,OU=nextleaveOU, dc=Domain ,dc=ad")
Function CreateAccount($UserName, $FullName, $ADsPath)
$OU = GetObject($ADsPath)
$UserObj = $OU.Create("User","cn=$FullName")
$UserObj.Put ("sAMAccountName", $UserName)
$UserObj.Put ("givenName", "John") ;First Name
$UserObj.Put ("Initials", "Frank") ;Initials
$UserObj.Put ("sn", "Smith") ;Last Name(Surname)
$UserObj.Put("displayName","Smith" + IIf("smith", ", ","") +
"John" + IIf("Frank", " ", "") +
"Frank") ;Display name
$UserObj.Put ("description", "Head Man in charge") ;Description
$UserObj.Put ("physicalDeliveryOfficeName","Wahington, DC") ;Office
$UserObj.Put ("telephoneNumber","222-555-5555");Telephone
$UserObj.Put ("mail","first_Last@company.com") ;E-mail
$UserObj.Put ("wWWHomePage","www.kixtart.org") ;Web page
$UserObj.Put ("userPrincipalName", "123456") ;userPrincipalName
$UserObj.Put ("LoginScript", "common.bat") ;Logon Script
$UserObj.Put ("Street", "1234 A Street, NW") ;Street
$UserObj.Put ("Password", "gensler")
$UserObj.Put ("AccountDisabled", "False")
$UserObj.Put ("LoginScript", "gensler_dc\common.bat")
$UserObj.SetInfo
; Objects cleanup
$UserObj = 0
$OU = 0
EndFunction| Witto |
| (MM club member) |
| 2008-01-11 10:50 PM |
|
|
Re: AD.User.Creation - Help
|
Maybe this can help?
Hey, Scripting Guy! How Can I Use a Script to Create a Sequential Series of User Accounts?
| Arend_ |
| (MM club member) |
| 2008-01-12 09:42 PM |
|
|
Re: AD.User.Creation
|
Hi, and welcome to the board.
Please use [ CODE ] [ /CODE ] (without the spaces) to wrap your code in.
This is something I wrote a long time, I'm sure I have an optimized version somewhere too but this earlier version is the only one I found at the moment, change the $usr variable to the username and the path below to your text file path and the script will generate a list of all available options to you.
Code:
Break ON
$=SetOption("WrapAtEOL","ON")
$usr = @USERID
$logf = "D:\Schema.txt"
$cnusr = TranslateName($usr)
$usrnfo = GetObject("LDAP://" + $cnusr)
$usrclas = GetObject($usrnfo.schema)
$fso = CreateObject("Scripting.FileSystemObject")
$log = $fso.OpenTextFile($logf, 8, 1)
$log.WriteLine("Mandatory Properties:")
$log.WriteLine("---------------------")
$log.WriteLine("")
For Each $prop in $usrclas.MandatoryProperties
If NOT Instr($prop,"-")
$= Execute("$$Type=VarTypeName($$usrnfo."+$prop+")")
$= Execute("$$Value=$$usrnfo."+$prop)
If $type <> "Object" AND $type <> "Variant[]"
WriteLog($prop,$type,$value)
Else
WriteLog($prop,$type)
EndIf
Else
WriteLog($prop,"N/A")
EndIf
Next
$log.WriteLine("")
$log.WriteLine("Optional Properties:")
$log.WriteLine("--------------------")
$log.WriteLine("")
For Each $prop in $usrclas.OptionalProperties
If NOT Instr($prop,"-")
$= Execute("$$Type=VarTypeName($$usrnfo."+$prop+")")
$= Execute("$$Value=$$usrnfo."+$prop)
If $type = "Variant[]"
For Each $obj in $Value
WriteLog($prop,$type,$obj)
Next
EndIf
If $type <> "Object" AND $type <> "Variant[]"
WriteLog($prop,$type,$value)
Else
WriteLog($prop,$type)
EndIf
Else
WriteLog($prop,"N/A")
EndIf
Next
$log.Close
Function WriteLog($LineToWrite,$sType,Optional $sValue)
If LEN($LineToWrite) < 8
$log.WriteLine($LineToWrite + " " + $sType + " " + $sValue)
EndIf
If LEN($LineToWrite) >= 8 AND LEN($LineToWrite) < 16
$log.WriteLine($LineToWrite + " " + $sType + " " + $sValue)
EndIf
If LEN($LineToWrite) >= 16 AND LEN($LineToWrite) < 24
$log.WriteLine($LineToWrite + " " + $sType + " " + $sValue)
EndIf
If LEN($LineToWrite) >= 24 AND LEN($LineToWrite) < 32
$log.WriteLine($LineToWrite + " " + $sType + " " + $sValue)
EndIf
If LEN($LineToWrite) >= 32
$log.WriteLine($LineToWrite + " " + $sType + " " + $sValue)
EndIf
EndFunction
Function TranslateName($NameToTranslate)
Dim $NameTranslate
$NameTranslate = CreateObject("NameTranslate")
$NameTranslate.Init(3,"")
$NameTranslate.Set(3, @LDOMAIN + "\" + $NameToTranslate)
$TranslateName = $NameTranslate.Get(1)
EndFunction
| rossw |
| (Fresh Scripter) |
| 2008-01-13 03:20 AM |
|
Re: AD.User.Creation
|
Thanks Witto but when I try to pull in the code from that site it seems like I need to change it to run with kix but I am not sure how.
Thanks apronk! I will take a look when I am back on a AD domain.
Thank you both!
| Mart |
| (KiX Supporter) |
| 2008-01-13 11:38 AM |
|
|
Re: AD.User.Creation
|
Originally Posted By: rossw
Thanks Witto but when I try to pull in the code from that site it seems like I need to change it to run with kix but I am not sure how.
....
....
That's because the Scripting Guy scripts in vbs and not kix. Most vbs scripts can be converted to kix but that takes some knowledge of how to construct the vbs commands/function in kix.
| rossw |
| (Fresh Scripter) |
| 2008-01-14 08:59 PM |
|
Re: AD.User.Creation
|
Thanks apronk! I ran your script and I was able to get some more information. It really helped. I am still not able to figure out why the account is aways created disabled but I will keep at it. Thanks again!
| Mart |
| (KiX Supporter) |
| 2008-01-14 09:09 PM |
|
|
|
Re: AD.User.Creation
|
I'm not 100% sure and I might burn myself saying this but I think I heard this issue once before. The answer was that one needs to explicitly enable the account after creating it with a script.
| rossw |
| (Fresh Scripter) |
| 2008-01-14 11:56 PM |
|
Re: AD.User.Creation
|
Originally Posted By: Mart
I'm not 100% sure and I might burn myself saying this but I think I heard this issue once before. The answer was that one needs to explicitly enable the account after creating it with a script.
thanks Mart, but how do you enable an ad user account. I also think it might have something to do with the password not being set. Do you know how to set a default password?
Will
| Arend_ |
| (MM club member) |
| 2008-01-15 09:26 AM |
|
|
|
Re: AD.User.Creation
|
Code:
$usr.SetPassword("newpassword") ;Sets the password to "newpassword"
$usr.Put("pwdLastSet", 0) ;User has to change the pw as soon as he/she logs in
$usr.AccountDisabled = 0 ;Enables the account
$usr.SetInfo
| rossw |
| (Fresh Scripter) |
| 2008-01-15 11:50 PM |
|
Re: AD.User.Creation
|
Originally Posted By: apronk
Code:
$usr.SetPassword("newpassword") ;Sets the password to "newpassword"
$usr.Put("pwdLastSet", 0) ;User has to change the pw as soon as he/she logs in
$usr.AccountDisabled = 0 ;Enables the account
$usr.SetInfo
Thanks apronk but the code is not working. When I check it for error it always fails. (except for the change password at next login) Not sure what I am doing wrong but this is driving me crazy!
| Mart |
| (KiX Supporter) |
| 2008-01-16 12:11 AM |
|
|
|
Re: AD.User.Creation
|
Can you post the code you have so far?
Please use the code tags when posting code.
| Arend_ |
| (MM club member) |
| 2008-01-16 08:59 AM |
|
|
|
Re: AD.User.Creation
|
Hmmm, I know kix doesn't support True and False statements, but this seems to work for me as well:
Code:
$usr.AccountDisabled = False
Richard H.
|
| (KiX Supporter) |
| 2008-01-16 09:35 AM |
|
Re: AD.User.Creation
|
Originally Posted By: apronk
Hmmm, I know kix doesn't support True and False statements, but this seems to work for me as well:
Code:
$usr.AccountDisabled = False
It works by accident of the way that the interpreter deals with unknowns, so don't rely on it.
KiXtart supports the right types for TRUE / FALSE, so you just need to declare them:
Code:
Global $TRUE $TRUE=Not 0 Global $FALSE $FALSE=Not $TRUE ... $usr.AccountDisabled = $FALSE
| Arend_ |
| (MM club member) |
| 2008-01-16 02:14 PM |
|
|
|
Re: AD.User.Creation
|
Originally Posted By: Richard H.
Originally Posted By: apronk
Hmmm, I know kix doesn't support True and False statements, but this seems to work for me as well:
Code:
$usr.AccountDisabled = False
It works by accident of the way that the interpreter deals with unknowns, so don't rely on it.
KiXtart supports the right types for TRUE / FALSE, so you just need to declare them:
Code:
Global $TRUE $TRUE=Not 0 Global $FALSE $FALSE=Not $TRUE ... $usr.AccountDisabled = $FALSE
Which is not per definition true (ehm ascii true.. hehe)
The "Not 0" statement doesn't always work in COM aquired boolean values. So it is subject to change with every COM object you're attempting to use.
| rossw |
| (Fresh Scripter) |
| 2008-01-16 11:52 PM |
|
Re: AD.User.Creation
|
Originally Posted By: Mart
Can you post the code you have so far?
Please use the code tags when posting code.
Please use the code tags when posting code.
Code:
CreateAccount("123456","Lastname Test", "LDAP://OU=test,OU=ouinformation,OU=nextleaveOU, dc=Domain ,dc=ad")
Function CreateAccount($UserName, $FullName, $ADsPath)
$OU = GetObject($ADsPath)
$UserObj = $OU.Create("User","cn=$FullName")
$UserObj.Put ("sAMAccountName", $UserName)
$UserObj.Put ("givenName", "John") ;First Name
$UserObj.Put ("Initials", "Frank") ;Initials
$UserObj.Put ("sn", "Smith") ;Last Name(Surname)
$UserObj.Put("displayName","Smith" + IIf("smith", ", ","") +
"John" + IIf("Frank", " ", "") +
"Frank") ;Display name
$UserObj.Put ("description", "Head Man in charge") ;Description
$UserObj.Put ("physicalDeliveryOfficeName","Wahington, DC") ;Office
$UserObj.Put ("telephoneNumber","222-555-5555");Telephone
$UserObj.Put ("mail","first_Last@company.com") ;E-mail
$UserObj.Put ("wWWHomePage","www.kixtart.org") ;Web page
$UserObj.Put ("userPrincipalName", "123456") ;userPrincipalName
$UserObj.Put ("LoginScript", "common.bat") ;Logon Script
$UserObj.Put ("Street", "1234 A Street, NW") ;Street
$UserObj.Put ("Password", "gensler")
$UserObj.Put ("AccountDisabled", "False")
$UserObj.Put ("LoginScript", "gensler_dc\common.bat")
; Added Code
$userObj.SetPassword("password") ;Sets the password to "newpassword"
$userObj.Put("pwdLastSet", 0) ;User has to change the pw as soon as he/she logs in
$userObj.AccountDisabled = 0 ;Enables the account
;End of test code
$UserObj.SetInfo
; Objects cleanup
$UserObj = 0
$OU = 0
EndFunctionDo I need to write a new function that runs after the account is created?
| Arend_ |
| (MM club member) |
| 2008-01-17 09:15 AM |
|
|
|
Re: AD.User.Creation
|
Please try this code, you've made a few errors, one of which is having "LoginScript" 2 times, LoginScript is actually "scriptPath", You need to use .SetInfo 2 times, one before you enable the account and set password. And some "" errors. here is the cleaned up code:
Code:
CreateAccount("123456","Lastname Test", "LDAP://OU=test,OU=ouinformation,OU=nextleaveOU, dc=Domain ,dc=ad")
Function CreateAccount($UserName, $FullName, $ADsPath)
$OU = GetObject($ADsPath)
$UserObj = $OU.Create("User","cn="+$FullName)
$UserObj.Put("sAMAccountName", $UserName)
$UserObj.Put("givenName", "John") ;First Name
$UserObj.Put("Initials", "Frank") ;Initials
$UserObj.Put("sn", "Smith") ;Last Name(Surname)
$UserObj.Put("displayName","Smith" + IIf("smith", ", ","") + "John" + IIf("Frank", " ", "") + "Frank") ;Display name
$UserObj.Put("description", "Head Man in charge") ;Description
$UserObj.Put("physicalDeliveryOfficeName","Wahington, DC") ;Office
$UserObj.Put("telephoneNumber","222-555-5555");Telephone
$UserObj.Put("mail","first_Last@company.com") ;E-mail
$UserObj.Put("wWWHomePage","www.kixtart.org") ;Web page
$UserObj.Put("userPrincipalName", "123456") ;userPrincipalName
$UserObj.Put("scriptPath", "common.bat") ;Logon Script
$UserObj.Put("Street", "1234 A Street, NW") ;Street
$UserObj.Put("Password", "gensler")
$UserObj.SetInfo
; Added Code
$userObj.SetPassword("password") ;Sets the password to "newpassword"
$userObj.Put("pwdLastSet", 0) ;User has to change the pw as soon as he/she logs in
$userObj.AccountDisabled = 0 ;Enables the account
$UserObj.SetInfo
; Objects cleanup
$UserObj = 0
$OU = 0
EndFunction
|
Richard H.
|
| (KiX Supporter) |
| 2008-01-17 09:40 AM |
|
Re: AD.User.Creation
|
Code:
Which is not per definition true (ehm ascii true.. hehe) The "Not 0" statement doesn't always work in COM aquired boolean values. So it is subject to change with every COM object you're attempting to use.
Not too sure what you mean - "Not 0" is not ASCII, it creates a boolean variable with a true value. Try using VarTypeName() on the variable.
| Arend_ |
| (MM club member) |
| 2008-01-17 01:35 PM |
|
|
|
Re: AD.User.Creation
|
ascii true was a joke, it was me saying "not per definition true"
I agree that "Not 0" will create a kixtart acceptable Boolean value but some COM object don't accept that as true boolean, not saying kixtart is wrong, just that some COM objects behave differently.
| rossw |
| (Fresh Scripter) |
| 2008-01-17 09:49 PM |
|
Re: AD.User.Creation
|
Originally Posted By: apronk
Please try this code, you've made a few errors, one of which is having "LoginScript" 2 times, LoginScript is actually "scriptPath", You need to use .SetInfo 2 times, one before you enable the account and set password. And some "" errors. here is the cleaned up code:
Apronk you ROCK!!!! THANK YOU! THANK YOU! THANK YOU! I removed the unneeded $UserObj.Put("Password", "gensler") statement and your revised code worked perfert. THANKS!!!!
| Arend_ |
| (MM club member) |
| 2008-01-18 08:21 AM |
|
|
|
Re: AD.User.Creation
|
A yeah, I overlooked the .Put("Password")
Glad I could help
| 5861king |
| (Fresh Scripter) |
| 2009-08-24 06:34 PM |
|
Re: AD.User.Creation
|
Originally Posted By: apronk
Please try this code, you've made a few errors, one of which is having "LoginScript" 2 times, LoginScript is actually "scriptPath", You need to use .SetInfo 2 times, one before you enable the account and set password. And some "" errors. here is the cleaned up code:
Code:
CreateAccount("123456","Lastname Test", "LDAP://OU=test,OU=ouinformation,OU=nextleaveOU, dc=Domain ,dc=ad")
Function CreateAccount($UserName, $FullName, $ADsPath)
$OU = GetObject($ADsPath)
$UserObj = $OU.Create("User","cn="+$FullName)
$UserObj.Put("sAMAccountName", $UserName)
$UserObj.Put("givenName", "John") ;First Name
$UserObj.Put("Initials", "Frank") ;Initials
$UserObj.Put("sn", "Smith") ;Last Name(Surname)
$UserObj.Put("displayName","Smith" + IIf("smith", ", ","") + "John" + IIf("Frank", " ", "") + "Frank") ;Display name
$UserObj.Put("description", "Head Man in charge") ;Description
$UserObj.Put("physicalDeliveryOfficeName","Wahington, DC") ;Office
$UserObj.Put("telephoneNumber","222-555-5555");Telephone
$UserObj.Put("mail","first_Last@company.com") ;E-mail
$UserObj.Put("wWWHomePage","www.kixtart.org") ;Web page
$UserObj.Put("userPrincipalName", "123456") ;userPrincipalName
$UserObj.Put("scriptPath", "common.bat") ;Logon Script
$UserObj.Put("Street", "1234 A Street, NW") ;Street
$UserObj.Put("Password", "gensler")
$UserObj.SetInfo
; Added Code
$userObj.SetPassword("password") ;Sets the password to "newpassword"
$userObj.Put("pwdLastSet", 0) ;User has to change the pw as soon as he/she logs in
$userObj.AccountDisabled = 0 ;Enables the account
$UserObj.SetInfo
; Objects cleanup
$UserObj = 0
$OU = 0
EndFunction
Hi ya.
Can you help when I run this code on Kix 4.60 I get an error message see below.
ERROR : expected ')'!
Script: H:\Folder Lock\Locker\Misc Stuff\Kix\AdminScriptEditor\ldap6.kix
Line : 36
This is what the line is
$UserObj = $OU.Create("User", "cn=" + $FullName)
can any one help me with this one, I would love to get this working.
Thanks
Glyn
| Gargoyle |
| (MM club member) |
| 2009-08-24 10:32 PM |
|
|
Re: AD.User.Creation
|
5861king - Please do not HiJack old threads (lsat response was 4 years ago). Please start a new thread providing as many details as possible.
| Mart |
| (KiX Supporter) |
| 2009-08-24 10:39 PM |
|
|
|
Re: AD.User.Creation
|
A little more then 18 months Garg
But still, a new thread would be the way to go.
| 5861king |
| (Fresh Scripter) |
| 2009-08-24 11:39 PM |
|
Re: AD.User.Creation
|
sorry I'll post a new thread!!
| Gargoyle |
| (MM club member) |
| 2009-08-24 11:48 PM |
|
|
|
Re: AD.User.Creation
|
@Mart,
Oops looked at the Registration date of the last responder not the date of the last response. Oh well...