Automating User Creation
In this example, I'll show you how to use ActiveX Data Objects (ADO) to query information from an Excel spreadsheet, put that information into script variables, and use those variables to create and configure new domain user objects.
NOTE
I've not covered ADO, and I find it doesn't come up often in many administrative scripts. I don't provide a comprehensive explanation of it here, but this example should give you a starting point if you have a need for a similar script in the future.
To run this script, you're going to need to create an Excel spreadsheet. Leave the first sheet named Sheet1, which is the default, and enter the following column headers on row 1:
UserID FullName Description HomeDirectory Groups DialIn
Populate the remaining rows as follows.
UserID:
Enter the unique user ID you want this user to have. Note that the script doesn't do any error checking, and Windows lets you create users with duplicate names in a script. Be careful, though, because user accounts with duplicate names don't behave properly.
FullName:
The full name of the user.
Description:
Optionally, a description of the user.
HomeDirectory:
This needs to be a subfolder under a file server's root folder. You'll see how this gets used later.
Groups:
A comma-delimited list of groups the user should be placed in.
DialIn:
"Yes" or "No" describing whether the user should have dial-in permissions.
TIP
This script is designed to work in any Windows domain, from Windows NT to Active Directory.
 Automating User Creation
Automating the creation of new user accounts is a must-have administrative utility in many environments, because it helps reduce administrative time and improve the consistency of the created accounts. Listing 30.1 shows a script that reads user information from an Excel spreadsheet and creates the appropriate domain user accounts.
Listing 30.1. AddUsers.vbs. This script pulls new user information from an Excel spreadsheet and creates the user accounts.
' PART 1: Open up the Excel spreadsheet
' using ActiveX Data Objects
Dim oCN
Set oCN = CreateObject("ADODB.Connection")
oCN.Open "Excel"
Dim oRS
Set oRS = oCN.Execute("SELECT * FROM [Sheet1$]")
' PART 2: Get a reference to the
' Windows NT domain using ADSI
Dim oDomain
Set oDomain = GetObject("WinNT://NT4PDC")
' PART 3: Open an output text file
' to store users' initial passwords
Dim oFSO, oTS
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.CreateTextFile("c:\passwords.txt",True)
' PART 4: For each record in the recordset,
' add the user, set the correct user
' properties, and add the user to the
' appropriate groups
' create the necessary variables
Dim sUserID, sFullName, sDescription
Dim sHomeDir, sGroups, sDialIn
Dim sPassword, oUserAcct, oFolder
Dim sGroupList, iTemp, oGroup
' define the base path for the home
' directories to be created in
Dim sHomePath
sHomePath = "\\iridis1\c$\users\"
' now go through the recordset one
' row at a time
Do Until oRS.EOF
' get the user information from this row
sUserID = oRS("UserID")
sFullName = oRS("FullName")
sDescription = oRS("Description")
sHomeDir = oRS("HomeDirectory")
sGroups = oRS("Groups")
sDialIn = oRS("DialIn")
' make up a new password
sPassword = Left(sUserID,2) & DatePart("n",Time) & _
DatePart("y",Date) & DatePart("s",Time)
' create the user account
Set oUserAcct = oDomain.Create("user",sUserID)
' set account properties
oUserAcct.SetPassword sPassword
oUserAcct.FullName = sFullName
oUserAcct.Description = sDescription
oUserAcct.HomeDirectory = sHomeDir
' set RAS permission
If sDialIn = "Y" Then
oUserAcct.RasPermissions = 9
Else
oUserAcct.RasPermissions = 1
End If
' save the account
oUserAcct.SetInfo
' get a reference to the new account
' this gets us a valid SID & other info
Set oUserAcct = GetObject("WinNT://NT4PDC/" & _
sUserID & ",user")
' write password to file
oTS.Write sUserID & "," & sPassword & vbCrLf
' PART 4A: Add user account to groups
' use the Split function to turn the
' comma-separated list into an array
sGroupList = Split(sGroups, ",")
' go through the array and add the user
' to each group
For iTemp = 0 To uBound(sGroupList) - 1
' get the group
Set oGroup = GetObject("WinNT://NT4PDC/" & _
sGroupList(iTemp) & ",group")
' add the user account
oGroup.Add oUserAcct.ADsPath
' release the group
Set oGroup = Nothing
Next
' PART 4B: Create the user's Home Directory
' (append UserID to the Home Path variable)
Set oFolder = oFSO.CreateFolder(sHomePath & sUserID)
' PART 5: All done!
' release the user account
Set oUserAcct = Nothing
' move to the next row in the recordset
oRS.MoveNext
Loop
' PART 6: Final clean up, close down
oRS.Close
oTS.Close
WScript.Echo "Passwords have been written to c:\passwords.txt."
Before you can run this script, you need to create a System ODBC DSN named Excel that points to your Excel spreadsheet. You'll also need to edit the server and domain names in the script to match your environment.
Automating User Creation-Explained
This is a hard-working script that has quite a bit of functionality. It starts by defining an ADO connection, and then opening it. Note that for the script to work, a System ODBC DSN named Excel must exist, and it must point to a spreadsheet matching the description I gave you earlier.
' PART 1: Open up the Excel spreadsheet
' using ActiveX Data Objects
Dim oCN
Set oCN = CreateObject("ADODB.Connection")
oCN.Open "Excel"
Next, the script creates an ADO recordset-a set of database records-by querying the rows from the Excel spreadsheet.
Dim oRS
Set oRS = oCN.Execute("SELECT * FROM [Sheet1$]")
Now, the script uses ADSI to get a reference to the Windows domain. In this example, I'm connecting directly to an NT 4.0 PDC; you could specify an Active Directory domain name or an Active Directory domain controller, if you want. For more on using ADSI to connect to a domain, see Chapter 15.
' PART 2: Get a reference to the
' Windows NT domain using ADSI
Dim oDomain
Set oDomain = GetObject("WinNT://NT4PDC")
The last preliminary step is to create an output text file, where I store the new users' passwords. For more information on how to create and write to text files, turn to Chapter 12.
' PART 3: Open an output text file
' to store users' initial passwords
Dim oFSO, oTS
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.CreateTextFile("c:\passwords.txt",True)
The script can begin its real work. The first step is to define several variables, which are used to store information about each user as we create each user's account.
' PART 4: For each record in the recordset,
' add the user, set the correct user
' properties, and add the user to the
' appropriate groups
' create the necessary variables
Dim sUserID, sFullName, sDescription
Dim sHomeDir, sGroups, sDialIn
Dim sPassword, oUserAcct, oFolder
Dim sGroupList, iTemp, oGroup
Next, I define a variable for where I want the users' home directories created. Note that I'm using the C$ administrative share of a particular server. Whatever information is in the HomeDirectory column for each user will be appended to this file path, and the user's User ID will be appended to that. For example, if I want my own home directory to be \\BrainCore1\C$\Users\DonJ, I'd leave the HomeDirectory column blank in the spreadsheet.
' define the base path for the home
' directories to be created in
Dim sHomePath
sHomePath = "\\BrainCore1\C$\Users\"
Now, I use a Do…Loop to go through each row in the recordset-meaning each row in the Excel spreadsheet-one at a time. The recordset is an EOF property that will be set to True when I reach the end of the recordset, so having the loop check that keeps everything running smoothly.
' now go through the recordset one
' row at a time
Do Until oRS.EOF
I pull information from the current row into variables, just to make the information easier to work with. Notice that I simply tell the recordset object which column's information I want, and the information is retrieved.
' get the user information from this row
sUserID = oRS("UserID")
sFullName = oRS("FullName")
sDescription = oRS("Description")
sHomeDir = oRS("HomeDirectory")
sGroups = oRS("Groups")
sDialIn = oRS("DialIn")
I need to make up a new password for the user. I'm using the leftmost two characters of the user ID, and the current minutes, Julian date, and seconds from the system clock. It's not a great password, but it's reasonably unique, tough to guess, and easy to communicate to the user when he shows up for his first day of work.
' make up a new password
sPassword = Left(sUserID,2) & DatePart("n",Time) & _
DatePart("y",Date) & DatePart("s",Time)
Next, I ask ADSI to create a new user account.
' create the user account
Set oUserAcct = oDomain.Create("user",sUserID)
The account isn't created yet, but I can still set its initial properties, based on the values in the variables.
' set account properties
oUserAcct.SetPassword sPassword
oUserAcct.FullName = sFullName
oUserAcct.Description = sDescription
oUserAcct.HomeDirectory = sHomeDir
The ADSI documentation tells me that the RasPermissions property should be set to 9 if the user should have dial-in permissions, and 1 otherwise-that's how I'll set the property.
' set RAS permission
If sDialIn = "Yes" Then
oUserAcct.RasPermissions = 9
Else
oUserAcct.RasPermissions = 1
End If
I need to tell ADSI to save the information, which creates the user account. This also creates the account's unique Security Identifier (SID).
' save the account
oUserAcct.SetInfo
I'm going to need that SID in a minute, so I need to tell ADSI to get the new user account again. I just use an ADSI query to pull the user account by using its User ID, which I already know. I'll use a variable, oUserAcct, to reference the new account.
' get a reference to the new account
' this gets us a valid SID & other info
Set oUserAcct = GetObject("WinNT://NT4PDC/" & _
sUserID & ",user")
Before I forget, I should write that new password out to a file, so that I can tell the user what it is.
' write password to file
oTS.Write sUserID & "," & sPassword & vbCrLf
Now comes the fun part: adding the user to groups. First, I'm going to use the Split function to change that comma-delimited list into a string array. Each element in the array holds one group name.
' PART 4A: Add user account to groups
' use the Split function to turn the
' comma-separated list into an array
sGroupList = Split(sGroups, ",")
I use a For…Next loop to go through the array of group names. Notice that the array starts at zero. I can use the Ubound() function to find out how big the array is, although the biggest element I can access is Ubound() - 1, because the array starts numbering at zero, not one.
' go through the array and add the user
' to each group
For iTemp = 0 To Ubound(sGroupList) - 1
Now, I have one specific group name to work with, so I can ask ADSI to get a reference to that group.
' get the group
Set oGroup = GetObject("WinNT://NT4PDC/" & _
sGroupList(iTemp) & ",group")
Then, I can use the group's Add method to add the user's SID to the group. This is why I needed the user's SID; groups are nothing but lists of SIDs.
' add the user account
oGroup.Add oUserAcct.AdsPath
Just to be tidy, I can release the group object when I'm finished with it.
' release the group
Set oGroup = Nothing
Next
To create the user's home directory, I use the FileSystemObject (FSO) to create the appropriate folder. I might also need to set NTFS permissions; I could use WMI to do that, but it's beyond the scope of this example.
' PART 4B: Create the user's Home Directory
' (append UserID to the Home Path variable)
Set oFolder = oFSO.CreateFolder(sHomePath & sUserID)
I'm finished! I can release the user account and move on to the next record.
' PART 5: All done!
' release the user account
Set oUserAcct = Nothing
' move to the next row in the recordset
oRS.MoveNext
Loop
When I've made it through all of the records, I can shut down the recordset and the output file, and display an informative message.
' PART 6: Final clean up, close down
oRS.Close
oTS.Close
WScript.Echo "Passwords have been written to c:\passwords.txt."
That's it! You have a fully functional script to add users to your domain automatically.
| 
