/build/static/layout/Breadcrumb_cap_w.png

VBScript to Create a new user account in Active Directory

'              New User setup script by Alex ' This script will create the user, create their home folder, create their mailbox, ' set their home directory to their home folder, point them to the appropriate login ' script and point their profile to the right place. It will also add them to the ' security group and distribution group of their primary location as well as the ' Staff Personnell distribution group.  It also sets correct permissions to the user's ' newly created home folder and disables Outlook Web Access (if selected) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Const ADS_PROPERTY_APPEND = 3

'// First we prompt for the main variables //'

sFirstName = trim(inputBox("Enter the FIRST NAME of the new user")) sLastName = trim(inputBox("Enter the LAST NAME of the new user"))

sUsername = lcase(left(replace(sLastname, " ", ""), 6) & left(sFirstName, 1)) sBranch = trim(InputBox("In which BRANCH will they be located?" ,"Branch login prompt")) sPhone = trim(InputBox("What is their PHONE extension?")) sDescription = InputBox("Enter a description for the user - Hillcrest Teller, MSR, etc.") iOWA = msgbox("Should this person have Outlook Web Access enabled?", 4, "Outlook Web Access") iExternalEmail = msgbox("Will this person have an external email address?", 4, "External Email") folderPath = "\\servername\usersDIR\" & sUsername sLoginScript = lcase(replace(sBranch, " ", "")) & ".bat"

if lcase(sBranch) = "****branch1 name****" Then   sBrSecGrp = "****Your branch1 security group name****" elseif lcase(sBranch) = "****branch2 name****" Then   sBrSecGrp = "****Your branch2 security group name****" elseif lcase(sBranch) = "****branch3 name****" Then   sBrSecGrp = "****Your branch3 security group name****" elseif lcase(sBranch) = "****branch4 name****" Then   sBrSecGrp = "****Your branch4 security group name****"

''' you can repeat this loop for as many branches as you have ''' else   Wscript.echo "You entered an invalid branch name.  Please start over"   Wscript.quit end if

sFloater = msgbox("Is this user a FLOATER?", 4, "Floater Question") if sFloater = 6 Then   sBrSecGrp = "Floater" end if

iCheckName = msgbox("You have entered the following information" & vbcrlf & _                     "First Name: " & sFirstName & vbcrlf & _                     "Last Name: " & sLastName & vbcrlf & _                     "The username will be: " & sUsername & vbcrlf & _                     "Their primary branch is: " & sBranch & vbcrlf & _                     "Their phone extension is: " & sPhone & vbcrlf & _                     "The login script will be: " & sLoginScript & vbcrlf & _                     "Their description is: " & sDescription & vbcrlf & vbcrlf & _                     "Do you wish to continue using this information?", 4, "New User Setup Script by Jonathan Harris") if iCheckName = 7 Then   Wscript.echo "You chose NO.  Program is terminated."   Wscript.quit end if

'wscript.echo "quitting anyway" 'wscript.quit

 

'// Getting domain info //'

set oRoot = GetObject("LDAP://****Your Domain Controller Name****/RootDSE") sAcctDomain = oRoot.Get("DefaultNamingContext") 'sRootDomain = oRoot.Get("RootDomainNamingContext") 'wscript.echo sAcctDomain &vbcrlf& sRootDomain set oRoot = nothing

'// Testing if user already exists //'

on error resume next sTestPath = "LDAP://****Your Domain Controller Name****/CN=" &sUsername& ",CN=Users," & sAcctDomain set oTest = GetObject(sTestPath) If Err.number = 0 Then   Wscript.echo "    Username:   " & sUsername & "    already exists." &vbcrlf& _           "Please choose a new username before running this script."  set oTest = nothing  Wscript.quit else  Err.Clear ' Wscript.echo " I would have done something" ' Wscript.quit end if

'// Creating the user //'

sUserPath = "LDAP://****Your Domain Controller Name****/CN=Users," & sAcctDomain set oUserContainer = GetObject(sUserPath) set oUser = oUserContainer.create("user","CN=" & sUsername) ' Actual Creation of new user is done here oUser.Put "sAMAccountName" , sUsername oUser.Put "displayName", sFirstName & " " & sLastName oUser.Put "givenName", sFirstName oUser.Put "sn", sLastname oUser.Put "telephoneNumber", sPhone oUser.Put "ipPhone", sPhone oUser.Put "description", sDescription oUser.Put "physicalDeliveryOfficeName", sBranch oUser.Put "homeDrive", "U:" oUser.Put "homeDirectory", folderPath oUser.Put "profilePath", "\\DOMAIN SHARE\profiles$\" & sUsername oUser.Put "scriptPath", sLoginScript oUser.SetInfo if Err.number <> 0 Then  Wscript.echo Err.number & ": " & Err.Description &" : " & Err.Source  Wscript.echo "Username - " & sUsername & " - already exists." &vbcrlf& _      "Please select a different username."  Wscript.quit end if oUser.SetPassword "Abcd1234"

'// Enable account question //'

iEnable = msgbox("The account has been created but is disabled." &vbcrlf& _    "Would you like to enable this account now?", vbYesNo, "Enable Account Question") if iEnable = 6 Then  oUser.AccountDisabled = False end if oUser.SetInfo

'\\ Create the folder for the U: Drive and give correct permissions \\'

set shell = CreateObject("Wscript.shell") set fso = CreateObject("scripting.FileSystemObject") if fso.folderExists(folderPath) Then   iFolder = msgbox("The folder -  " & folderPath & "  - already exists." &vbcrlf& _    "Would you like to give this user permissions to the existing folder?", vbYesNo, "Drive mapping prompt")   if iFolder = 6 Then     shell.Run "cacls " & folderPath & " /t /g " & sUsername & ":c ""Domain Admins"":f system:f"     wscript.sleep 1000     shell.SendKeys = "y~"   end if else   fso.CreateFolder(folderPath)     if Err.number <> 0 Then       wscript.echo "Error creating folder"   Err.clear     end if   shell.Run "cacls " & folderPath & " /t /g " & sUsername & ":c ""Domain Admins"":f system:f"   wscript.sleep 1000   shell.SendKeys = "y~"     if Err.number <> 0 Then       wscript.echo "Error changing permissions on home folder"   Err.clear     end if end if

 

'\\ Creating the Exchange Mailbox \\'

sMBXStoreDN = "CN=Mailbox Database,CN=First Storage Group," & _    "CN=InformationStore,CN=****Your Exchange Server Name****,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT)," & _    "CN=Administrative Groups,CN=****Your Domain Name**** Financial,CN=Microsoft Exchange," & _    "CN=Services,CN=Configuration,DC=****Your Domain Name****"

oUser.CreateMailbox sMBXStoreDN oUser.SetInfo

sTrustee = "****Your Domain Name****\" & sUsername

'************************************************************************* '* The below function and related code was pulled directly from Microsoft '* at the following address:  http://support.microsoft.com/kb/304935/ '* I recommend reading this web page to understand what is happening. '*************************************************************************

' Template: AddAce(TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType) ' Setting the Access Mask to 131075 enables "full mailbox access" and ' "read" priviledges AddAce dacl, sTrustee, 131075, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE, 0, 0, 0

' Add the modified DACL back onto the Security Descriptor oSecurityDescriptor.DiscretionaryAcl = dacl

' Save New SD onto the user oUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor

' Commit changes from the property cache to the information store oUser.SetInfo

'MsgBox "Done viewing and modifying the copy of the Mailbox Security Descriptor"

'****************************************************************************** '* '* Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, '*            gAceFlags, gFlags, gObjectType, gInheritedObjectType) '* '* Purpose: Adds an ACE to a DACL '* Input:       dacl            Object's Discretionary Access Control List '*              TrusteeName     SID or Name of the trustee user account '*              gAccessMask     Access Permissions '*              gAceType        ACE Types '*              gAceFlags       Inherit ACEs from the owner of the ACL '*              gFlags          ACE has an object type or inherited object type '*              gObjectType     Used for Extended Rights '*              gInheritedObjectType '* '* Output:  Object - New DACL with the ACE added '* '****************************************************************************

Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)     Dim Ace1     ' Create a new ACE object     Set Ace1 = CreateObject("AccessControlEntry")     Ace1.AccessMask = gAccessMask     Ace1.AceType = gAceType     Ace1.AceFlags = gAceFlags     Ace1.Flags = gFlags     Ace1.Trustee = TrusteeName     'Check to see if ObjectType needs to be set     If CStr(gObjectType) <> "0" Then        Ace1.ObjectType = gObjectType     End If

    'Check to see if InheritedObjectType needs to be set     If CStr(gInheritedObjectType) <> "0" Then         Ace1.InheritedObjectType = gInheritedObjectType     End If     dacl.AddAce Ace1

    ' Destroy objects     Set Ace1 = Nothing End Function

if Err.number <> 0 Then   wscript.echo "Error after creating mailbox but before adding group membership"   Err.clear end if

'\\ Adding to Groups \\'

sGroupPath1 = "LDAP://****Your Domain Controller Name****/CN=Staff Personnel,OU=Distribution Groups," & sAcctDomain sGroupPath2 = "LDAP://****Your Domain Controller Name****/CN=" & sBranch & " Branch,OU=Distribution Groups," & sAcctDomain sGroupPath3 = "LDAP://****Your Domain Controller Name****/CN=" & sBrSecGrp & ",CN=Users," & sAcctDomain sGroupPath4 = "LDAP://****Your Domain Controller Name****/CN=MailRestrict,CN=Users,DC=****Your Domain Name****"

set oGroup = GetObject(sGroupPath1) oGroup.Add oUser.AdsPath if Err.number <> 0 Then   Wscript.echo "Unable to add user to " & sGroupPath1   Err.clear end if set oGroup = GetObject(sGroupPath2) oGroup.Add oUser.AdsPath if Err.number <> 0 Then   Wscript.echo "Unable to add user to " & sGroupPath2   Err.clear end if set oGroup = GetObject(sGroupPath3) oGroup.Add oUser.AdsPath if Err.number <> 0 Then   Wscript.echo "Unable to add user to " & sGroupPath3   Err.clear end if if iExternalEmail = 7 Then   set oGroup = GetObject(sGroupPath4)   oGroup.Add oUser.AdsPath   if Err.number <> 0 Then     Wscript.echo "Error adding " & sUsername & " to MailRestrict group"     Err.clear   end if end if

'\\ Adding additional SMTP address if required \\' if iExternalEmail = 6 Then   sExtEmail = lcase(left(sFirstname, 1)) & lcase(replace(sLastName, " ", "")) & "@****Your Domain Name****"   oUser.PutEx ADS_PROPERTY_APPEND, "proxyAddresses", Array(sExtEmail)   oUser.Put "mail", sExtEmail   oUser.setInfo end if

'\\ Disabling Outlook Web Access \\' if iOWA = 7 Then   oUser.Put "protocolSettings" , "HTTP§0§1§§§§§§"

end if

set oGroup = nothing set oUser = nothing set oUserContainer = nothing set fso = nothing set shell = nothing


Comments

  • Can you please re-arrange them in proper order - jagadeish 12 years ago
  • what proper order would you like me to re-arrange - brighstarcuit 12 years ago
  • What I'm saying is, it is not structured properly in this page.. looks like a paragraph.. - jagadeish 12 years ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ