' New User setup script by Alex ' This script will create the user, create their home folder, create their mailbox, ' set their home directory to their home folder, point them to the appropriate login ' script and point their profile to the right place. It will also add them to the ' security group and distribution group of their primary location as well as the ' Staff Personnell distribution group. It also sets correct permissions to the user's ' newly created home folder and disables Outlook Web Access (if selected) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Const ADS_PROPERTY_APPEND = 3
'// First we prompt for the main variables //'
sFirstName = trim(inputBox("Enter the FIRST NAME of the new user")) sLastName = trim(inputBox("Enter the LAST NAME of the new user"))
sUsername = lcase(left(replace(sLastname, " ", ""), 6) & left(sFirstName, 1)) sBranch = trim(InputBox("In which BRANCH will they be located?" ,"Branch login prompt")) sPhone = trim(InputBox("What is their PHONE extension?")) sDescription = InputBox("Enter a description for the user - Hillcrest Teller, MSR, etc.") iOWA = msgbox("Should this person have Outlook Web Access enabled?", 4, "Outlook Web Access") iExternalEmail = msgbox("Will this person have an external email address?", 4, "External Email") folderPath = "\\servername\usersDIR\" & sUsername sLoginScript = lcase(replace(sBranch, " ", "")) & ".bat"
if lcase(sBranch) = "****branch1 name****" Then sBrSecGrp = "****Your branch1 security group name****" elseif lcase(sBranch) = "****branch2 name****" Then sBrSecGrp = "****Your branch2 security group name****" elseif lcase(sBranch) = "****branch3 name****" Then sBrSecGrp = "****Your branch3 security group name****" elseif lcase(sBranch) = "****branch4 name****" Then sBrSecGrp = "****Your branch4 security group name****"
''' you can repeat this loop for as many branches as you have ''' else Wscript.echo "You entered an invalid branch name. Please start over" Wscript.quit end if
sFloater = msgbox("Is this user a FLOATER?", 4, "Floater Question") if sFloater = 6 Then sBrSecGrp = "Floater" end if
iCheckName = msgbox("You have entered the following information" & vbcrlf & _ "First Name: " & sFirstName & vbcrlf & _ "Last Name: " & sLastName & vbcrlf & _ "The username will be: " & sUsername & vbcrlf & _ "Their primary branch is: " & sBranch & vbcrlf & _ "Their phone extension is: " & sPhone & vbcrlf & _ "The login script will be: " & sLoginScript & vbcrlf & _ "Their description is: " & sDescription & vbcrlf & vbcrlf & _ "Do you wish to continue using this information?", 4, "New User Setup Script by Jonathan Harris") if iCheckName = 7 Then Wscript.echo "You chose NO. Program is terminated." Wscript.quit end if
'wscript.echo "quitting anyway" 'wscript.quit
'// Getting domain info //'
set oRoot = GetObject("LDAP://****Your Domain Controller Name****/RootDSE") sAcctDomain = oRoot.Get("DefaultNamingContext") 'sRootDomain = oRoot.Get("RootDomainNamingContext") 'wscript.echo sAcctDomain &vbcrlf& sRootDomain set oRoot = nothing
'// Testing if user already exists //'
on error resume next sTestPath = "LDAP://****Your Domain Controller Name****/CN=" &sUsername& ",CN=Users," & sAcctDomain set oTest = GetObject(sTestPath) If Err.number = 0 Then Wscript.echo " Username: " & sUsername & " already exists." &vbcrlf& _ "Please choose a new username before running this script." set oTest = nothing Wscript.quit else Err.Clear ' Wscript.echo " I would have done something" ' Wscript.quit end if
'// Creating the user //'
sUserPath = "LDAP://****Your Domain Controller Name****/CN=Users," & sAcctDomain set oUserContainer = GetObject(sUserPath) set oUser = oUserContainer.create("user","CN=" & sUsername) ' Actual Creation of new user is done here oUser.Put "sAMAccountName" , sUsername oUser.Put "displayName", sFirstName & " " & sLastName oUser.Put "givenName", sFirstName oUser.Put "sn", sLastname oUser.Put "telephoneNumber", sPhone oUser.Put "ipPhone", sPhone oUser.Put "description", sDescription oUser.Put "physicalDeliveryOfficeName", sBranch oUser.Put "homeDrive", "U:" oUser.Put "homeDirectory", folderPath oUser.Put "profilePath", "\\DOMAIN SHARE\profiles$\" & sUsername oUser.Put "scriptPath", sLoginScript oUser.SetInfo if Err.number <> 0 Then Wscript.echo Err.number & ": " & Err.Description &" : " & Err.Source Wscript.echo "Username - " & sUsername & " - already exists." &vbcrlf& _ "Please select a different username." Wscript.quit end if oUser.SetPassword "Abcd1234"
'// Enable account question //'
iEnable = msgbox("The account has been created but is disabled." &vbcrlf& _ "Would you like to enable this account now?", vbYesNo, "Enable Account Question") if iEnable = 6 Then oUser.AccountDisabled = False end if oUser.SetInfo
'\\ Create the folder for the U: Drive and give correct permissions \\'
set shell = CreateObject("Wscript.shell") set fso = CreateObject("scripting.FileSystemObject") if fso.folderExists(folderPath) Then iFolder = msgbox("The folder - " & folderPath & " - already exists." &vbcrlf& _ "Would you like to give this user permissions to the existing folder?", vbYesNo, "Drive mapping prompt") if iFolder = 6 Then shell.Run "cacls " & folderPath & " /t /g " & sUsername & ":c ""Domain Admins"":f system:f" wscript.sleep 1000 shell.SendKeys = "y~" end if else fso.CreateFolder(folderPath) if Err.number <> 0 Then wscript.echo "Error creating folder" Err.clear end if shell.Run "cacls " & folderPath & " /t /g " & sUsername & ":c ""Domain Admins"":f system:f" wscript.sleep 1000 shell.SendKeys = "y~" if Err.number <> 0 Then wscript.echo "Error changing permissions on home folder" Err.clear end if end if
'\\ Creating the Exchange Mailbox \\'
sMBXStoreDN = "CN=Mailbox Database,CN=First Storage Group," & _ "CN=InformationStore,CN=****Your Exchange Server Name****,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT)," & _ "CN=Administrative Groups,CN=****Your Domain Name**** Financial,CN=Microsoft Exchange," & _ "CN=Services,CN=Configuration,DC=****Your Domain Name****"
oUser.CreateMailbox sMBXStoreDN oUser.SetInfo
sTrustee = "****Your Domain Name****\" & sUsername
'************************************************************************* '* The below function and related code was pulled directly from Microsoft '* at the following address: http://support.microsoft.com/kb/304935/ '* I recommend reading this web page to understand what is happening. '*************************************************************************
' Template: AddAce(TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType) ' Setting the Access Mask to 131075 enables "full mailbox access" and ' "read" priviledges AddAce dacl, sTrustee, 131075, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE, 0, 0, 0
' Add the modified DACL back onto the Security Descriptor oSecurityDescriptor.DiscretionaryAcl = dacl
' Save New SD onto the user oUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor
' Commit changes from the property cache to the information store oUser.SetInfo
'MsgBox "Done viewing and modifying the copy of the Mailbox Security Descriptor"
'****************************************************************************** '* '* Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, '* gAceFlags, gFlags, gObjectType, gInheritedObjectType) '* '* Purpose: Adds an ACE to a DACL '* Input: dacl Object's Discretionary Access Control List '* TrusteeName SID or Name of the trustee user account '* gAccessMask Access Permissions '* gAceType ACE Types '* gAceFlags Inherit ACEs from the owner of the ACL '* gFlags ACE has an object type or inherited object type '* gObjectType Used for Extended Rights '* gInheritedObjectType '* '* Output: Object - New DACL with the ACE added '* '****************************************************************************
Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType) Dim Ace1 ' Create a new ACE object Set Ace1 = CreateObject("AccessControlEntry") Ace1.AccessMask = gAccessMask Ace1.AceType = gAceType Ace1.AceFlags = gAceFlags Ace1.Flags = gFlags Ace1.Trustee = TrusteeName 'Check to see if ObjectType needs to be set If CStr(gObjectType) <> "0" Then Ace1.ObjectType = gObjectType End If
'Check to see if InheritedObjectType needs to be set If CStr(gInheritedObjectType) <> "0" Then Ace1.InheritedObjectType = gInheritedObjectType End If dacl.AddAce Ace1
' Destroy objects Set Ace1 = Nothing End Function
if Err.number <> 0 Then wscript.echo "Error after creating mailbox but before adding group membership" Err.clear end if
'\\ Adding to Groups \\'
sGroupPath1 = "LDAP://****Your Domain Controller Name****/CN=Staff Personnel,OU=Distribution Groups," & sAcctDomain sGroupPath2 = "LDAP://****Your Domain Controller Name****/CN=" & sBranch & " Branch,OU=Distribution Groups," & sAcctDomain sGroupPath3 = "LDAP://****Your Domain Controller Name****/CN=" & sBrSecGrp & ",CN=Users," & sAcctDomain sGroupPath4 = "LDAP://****Your Domain Controller Name****/CN=MailRestrict,CN=Users,DC=****Your Domain Name****"
set oGroup = GetObject(sGroupPath1) oGroup.Add oUser.AdsPath if Err.number <> 0 Then Wscript.echo "Unable to add user to " & sGroupPath1 Err.clear end if set oGroup = GetObject(sGroupPath2) oGroup.Add oUser.AdsPath if Err.number <> 0 Then Wscript.echo "Unable to add user to " & sGroupPath2 Err.clear end if set oGroup = GetObject(sGroupPath3) oGroup.Add oUser.AdsPath if Err.number <> 0 Then Wscript.echo "Unable to add user to " & sGroupPath3 Err.clear end if if iExternalEmail = 7 Then set oGroup = GetObject(sGroupPath4) oGroup.Add oUser.AdsPath if Err.number <> 0 Then Wscript.echo "Error adding " & sUsername & " to MailRestrict group" Err.clear end if end if
'\\ Adding additional SMTP address if required \\' if iExternalEmail = 6 Then sExtEmail = lcase(left(sFirstname, 1)) & lcase(replace(sLastName, " ", "")) & "@****Your Domain Name****" oUser.PutEx ADS_PROPERTY_APPEND, "proxyAddresses", Array(sExtEmail) oUser.Put "mail", sExtEmail oUser.setInfo end if
'\\ Disabling Outlook Web Access \\' if iOWA = 7 Then oUser.Put "protocolSettings" , "HTTP§0§1§§§§§§"
end if
set oGroup = nothing set oUser = nothing set oUserContainer = nothing set fso = nothing set shell = nothing
Comments