auto add sutdents to AD 2008

Hello,

I have a script that auto add's student to my AD for win2003 server.
for win2008server it does not work
I get errors

Any suggestions?

N.



' Author Guy Thomas http://computerperformance.co.uk/

' ------------------------------------------------------'
Option Explicit
Dim objRootLDAP, objContainer, objUser, objShell
Dim objExcel, objSpread, intRow
Dim strUser, strOU, strSheet
Dim strCN, strSam, strFirst, strLast, strPWD

' -------------------------------------------------------------'
' Important change OU= and strSheet to reflect your domain
' -------------------------------------------------------------'

strOU = "OU=Studenten ," ' Note the comma
strSheet = "D:\IT\users aanmaken\adduser.xls"

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strOU & _
objRootLDAP.Get("defaultNamingContext"))

' Open the Excel spreadsheet
Set objExcel = CreateObject("Excel.Application")
Set objSpread = objExcel.Workbooks.Open(strSheet)
intRow = 3 'Row 1 often contains headings

' Here is the 'DO...Loop' that cycles through the cells
' Note intRow, x must correspond to the column in strSheet
Do Until objExcel.Cells(intRow,1).Value = ""
strSam = Trim(objExcel.Cells(intRow, 1).Value)
strCN = Trim(objExcel.Cells(intRow, 2).Value)
strFirst = Trim(objExcel.Cells(intRow, 3).Value)
strLast = Trim(objExcel.Cells(intRow, 4).Value)
strPWD = Trim(objExcel.Cells(intRow, 5).Value)

' Build the actual User from data in strSheet.
Set objUser = objContainer.Create("User", "cn=" & strCN)
objUser.sAMAccountName = strSam
objUser.givenName = strFirst
objUser.sn = strLast
objUser.SetInfo

' Separate section to enable account with its password
objUser.userAccountControl = 512
objUser.pwdLastSet = 0
objUser.SetPassword strPWD
objUser.SetInfo

intRow = intRow + 1
Loop
msgbox "Script met succes uitgevoerd",8,1
objExcel.Quit

WScript.Quit


' End of free example UserSpreadsheet VBScript.

"nico" <> wrote in message
news:...
> Hello,
>
> I have a script that auto add's student to my AD for win2003 server.
> for win2008server it does not work
> I get errors
>
> Any suggestions?
>
> N.
>
>
>
> ' Author Guy Thomas http://computerperformance.co.uk/
>
> ' ------------------------------------------------------'
> Option Explicit
> Dim objRootLDAP, objContainer, objUser, objShell
> Dim objExcel, objSpread, intRow
> Dim strUser, strOU, strSheet
> Dim strCN, strSam, strFirst, strLast, strPWD
>
> ' -------------------------------------------------------------'
> ' Important change OU= and strSheet to reflect your domain
> ' -------------------------------------------------------------'
>
> strOU = "OU=Studenten ," ' Note the comma
> strSheet = "D:\IT\users aanmaken\adduser.xls"
>
> ' Bind to Active Directory, Users container.
> Set objRootLDAP = GetObject("LDAP://rootDSE")
> Set objContainer = GetObject("LDAP://" & strOU & _
> objRootLDAP.Get("defaultNamingContext"))
>
> ' Open the Excel spreadsheet
> Set objExcel = CreateObject("Excel.Application")
> Set objSpread = objExcel.Workbooks.Open(strSheet)
> intRow = 3 'Row 1 often contains headings
>
> ' Here is the 'DO...Loop' that cycles through the cells
> ' Note intRow, x must correspond to the column in strSheet
> Do Until objExcel.Cells(intRow,1).Value = ""
> strSam = Trim(objExcel.Cells(intRow, 1).Value)
> strCN = Trim(objExcel.Cells(intRow, 2).Value)
> strFirst = Trim(objExcel.Cells(intRow, 3).Value)
> strLast = Trim(objExcel.Cells(intRow, 4).Value)
> strPWD = Trim(objExcel.Cells(intRow, 5).Value)
>
> ' Build the actual User from data in strSheet.
> Set objUser = objContainer.Create("User", "cn=" & strCN)
> objUser.sAMAccountName = strSam
> objUser.givenName = strFirst
> objUser.sn = strLast
> objUser.SetInfo
>
> ' Separate section to enable account with its password
> objUser.userAccountControl = 512
> objUser.pwdLastSet = 0
> objUser.SetPassword strPWD
> objUser.SetInfo
>
> intRow = intRow + 1
> Loop
> msgbox "Script met succes uitgevoerd",8,1
> objExcel.Quit
>
> WScript.Quit
>
>
> ' End of free example UserSpreadsheet VBScript.

I don't see anything that would work in W2k3 but not W2k8, with the possible
exception of strong passwords. A minor point is that I would remove the
space before the comma in the following statement:

strOU = "OU=Studenten ," ' Note the comma

If the error is raised on the first SetInfo, then the problem is with cn,
sAMAccountName, givenName, or sn. The only way givenName or sn will raise an
error is if the value is blank. If this is possible, test for it and do not
assign if the value in the spreadsheet is blank. cn will raise an error if
it is not unique in the container, sAMAccountName will raise an error if it
is not unique in the domain.

I don't see how an error could be raised on the second SetInfo statement,
unless for some reason 512 is not allowed for userAccountControl. It might
help to use the AccountDisabled property method instead to enable the
account. For example

objUser.AccountDisabled = False

Finally, if the error is raised on the SetPassword statement, then your
password does not meet domain requirements, probably complexity.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

R.,

the error is raised on the first SetInfo

neither givenName or sn is blank and
sAMAccountName is unique (the same as sn and givenname)

the error has as source "active directory"
and the (translated from dutch) error = access error


any suggestions?



Richard Mueller [MVP] schreef:
> "nico" <> wrote in message
> news:...
>> Hello,
>>
>> I have a script that auto add's student to my AD for win2003 server.
>> for win2008server it does not work
>> I get errors
>>
>> Any suggestions?
>>
>> N.
>>
>>
>>
>> ' Author Guy Thomas http://computerperformance.co.uk/
>>
>> ' ------------------------------------------------------'
>> Option Explicit
>> Dim objRootLDAP, objContainer, objUser, objShell
>> Dim objExcel, objSpread, intRow
>> Dim strUser, strOU, strSheet
>> Dim strCN, strSam, strFirst, strLast, strPWD
>>
>> ' -------------------------------------------------------------'
>> ' Important change OU= and strSheet to reflect your domain
>> ' -------------------------------------------------------------'
>>
>> strOU = "OU=Studenten ," ' Note the comma
>> strSheet = "D:\IT\users aanmaken\adduser.xls"
>>
>> ' Bind to Active Directory, Users container.
>> Set objRootLDAP = GetObject("LDAP://rootDSE")
>> Set objContainer = GetObject("LDAP://" & strOU & _
>> objRootLDAP.Get("defaultNamingContext"))
>>
>> ' Open the Excel spreadsheet
>> Set objExcel = CreateObject("Excel.Application")
>> Set objSpread = objExcel.Workbooks.Open(strSheet)
>> intRow = 3 'Row 1 often contains headings
>>
>> ' Here is the 'DO...Loop' that cycles through the cells
>> ' Note intRow, x must correspond to the column in strSheet
>> Do Until objExcel.Cells(intRow,1).Value = ""
>> strSam = Trim(objExcel.Cells(intRow, 1).Value)
>> strCN = Trim(objExcel.Cells(intRow, 2).Value)
>> strFirst = Trim(objExcel.Cells(intRow, 3).Value)
>> strLast = Trim(objExcel.Cells(intRow, 4).Value)
>> strPWD = Trim(objExcel.Cells(intRow, 5).Value)
>>
>> ' Build the actual User from data in strSheet.
>> Set objUser = objContainer.Create("User", "cn=" & strCN)
>> objUser.sAMAccountName = strSam
>> objUser.givenName = strFirst
>> objUser.sn = strLast
>> objUser.SetInfo
>>
>> ' Separate section to enable account with its password
>> objUser.userAccountControl = 512
>> objUser.pwdLastSet = 0
>> objUser.SetPassword strPWD
>> objUser.SetInfo
>>
>> intRow = intRow + 1
>> Loop
>> msgbox "Script met succes uitgevoerd",8,1
>> objExcel.Quit
>>
>> WScript.Quit
>>
>>
>> ' End of free example UserSpreadsheet VBScript.
>
> I don't see anything that would work in W2k3 but not W2k8, with the possible
> exception of strong passwords. A minor point is that I would remove the
> space before the comma in the following statement:
>
> strOU = "OU=Studenten ," ' Note the comma
>
> If the error is raised on the first SetInfo, then the problem is with cn,
> sAMAccountName, givenName, or sn. The only way givenName or sn will raise an
> error is if the value is blank. If this is possible, test for it and do not
> assign if the value in the spreadsheet is blank. cn will raise an error if
> it is not unique in the container, sAMAccountName will raise an error if it
> is not unique in the domain.
>
> I don't see how an error could be raised on the second SetInfo statement,
> unless for some reason 512 is not allowed for userAccountControl. It might
> help to use the AccountDisabled property method instead to enable the
> account. For example
>
> objUser.AccountDisabled = False
>
> Finally, if the error is raised on the SetPassword statement, then your
> password does not meet domain requirements, probably complexity.
>

The sn and givenName attributes can be assigned anything, except a blank
string. If there is no value for either of these, just don't assign any
value.

If the value for sAMAccountName is unique in the domain, and the value of cn
is unique in the OU, then the only possible causes of the error I can think
of are:

1. You don't have permission to create user objects in the OU.
2. The sAMAccountName is more than 20 characters long.
3. The cn is more than 104 characters (if I remember correctly).
4. The sAMAccountName includes any of the following characters:
[ ] : ; | = + ? < > * "
5. If the value of the cn attribute includes any of the following
characters:
, \ # + < > ; " = /
or a leading or trailing space, then the character must be escaped using the
backslash, "\", escape character. For example, if the common name is "Smith,
Jim", then you must specify "Smith\, Jim". See this link for details:

http://www.rlmueller.net/CharactersEscaped.htm

Hopefully this accounts for the error.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"nico" <> wrote in message
news:...
> R.,
>
> the error is raised on the first SetInfo
>
> neither givenName or sn is blank and
> sAMAccountName is unique (the same as sn and givenname)
>
> the error has as source "active directory"
> and the (translated from dutch) error = access error
>
>
> any suggestions?
>
>
>
> Richard Mueller [MVP] schreef:
>> "nico" <> wrote in message
>> news:...
>>> Hello,
>>>
>>> I have a script that auto add's student to my AD for win2003 server.
>>> for win2008server it does not work
>>> I get errors
>>>
>>> Any suggestions?
>>>
>>> N.
>>>
>>>
>>>
>>> ' Author Guy Thomas http://computerperformance.co.uk/
>>>
>>> ' ------------------------------------------------------'
>>> Option Explicit
>>> Dim objRootLDAP, objContainer, objUser, objShell
>>> Dim objExcel, objSpread, intRow
>>> Dim strUser, strOU, strSheet
>>> Dim strCN, strSam, strFirst, strLast, strPWD
>>>
>>> ' -------------------------------------------------------------'
>>> ' Important change OU= and strSheet to reflect your domain
>>> ' -------------------------------------------------------------'
>>>
>>> strOU = "OU=Studenten ," ' Note the comma
>>> strSheet = "D:\IT\users aanmaken\adduser.xls"
>>>
>>> ' Bind to Active Directory, Users container.
>>> Set objRootLDAP = GetObject("LDAP://rootDSE")
>>> Set objContainer = GetObject("LDAP://" & strOU & _
>>> objRootLDAP.Get("defaultNamingContext"))
>>>
>>> ' Open the Excel spreadsheet
>>> Set objExcel = CreateObject("Excel.Application")
>>> Set objSpread = objExcel.Workbooks.Open(strSheet)
>>> intRow = 3 'Row 1 often contains headings
>>>
>>> ' Here is the 'DO...Loop' that cycles through the cells
>>> ' Note intRow, x must correspond to the column in strSheet
>>> Do Until objExcel.Cells(intRow,1).Value = ""
>>> strSam = Trim(objExcel.Cells(intRow, 1).Value)
>>> strCN = Trim(objExcel.Cells(intRow, 2).Value)
>>> strFirst = Trim(objExcel.Cells(intRow, 3).Value)
>>> strLast = Trim(objExcel.Cells(intRow, 4).Value)
>>> strPWD = Trim(objExcel.Cells(intRow, 5).Value)
>>>
>>> ' Build the actual User from data in strSheet.
>>> Set objUser = objContainer.Create("User", "cn=" & strCN)
>>> objUser.sAMAccountName = strSam
>>> objUser.givenName = strFirst
>>> objUser.sn = strLast
>>> objUser.SetInfo
>>>
>>> ' Separate section to enable account with its password
>>> objUser.userAccountControl = 512
>>> objUser.pwdLastSet = 0
>>> objUser.SetPassword strPWD
>>> objUser.SetInfo
>>>
>>> intRow = intRow + 1
>>> Loop
>>> msgbox "Script met succes uitgevoerd",8,1
>>> objExcel.Quit
>>>
>>> WScript.Quit
>>>
>>>
>>> ' End of free example UserSpreadsheet VBScript.
>>
>> I don't see anything that would work in W2k3 but not W2k8, with the
>> possible exception of strong passwords. A minor point is that I would
>> remove the space before the comma in the following statement:
>>
>> strOU = "OU=Studenten ," ' Note the comma
>>
>> If the error is raised on the first SetInfo, then the problem is with cn,
>> sAMAccountName, givenName, or sn. The only way givenName or sn will raise
>> an error is if the value is blank. If this is possible, test for it and
>> do not assign if the value in the spreadsheet is blank. cn will raise an
>> error if it is not unique in the container, sAMAccountName will raise an
>> error if it is not unique in the domain.
>>
>> I don't see how an error could be raised on the second SetInfo statement,
>> unless for some reason 512 is not allowed for userAccountControl. It
>> might help to use the AccountDisabled property method instead to enable
>> the account. For example
>>
>> objUser.AccountDisabled = False
>>
>> Finally, if the error is raised on the SetPassword statement, then your
>> password does not meet domain requirements, probably complexity.
>>

The maximum length for the cn attribute is 64 characters. I think your error
is most likely due to an embedded comma in the cn, or a similar character
that must be escaped.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Richard Mueller [MVP]" <rlmueller-> wrote in
message news:...
> The sn and givenName attributes can be assigned anything, except a blank
> string. If there is no value for either of these, just don't assign any
> value.
>
> If the value for sAMAccountName is unique in the domain, and the value of
> cn is unique in the OU, then the only possible causes of the error I can
> think of are:
>
> 1. You don't have permission to create user objects in the OU.
> 2. The sAMAccountName is more than 20 characters long.
> 3. The cn is more than 104 characters (if I remember correctly).
> 4. The sAMAccountName includes any of the following characters:
> [ ] : ; | = + ? < > * "
> 5. If the value of the cn attribute includes any of the following
> characters:
> , \ # + < > ; " = /
> or a leading or trailing space, then the character must be escaped using
> the backslash, "\", escape character. For example, if the common name is
> "Smith, Jim", then you must specify "Smith\, Jim". See this link for
> details:
>
> http://www.rlmueller.net/CharactersEscaped.htm
>
> Hopefully this accounts for the error.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "nico" <> wrote in message
> news:...
>> R.,
>>
>> the error is raised on the first SetInfo
>>
>> neither givenName or sn is blank and
>> sAMAccountName is unique (the same as sn and givenname)
>>
>> the error has as source "active directory"
>> and the (translated from dutch) error = access error
>>
>>
>> any suggestions?
>>
>>
>>
>> Richard Mueller [MVP] schreef:
>>> "nico" <> wrote in message
>>> news:...
>>>> Hello,
>>>>
>>>> I have a script that auto add's student to my AD for win2003 server.
>>>> for win2008server it does not work
>>>> I get errors
>>>>
>>>> Any suggestions?
>>>>
>>>> N.
>>>>
>>>>
>>>>
>>>> ' Author Guy Thomas http://computerperformance.co.uk/
>>>>
>>>> ' ------------------------------------------------------'
>>>> Option Explicit
>>>> Dim objRootLDAP, objContainer, objUser, objShell
>>>> Dim objExcel, objSpread, intRow
>>>> Dim strUser, strOU, strSheet
>>>> Dim strCN, strSam, strFirst, strLast, strPWD
>>>>
>>>> ' -------------------------------------------------------------'
>>>> ' Important change OU= and strSheet to reflect your domain
>>>> ' -------------------------------------------------------------'
>>>>
>>>> strOU = "OU=Studenten ," ' Note the comma
>>>> strSheet = "D:\IT\users aanmaken\adduser.xls"
>>>>
>>>> ' Bind to Active Directory, Users container.
>>>> Set objRootLDAP = GetObject("LDAP://rootDSE")
>>>> Set objContainer = GetObject("LDAP://" & strOU & _
>>>> objRootLDAP.Get("defaultNamingContext"))
>>>>
>>>> ' Open the Excel spreadsheet
>>>> Set objExcel = CreateObject("Excel.Application")
>>>> Set objSpread = objExcel.Workbooks.Open(strSheet)
>>>> intRow = 3 'Row 1 often contains headings
>>>>
>>>> ' Here is the 'DO...Loop' that cycles through the cells
>>>> ' Note intRow, x must correspond to the column in strSheet
>>>> Do Until objExcel.Cells(intRow,1).Value = ""
>>>> strSam = Trim(objExcel.Cells(intRow, 1).Value)
>>>> strCN = Trim(objExcel.Cells(intRow, 2).Value)
>>>> strFirst = Trim(objExcel.Cells(intRow, 3).Value)
>>>> strLast = Trim(objExcel.Cells(intRow, 4).Value)
>>>> strPWD = Trim(objExcel.Cells(intRow, 5).Value)
>>>>
>>>> ' Build the actual User from data in strSheet.
>>>> Set objUser = objContainer.Create("User", "cn=" & strCN)
>>>> objUser.sAMAccountName = strSam
>>>> objUser.givenName = strFirst
>>>> objUser.sn = strLast
>>>> objUser.SetInfo
>>>>
>>>> ' Separate section to enable account with its password
>>>> objUser.userAccountControl = 512
>>>> objUser.pwdLastSet = 0
>>>> objUser.SetPassword strPWD
>>>> objUser.SetInfo
>>>>
>>>> intRow = intRow + 1
>>>> Loop
>>>> msgbox "Script met succes uitgevoerd",8,1
>>>> objExcel.Quit
>>>>
>>>> WScript.Quit
>>>>
>>>>
>>>> ' End of free example UserSpreadsheet VBScript.
>>>
>>> I don't see anything that would work in W2k3 but not W2k8, with the
>>> possible exception of strong passwords. A minor point is that I would
>>> remove the space before the comma in the following statement:
>>>
>>> strOU = "OU=Studenten ," ' Note the comma
>>>
>>> If the error is raised on the first SetInfo, then the problem is with
>>> cn, sAMAccountName, givenName, or sn. The only way givenName or sn will
>>> raise an error is if the value is blank. If this is possible, test for
>>> it and do not assign if the value in the spreadsheet is blank. cn will
>>> raise an error if it is not unique in the container, sAMAccountName will
>>> raise an error if it is not unique in the domain.
>>>
>>> I don't see how an error could be raised on the second SetInfo
>>> statement, unless for some reason 512 is not allowed for
>>> userAccountControl. It might help to use the AccountDisabled property
>>> method instead to enable the account. For example
>>>
>>> objUser.AccountDisabled = False
>>>
>>> Finally, if the error is raised on the SetPassword statement, then your
>>> password does not meet domain requirements, probably complexity.
>>>
>
>

Richard Mueller [MVP] schreef:
> The sn and givenName attributes can be assigned anything, except a blank
> string. If there is no value for either of these, just don't assign any
> value.
>
> If the value for sAMAccountName is unique in the domain, and the value of cn
> is unique in the OU, then the only possible causes of the error I can think
> of are:
>
> 1. You don't have permission to create user objects in the OU.
> 2. The sAMAccountName is more than 20 characters long.
> 3. The cn is more than 104 characters (if I remember correctly).
> 4. The sAMAccountName includes any of the following characters:
> [ ] : ; | = + ? < > * "
> 5. If the value of the cn attribute includes any of the following
> characters:
> , \ # + < > ; " = /
> or a leading or trailing space, then the character must be escaped using the
> backslash, "\", escape character. For example, if the common name is "Smith,
> Jim", then you must specify "Smith\, Jim". See this link for details:
>
> http://www.rlmueller.net/CharactersEscaped.htm
>
> Hopefully this accounts for the error.
>


Tx for the very appreciated help
the main problem was as it seems that i could not create users with a
script when i was logged on with a new created adminaccount that
neverthelesss was added to the same groups as the regular admin.