Problem getting newly created user accounts enabled and password n

Discussion in 'Scripting' started by Joe, Apr 13, 2007.

  1. Joe

    Joe Guest

    Hi guys,

    I've been trying to get this vbscript from Scott Lowe, modified so that I
    could get a list of AD users created from a csv file. The goal I'd like to
    attain is to have the newly created acounts enabled, passwords populated,
    User wouldn't be prompted with change of password at first logon, passwords
    never expire . But whatever I did, the new accounts were always disabled and
    "password never expires" could not be set. And I have to do so manually.

    Any idea on how to make it work would be greatly appreciated.

    Here's my customized script as follows.

    Option Explicit
    Dim sIOLocation
    Dim sCSVFile
    Dim sLogFile
    Dim oInputConnection
    Dim oInputRecordSet
    Dim oLogObject
    Dim oLogOutput
    Dim oNewUser

    ' Variables needed for LDAP connection
    Dim oRootLDAP
    Dim oContainer

    ' Holding variables
    Dim sLogon
    Dim sFirstName
    Dim sLastName
    Dim sDisplayName
    Dim sPassword
    Dim nPwdLastSet
    Dim nUserAccountControl ' Used to enable the account
    Dim sLDAPdomain
    Dim sLDAPExchangeServer ' See instructions before running script
    Dim sLDAPmail ' Will be set to sLogon + "@" + sLDAPdomain
    Dim sLDAPmailnickname ' Will be set to sLogon
    Dim sLDAPhomeMDB ' See instructions before running script
    Dim sLDAPmDBUseDefaults ' Will be set to True

    ' Modify this to match your company's AD domain
    sLDAPdomain="mydomain.com"

    ' Location of CSV file and to which log files will be written
    sIOLocation = "C:\Scripts\" 'KEEP TRAILING SLASH!

    ' Full path to input file
    sCSVFile = sIOLocation&"users.csv"
    sLogFile = sIOLocation&"IO.log"

    ' This value is set to true
    ' Indicates that the user account will use default mail store rules
    'sLDAPmDBUseDefaults = True

    ' Commands used to open the CSV file and select all of the records
    set oInputConnection = createobject("adodb.connection")
    set oInputRecordSet = createobject("adodb.recordset")
    oInputConnection.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= " & _
    sIOLocation & ";Extended Properties=""text;HDR=NO;FMT=Delimited"""
    oInputRecordSet.open "SELECT * FROM " & sCSVFile,oInputConnection

    ' Open the log file for writing
    set oLogObject = CreateObject("Scripting.FileSystemObject")
    set oLogOutput = oLogObject.CreateTextFile(sLogFile)
    oLogOutput.WriteLine Now & ": Log started"

    ' Create a connection to the Active Directory Toronto\Users container.


    Set oRootLDAP = GetObject("LDAP://rootDSE")
    'Set oContainer = GetObject("LDAP://cn=Users," & _
    ' oRootLDAP.Get("defaultNamingContext"))
    '
    Set oContainer = GetObject("LDAP://OU=Users,OU=Montreal HO,DC=ATCORP,DC=pri")

    ' Allows processing to continue even if an error occurs (i.e. dup user)
    ' We put this below the CSV and AD information since processing can
    ' continue with a single bad record, but not if there is a problem with
    ' the CSV file or AD connection
    on error resume Next

    do until oInputRecordSet.EOF ' Reads the values (cells) in the sInputFile
    file.

    err.clear ' Reset the error counter

    ' --------- Start creating user account
    ' Read variable information from the CSV file
    ' and build everything needed to create the account
    sLogon = oInputRecordSet.Fields.Item(0).value
    sFirstName = oInputRecordSet.Fields.Item(1).value
    sLastName = oInputRecordSet.Fields.Item(2).value
    sDisplayName = sFirstName&" "&sLastName
    sPassword = oInputRecordSet.Fields.Item(3).value

    ' Build the User account
    Set oNewUser = oContainer.Create("User","cn="&sFirstName&" "&sLastName)

    oNewUser.put "sAMAccountName",lcase(sLogon)
    oNewUser.put "givenName",sFirstName
    oNewUser.put "sn",sLastName
    oNewUser.put "UserPrincipalName",lcase(SLogon)&"@"&sLDAPdomain
    oNewUser.put "DisplayName",sDisplayName
    oNewUser.put "name",lcase(sLogon)

    ' Write this information into Active Directory so we can
    ' modify the password and enable the user account
    oNewUser.SetInfo

    'If it was successful, continue processing
    If err.number = 0 Then
    oLogOutput.WriteLine Now & ": " & sLogon & ": Successfully created user
    account"

    ' Change the users password and turn off requirement to change at next login
    oNewUser.SetPassword sPassword
    oNewUser.Put "pwdLastSet",1
    '
    'Wscript.Echo "Removing Account Expiration..."
    oNewUser.AccountExpires=-1
    'oNewUser.SetInfo

    ' Enable the user account
    oNewUser.Put "nUserAccountControl",512
    oNewUser.SetInfo

    ' If the password set and account enable was successful, indicate.
    Otherwise, write diagnostics.
    If err.number = "0" Then
    oLogOutput.WriteLine Now & ": " & sLogon & ": Successfully created user
    password and enabled account"
    Else
    oLogOutput.WriteLine Now & ": " & sLogon & ": Password or account enable
    error : " & err.number & err.description
    End If

    Else
    oLogOutput.WriteLine Now & ": " & sLogon & ": Error creating account: " &
    err.number & err.description
    End If

    ' --------- End of user account creation
    ' Move ahead to the next record
    oInputRecordSet.movenext
    Loop

    ' Close the log file
    oLogOutput.WriteLine Now & ": Input ended"
    oLogOutput.Close
     
    Joe, Apr 13, 2007
    #1
    1. Advertisements

  2. First, I would recommend removing (or commenting out) the "On Error Resume
    Next" statement. A few statements are probably raising errors but you don't
    know it because of this. For example:

    oNewUser.Put "pwdLastSet",1

    should raise an error. If you do not assign any value to pwdLastSet, the
    password will not be expired (users will not be asked to change their
    password the first time they logon).

    Next, this statement is not necessary:

    oNewUser.AccountExpires=-1

    If accountExpires is not assigned a value, the account will not have an
    expiration date. Finally, you should not assign values to
    userAccountControl. This statement:

    oNewUser.Put "nUserAccountControl",512

    will raise an error because the attribute name is misspelled. The proper way
    to enable the account is to use the property method AccountDisabled:

    oNewUser.AccountDisabled = False

    If you want passwords to never expire, you can set a bit of
    userAccountControl with code similar to:

    Dim lngFlag
    Const ADS_UF_DONT_EXPIRE_PASSWORD = &H10000

    lngFlag = oUser.userAccountControl
    lngFlag = lngFlag Or ADS_UF_DONT_EXPIRE_PASSWORD
    oUser.userAccountControl = lngFlag
    oUser.SetInfo

    I hope this helps. If any part of the script raises an error that you want
    to ignore (or handle), use "On Error Resume Next" only for the statement
    expected to raise the error, then use "On Error GoTo 0" to restore normal
    error handling. Otherwise you will have no idea what is happening.
     
    Richard Mueller [MVP], Apr 14, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.