ProblemYou want to create a user account. SolutionUsing a graphical user interfaceTo create a local user account, do the following:
To create a user account in Active Directory, do the following:
Using a command-line interfaceUse the following command to create a local user: > net user <UserName> <UserPasswd> /add For example: > net user rallen MyPassword /add You can set additional properties for local users with this command including the description (/comment) and full name (/fullname) among others. Search on "net user" in the Help and Support Center for the complete list of options. You can create new user accounts in Active Directory with the dsadd command as shown here: > dsadd user "<UserDN>" -upn "<UserUPN>" -fn "<UserFirstName>" -ln "<UserLastName>" -display "<UserDisplayName>" -pwd "<UserPasswd>" For example: > dsadd user "cn=rallen,cn=users,dc=rallencorp,dc=com" -upn "rallen@rallencorp.com" -fn "Robbie" -ln "Allen" -display "Robbie Allen" -pwd "MyPassword!" Using VBScript' This code creates a local user account ' ------ SCRIPT CONFIGURATION ------ strUserName = "<UserName>" ' e.g. rallen strFullName = "<FullName>" ' e.g. Robbie Allen strDescr = "<Description>" ' e.g. Employee account strPassword = "<Password>" strComputer = "<ComputerName>" ' ------ END CONFIGURATION --------- set objSystem = GetObject("WinNT://" & strComputer) set objUser = objSystem.Create("user", strUserName) objUser.FullName = strFullName objUser.Description = strDescr objUser.SetPassword strPassword objUser.SetInfo WScript.Echo objUser.Name & " created" ' This code creates a user and sets several attributes in Active Directory. set objParent = GetObject("LDAP://<ParentDN>") ' e.g. cn=users,dc=rallencorp,dc=com set objUser = objParent.Create("user", "cn=<UserName>") ' e.g. joes objUser.Put "sAMAccountName", "<UserName>" ' e.g. joes objUser.Put "userPrincipalName", "<UserUPN>" ' e.g. joes@rallencorp.com objUser.Put "givenName", "<UserFirstName>" ' e.g. Joe objUser.Put "sn", "<UserLastName>" ' e.g. Smith objUser.Put "displayName", "<UserFirstName> <UserLastName>" ' e.g. Joe Smith objUser.SetInfo objUser.SetPassword("<Password>") objUser.AccountDisabled = FALSE objUser.SetInfo DiscussionLocal user accounts are different from Active Directory user accounts in terms of the data you can store with them. With local accounts, the data fields are pretty limited. You can configure a user name, full name, description, and some basic profile attributes. With Active Directory, your options are virtually limitless. There are dozens of default attributes that let you store everything from telephone numbers to department names. You can also extend Active Directory to include additional attributes of your making. With local accounts, you are forced to use what the system gives you. In Windows 2000 Active Directory, the only mandatory attribute that must be set when creating a user is sAMAccountName, which is the account name that is used to interoperate with down-level domains. For Windows Server 2003, if you don't specify a value for sAMAccountName, it will be auto-populated for you. The userPrincipalName attribute should be set to an email address-style string and is most often populated with a user's actual email address. Using a graphical user interfaceWith ADUC, you can set additional attributes of a user by double-clicking on the user account after it has been created. There are several tabs to choose from that contain attributes that are grouped together based on function (e.g. Profile). Using a command-line interfaceSeveral additional attributes can be set with the dsadd user command. Run dsadd user /? for the complete list. Using VBScriptTake a look at Recipe 15.7 for more information on the userAccountControl attribute and the various flags that can be set for it. |