6.1.1 ProblemYou want to create a user object. 6.1.2 Solution6.1.2.1 Using a graphical user interface
6.1.2.2 Using a command-line interface> dsadd user "<UserDN>" -upn <UserUPN> -fn "<UserFirstName>" -ln "<UserLastName>"[RETURN] -display "<UserDisplayName>" -pwd <UserPasswd> 6.1.2.3 Using VBScript' Taken from ADS_USER_FLAG_ENUM Const ADS_UF_NORMAL_ACCOUNT = 512 set objParent = GetObject("LDAP://<ParentDN>") set objUser = objParent.Create("user", "cn=<UserName>") ' e.g. joes objUser.Put "sAMAccountName", "<UserName>" ' e.g. joes objUser.Put "userPrincipalName", "<UserUPN>" ' e.g. joes@rallencorp.com objUser.Put "givenName", "<UserFirstName>" ' e.g. Joe objUser.Put "sn", "<UserLastName>" ' e.g. Smith objUser.Put "displayName", "<UserFirstName> <UserLastName>" ' e.g. Joe Smith objUser.Put "userAccountControl", ADS_UF_NORMAL_ACCOUNT objUser.SetInfo objUser.SetPassword("<Password>") objUser.AccountDisabled = FALSE objUser.SetInfo 6.1.3 DiscussionThe only mandatory attribute that must be set when creating a user is sAMAccountName, which is the account name that is used to interoperate with down-level domains. To make the account immediately available for a user to use, you'll need to make sure the account is enabled, which is accomplished by setting userAccountControl to 512, and setting a password (see Recipe 6.17). If you allow UPN logons, you'll want to make sure the userPrincipalName attribute is set. With Windows Server 2003, you can also create user accounts using the inetOrgPerson class, which is described in Recipe 6.3. inetOrgPerson objects can be used for user authentication and restricting access to resources in much the same way as user objects. 6.1.3.1 Using a graphical user interfaceTo set additional attributes, double-click on the user account after it has been created. There are several tabs to choose from that contain attributes that are grouped together based on function (e.g., Profile). 6.1.3.2 Using a command-line interfaceSeveral additional attributes can be set with the dsadd user command. Run dsadd user /? for the complete list. 6.1.3.3 Using VBScriptTake a look at Recipe 6.24 for more information on the userAccountControl attribute and the various flags that can be set for it. 6.1.4 See AlsoRecipe 6.2 for creating users in bulk, Recipe 6.3 for creating an inetOrgPerson user, and MSDN: ADS_USER_FLAG_ENUM |