Recipe 15.1. Creating a User Account

Previous page
Table of content
Next page

Problem

You want to create a user account.

Solution

Using a graphical user interface

To create a local user account, do the following:

  1. Open the Computer Management snap-in (compmgmt.msc).

  2. In the left pane, expand Local Users and Groups.

  3. Right-click on Users and select New User.

  4. Enter a user name, full name, description, and password.

  5. Check or uncheck any account option boxes as necessary.

  6. Click Create.

  7. Click Close when you are done.

To create a user account in Active Directory, do the following:

  1. Open the Active Directory Users and Computers (ADUC) snap-in (dsa.msc).

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name and click OK.

  3. In the left pane, browse to the parent container of the new user, right-click on it, and select New User.

  4. Enter and confirm the password, set any of the password flags, and click Next.

  5. Click Finish.

Using a command-line interface

Use the following command to create a local user:

> net user <UserName> <UserPasswd> /add

For example:

> net user rallen MyPassword /add

You can set additional properties for local users with this command including the description (/comment) and full name (/fullname) among others. Search on "net user" in the Help and Support Center for the complete list of options.

You can create new user accounts in Active Directory with the dsadd command as shown here:

> dsadd user "<UserDN>" -upn "<UserUPN>" -fn "<UserFirstName>" -ln "<UserLastName>"  -display "<UserDisplayName>" -pwd "<UserPasswd>"

For example:

> dsadd user "cn=rallen,cn=users,dc=rallencorp,dc=com" -upn "rallen@rallencorp.com"  -fn "Robbie" -ln "Allen" -display "Robbie Allen" -pwd "MyPassword!"

Using VBScript
' This code creates a local user account ' ------ SCRIPT CONFIGURATION ------ strUserName = "<UserName>" ' e.g. rallen strFullName = "<FullName>" ' e.g. Robbie Allen strDescr = "<Description>" ' e.g. Employee account strPassword = "<Password>"  strComputer = "<ComputerName>" ' ------ END CONFIGURATION --------- set objSystem = GetObject("WinNT://" & strComputer) set objUser = objSystem.Create("user", strUserName) objUser.FullName = strFullName objUser.Description = strDescr objUser.SetPassword strPassword objUser.SetInfo WScript.Echo objUser.Name & " created" ' This code creates a user and sets several attributes in Active Directory. set objParent = GetObject("LDAP://<ParentDN>") ' e.g. cn=users,dc=rallencorp,dc=com set objUser   = objParent.Create("user", "cn=<UserName>") ' e.g. joes objUser.Put "sAMAccountName", "<UserName>"   ' e.g. joes objUser.Put "userPrincipalName", "<UserUPN>" ' e.g. joes@rallencorp.com objUser.Put "givenName", "<UserFirstName>"   ' e.g. Joe objUser.Put "sn", "<UserLastName>"           ' e.g. Smith objUser.Put "displayName", "<UserFirstName> <UserLastName>" ' e.g. Joe Smith objUser.SetInfo objUser.SetPassword("<Password>") objUser.AccountDisabled = FALSE objUser.SetInfo

Discussion

Local user accounts are different from Active Directory user accounts in terms of the data you can store with them. With local accounts, the data fields are pretty limited. You can configure a user name, full name, description, and some basic profile attributes. With Active Directory, your options are virtually limitless. There are dozens of default attributes that let you store everything from telephone numbers to department names. You can also extend Active Directory to include additional attributes of your making. With local accounts, you are forced to use what the system gives you.

In Windows 2000 Active Directory, the only mandatory attribute that must be set when creating a user is sAMAccountName, which is the account name that is used to interoperate with down-level domains. For Windows Server 2003, if you don't specify a value for sAMAccountName, it will be auto-populated for you. The userPrincipalName attribute should be set to an email address-style string and is most often populated with a user's actual email address.

Using a graphical user interface

With ADUC, you can set additional attributes of a user by double-clicking on the user account after it has been created. There are several tabs to choose from that contain attributes that are grouped together based on function (e.g. Profile).

Using a command-line interface

Several additional attributes can be set with the dsadd user command. Run dsadd user /? for the complete list.

Using VBScript

Take a look at Recipe 15.7 for more information on the userAccountControl attribute and the various flags that can be set for it.


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
A+ Fast Pass
Java How to Program (6th Edition) (How to Program (Deitel))
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Information Dashboard Design: The Effective Visual Communication of Data
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy