Recipe 5.28. Setting Properties on User AccountsProblemYou need to change properties on user accounts. SolutionUsing a graphical user interface
Using VBScript' This code fills the target user account with a bunch of silly ' properties, primarily to illustrate how to set multivalued properties ' ------ SCRIPT CONFIGURATION ------ strUser = "<UserDN>" 'e.g., "cn=jimmy,cn=Users,dc=domain,dc=com" set objUser = GetObject("LDAP://" & strUser) ' ------ END CONFIGURATION --------- givenName="James" 'First (given) Name initials="F" 'Initial(s) sn="Jones" 'Last Name displayName="James F Jones" 'Display Name description="New accounting intern" physicalDeliveryOfficeName="Finance & Accounting" ' Office telephoneNumber="512-555-0000" WWWHomePage="http://wwww.domain.com/accounting" ' ------ ADU&C ADDRESS TAB --------- streetAddress="123 Main Street" & vbCRLF & "AcmeCo Towers" & vbCRLF & "Suite 700B" 'Street postOfficeBox="PO BOX 1234" l="Anytown" 'city st="CA" 'state postalCode="94111" 'Zip/Postal Code co="United States" 'Country/region ' ------ ADU&C TELEPHONES TAB --------- homePhone="512.555.0011" otherHomePhone = Array("512-111-1111", _ "512-222-2222") 'other home phone pager="1.888.PAGE-JIM" otherPager= Array("512-333-3333", _ "512-333-4444") ' other pager mobile="512.555.1212" otherMobile = Array("512-444-4444", _ "512-444-5555") ' other mobile facsimileTelephoneNumber="512-452-0156" otherFacsimileTelephoneNumber= Array("512-555-5555", _ "512-555-6666") ' other Fax ipPhone="10.1.1.231" otherIpPhone = Array("10.10.10.200", _ "192.168.0.57") ' other IP Phone info="Some notes about this user" 'Notes ' ------ ADU&C ORGANIZATION TAB --------- title="Accounting Intern 1" department="Finance & Accounting" company="Acme Widgets" manager="CN=paul,OU=TestUsers,DC=3sharpaustin,DC=com" ' ------ OPTIONAL ATTRIBUTES --------- msExchAssistantName="Joe Secretary" extensionAttribute1="foobar" extensionAttribute2="foo" extensionAttribute15="bar" '----------------------------------------------- 'General Tab in ADU&C objUser.Put "givenName", givenName objUser.Put "initials", Initials objUser.Put "sn", sn objUser.Put "displayName", displayName objUser.Put "description", description objUser.Put "physicalDeliveryOfficeName", physicalDeliveryOfficeName objUser.Put "telephoneNumber", telephoneNumber objUser.Put "wWWHomePage", WWWHomePage 'Address Tab in ADU&C objUser.Put "streetAddress", streetAddress objUser.Put "postOfficeBox", postOfficeBox objUser.Put "l", l objUser.Put "st", st objUser.Put "postalCode", postalCode objUser.Put "co", co objUser.Put "homePhone", homePhone objuser.Put "otherHomePhone", otherHomePhone objUser.Put "pager", pager objuser.Put "otherPager", otherPager objUser.Put "mobile", mobile objuser.Put "otherMobile", otherMobile objUser.Put "facsimileTelephoneNumber", facsimileTelephoneNumber objuser.Put "otherFacsimileTelephoneNumber", otherFacsimileTelephoneNumber objUser.Put "ipPhone", ipPhone objuser.Put "otherIpPhone", otherIpPhone objuser.Put "info", info objUser.Put "title", title objUser.Put "department", department objUser.Put "company", company objUser.Put "manager", manager objUser.Put "msexchAssistantName", msExchAssistantName objUser.Put "extensionAttribute1", extensionAttribute1 objUser.Put "extensionAttribute2", extensionAttribute2 objUser.Put "extensionAttribute15", extensionAttribute15 objUser.SetInfo Wscript.Echo "User account for " & objUser.Get("sAMAccountName") & _ " has been updated" DiscussionSetting attributes of user objects is extremely straightforward using the ADUC MMC. However, in the interest of usability, Microsoft chose to expose the most common subset of attributes to the MMC interface. For example, it's especially confusing that the Exchange Global Address List displays an "assistant" field, but the field does not exist in the GUI. The best way to change these unexposed attributes is through scripting. Our "assistant" example is kept in the msExchAssistantName field, and when updated through scripting, will appear in the Exchange Global Address List. Because some attributes are missing from ADUC, you may want to use either ADSIEdit or LDP to view attributes, even though these tools are somewhat more difficult to use. You can also get the acctinfo.dll extension from the Windows Server 2003 Resource Kit; this DLL, when registered, will add a new Additional Account Info tab to the user properties dialog; this tab shows logon time, password date and policy, and lockout information for the selected account. This type of script is also useful for stepping through a group of objects and updating a particular attribute, such as changing a division's address or phone number. See AlsoRecipe 5.1 for creating mail-enabled user accounts, and Recipe 5.29 for retrieving properties on user accounts; the table at http://www.kouti.com/tables/userattributes.htm for mapping AD attributes to what you see in ADUC |