Recipe 16.1. Creating a User AccountProblemYou want to create a user account in Active Directory. SolutionUsing a graphical user interface
Using a command-line interface> dsadd user "<UserDN>" -upn <UserUPN> -fn "<UserFirstName>" -ln "<UserLastName>" -display "<UserDisplayName>" -pwd <UserPasswd> Using VBScript' The following code creates a user object and sets several attributes. set objParent = GetObject("LDAP://<ParentDN>") set objUser = objParent.Create("user", "cn=<UserName>") ' e.g., joes objUser.Put "sAMAccountName", "<UserName>" ' e.g., joes objUser.Put "userPrincipalName", "<UserUPN>" ' e.g., joes@rallencorp.com objUser.Put "givenName", "<UserFirstName>" ' e.g., Joe objUser.Put "sn", "<UserLastName>" ' e.g., Smith objUser.Put "displayName", "<UserFirstName> <UserLastName>" ' e.g., Joe Smith objUser.SetInfo objUser.SetPassword("<Password>") objUser.AccountDisabled = FALSE objUser.SetInfo DiscussionIn Windows 2000 Active Directory, the only mandatory attribute that must be set when creating a user is sAMAccountName, which is the account name that is used to interoperate with down-level domains. For Windows Server 2003, if you don't specify a value for sAMAccountName, it will be auto-populated for you. If you allow UPN logons, you'll want to make sure the userPrincipalName attribute is set.
Using a graphical user interfaceTo set additional attributes, double-click on the user account after it has been created. There are several tabs to choose from that contain attributes that are grouped together based on function (e.g., Profile). Using a command-line interfaceSeveral additional attributes can be set with the dsadd user command. Run dsadd user /? for the complete list. Using VBScriptTake a look at Recipe 16.9 for more information on the userAccountControl attribute and the various flags that can be set for it. See AlsoRecipes 16.2 and 16.9 and MSDN: ADS_USER_FLAG_ENUM |