Recipe16.1.Creating a User Account

Previous page
Table of content
Next page

Recipe 16.1. Creating a User Account

Problem

You want to create a user account in Active Directory.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers (ADUC) snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name and click OK.

  3. In the left pane, browse to the parent container of the new user, right-click on it, and select New

    Enter the values for the first name, last name, full name, and user logon name fields as appropriate and click Next.

  4. Enter and confirm the password, set any of the password flags, and click Next.

  5. Click Finish.

Using a command-line interface
> dsadd user "<UserDN>" -upn  <UserUPN> -fn "<UserFirstName>" -ln "<UserLastName>" -display "<UserDisplayName>" -pwd <UserPasswd>

Using VBScript
' The following code creates a user object and sets several attributes. set objParent = GetObject("LDAP://<ParentDN>")  set objUser   = objParent.Create("user", "cn=<UserName>") ' e.g., joes objUser.Put "sAMAccountName", "<UserName>"   ' e.g., joes objUser.Put "userPrincipalName", "<UserUPN>" ' e.g., joes@rallencorp.com objUser.Put "givenName", "<UserFirstName>"   ' e.g., Joe objUser.Put "sn", "<UserLastName>"           ' e.g., Smith objUser.Put "displayName", "<UserFirstName> <UserLastName>" ' e.g., Joe Smith objUser.SetInfo objUser.SetPassword("<Password>") objUser.AccountDisabled = FALSE objUser.SetInfo

Discussion

In Windows 2000 Active Directory, the only mandatory attribute that must be set when creating a user is sAMAccountName, which is the account name that is used to interoperate with down-level domains. For Windows Server 2003, if you don't specify a value for sAMAccountName, it will be auto-populated for you. If you allow UPN logons, you'll want to make sure the userPrincipalName attribute is set.

With Windows Server 2003, you can also create user accounts using the inetOrgPerson class, which is commonly used in other LDAP directories to represent users. For more on inetOrgPerson, see RFC 2798.


Using a graphical user interface

To set additional attributes, double-click on the user account after it has been created. There are several tabs to choose from that contain attributes that are grouped together based on function (e.g., Profile).

Using a command-line interface

Several additional attributes can be set with the dsadd user command. Run dsadd user /? for the complete list.

Using VBScript

Take a look at Recipe 16.9 for more information on the userAccountControl attribute and the various flags that can be set for it.

See Also

Recipes 16.2 and 16.9 and MSDN: ADS_USER_FLAG_ENUM


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
The CISSP and CAP Prep Guide: Platinum Edition
Mapping Hacks: Tips & Tools for Electronic Cartography
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy