Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Account Creation Method.
- Thread starter grebnetso
- Start date
Are you creating the account manually? If so then coudn't you just create it in the destination OU in the first place rather than creating it somewhere else and then moving it? Then all you'd have to do is disable the account afterwards. Out of curiosity, why are you disabling them straight away ... is it for security - leave it disabled until the user actually turns up for work?
Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
If you create the users via vbscript then you could certainly do what you are asking.
As suggested above I would simply create the user itn eh appropriate OU in the first place. When creating a user with vbscript you actually need to code to un-disable it as the accounts are disabled by default.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
As suggested above I would simply create the user itn eh appropriate OU in the first place. When creating a user with vbscript you actually need to code to un-disable it as the accounts are disabled by default.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
- Thread starter
- #4
What I have done for some customers is create a web page for their non-admins that were given this task. The web page grabs all the needed info then feeds it to a vbscript to actually build the user ID. It would be a simple matter to have that same page then send an email with details of the account that was created.
Using the above method, there is no need to even give the users elevated permissions since the script can be called from the server with the needed permissions.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Using the above method, there is no need to even give the users elevated permissions since the script can be called from the server with the needed permissions.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
megadan2000
IS-IT--Management
Good old DSADD. This is what I use. You can create all of the users, put them in specific ou's, enter all of their details, password and you can state wether you want them enabled or diabled.
C:\Documents and Settings\administrator>dsadd user /?
Description: Adds a user to the directory.
Syntax: dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>]
[-mi <Initial>] [-ln <LastName>] [-display <DisplayName>]
[-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>]
[-memberof <Group ...>] [-office <Office>] [-tel <Phone#>]
[-email <Email>] [-hometel <HomePhone#>] [-pager <Pager#>]
[-mobile <CellPhone#>] [-fax <Fax#>] [-iptel <IPPhone#>]
[-webpg <WebPage>] [-title <Title>] [-dept <Department>]
[-company <Company>] [-mgr <Manager>] [-hmdir <HomeDir>]
[-hmdrv <DriveLtr:>] [-profile <ProfilePath>] [-loscr <ScriptPath>]
[-mustchpwd {yes | no}] [-canchpwd {yes | no}]
[-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}]
[-acctexpires <NumDays>] [-disabled {yes | no}]
[{-s <Server> | -d <Domain>}] [-u <UserName>]
[-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]
Parameters:
Value Description
<UserDN> Required. Distinguished name (DN) of user to add.
If the target object is omitted, it will be taken
from standard input (stdin).
-samid <SAMName> Set the SAM account name of user to <SAMName>.
If not specified, dsadd will attempt
to create SAM account name using up to
the first 20 characters from the
common name (CN) value of <UserDN>.
-upn <UPN> Set the upn value to <UPN>.
-fn <FirstName> Set user first name to <FirstName>.
-mi <Initial> Set user middle initial to <Initial>.
-ln <LastName> Set user last name to <LastName>.
-display <DisplayName> Set user display name to <DisplayName>.
-empid <EmployeeID> Set user employee ID to <EmployeeID>.
-pwd {<Password> | *} Set user password to <Password>. If *, then you are
prompted for a password.
-desc <Description> Set user description to <Description>.
-memberof <Group ...> Make user a member of one or more groups <Group ...>
-office <Office> Set user office location to <Office>.
-tel <Phone#> Set user telephone# to <Phone#>.
-email <Email> Set user e-mail address to <Email>.
-hometel <HomePhone#> Set user home phone# to <HomePhone#>.
-pager <Pager#> Set user pager# to <Pager#>.
-mobile <CellPhone#> Set user mobile# to <CellPhone#>.
-fax <Fax#> Set user fax# to <Fax#>.
-iptel <IPPhone#> Set user IP phone# to <IPPhone#>.
-webpg <WebPage> Set user web page URL to <WebPage>.
-title <Title> Set user title to <Title>.
-dept <Department> Set user department to <Department>.
-company <Company> Set user company info to <Company>.
-mgr <Manager> Set user's manager to <Manager> (format is DN).
-hmdir <HomeDir> Set user home directory to <HomeDir>. If this is
UNC path, then a drive letter that will be mapped to
this path must also be specified through -hmdrv.
-hmdrv <DriveLtr:> Set user home drive letter to <DriveLtr:>
-profile <ProfilePath> Set user's profile path to <ProfilePath>.
-loscr <ScriptPath> Set user's logon script path to <ScriptPath>.
-mustchpwd {yes | no} User must change password at next logon or not.
Default: no.
-canchpwd {yes | no} User can change password or not. This should be
"yes" if the -mustchpwd is "yes". Default: yes.
-reversiblepwd {yes | no}
Store user password using reversible encryption or
not. Default: no.
-pwdneverexpires {yes | no}
User password never expires or not. Default: no.
-acctexpires <NumDays> Set user account to expire in <NumDays> days from
today. A value of 0 implies account expires
at the end of today; a positive value
implies the account expires in the future;
a negative value implies the account already expired
and sets an expiration date in the past;
the string value "never" implies that the
account never expires.
-disabled {yes | no} User account is disabled or not. Default: no.
{-s <Server> | -d <Domain>}
-s <Server> connects to the domain controller (DC)
with name <Server>.
-d <Domain> connects to a DC in domain <Domain>.
Default: a DC in the logon domain.
-u <UserName> Connect as <UserName>. Default: the logged in user.
User name can be: user name, domain\user name,
or user principal name (UPN).
-p {<Password> | *} Password for the user <UserName>. If * is entered,
then you are prompted for a password.
-q Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci} -uc Specifies that input from or output to pipe is
formatted in Unicode.
-uco Specifies that output to pipe or file is
formatted in Unicode.
-uci Specifies that input from pipe or file is
formatted in Unicode.
Remarks:
If you do not supply a target object at the command prompt, the target
object is obtained from standard input (stdin). Stdin data can be
accepted from the keyboard, a redirected file, or as piped output from
another command. To mark the end of stdin data from the keyboard or
in a redirected file, use Control+Z, for End of File (EOF).
If a value that you supply contains spaces, use quotation marks
around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).
The special token $username$ (case insensitive) may be used to place the SAM
account name in the value of a parameter. For example, if the target user DN
is CN=Jane Doe,CN=users,CN=microsoft,CN=com and the SAM account name
attribute is "janed," the -hmdir parameter can have
the following substitution:
-hmdir \users\$username$\home
The value of the -hmdir parameter is modified to the following value:
- hmdir \users\janed\home
See also:
dsadd computer /? - help for adding a computer to the directory.
dsadd contact /? - help for adding a contact to the directory.
dsadd group /? - help for adding a group to the directory.
dsadd ou /? - help for adding an organizational unit to the directory.
dsadd user /? - help for adding a user to the directory.
dsadd quota /? - help for adding a quota to the directory.
Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
dsadd failed:The parameter is incorrect.
type dsadd /? for help.
C:\Documents and Settings\administrator>
That should solve your problem.
Danny
C:\Documents and Settings\administrator>dsadd user /?
Description: Adds a user to the directory.
Syntax: dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>]
[-mi <Initial>] [-ln <LastName>] [-display <DisplayName>]
[-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>]
[-memberof <Group ...>] [-office <Office>] [-tel <Phone#>]
[-email <Email>] [-hometel <HomePhone#>] [-pager <Pager#>]
[-mobile <CellPhone#>] [-fax <Fax#>] [-iptel <IPPhone#>]
[-webpg <WebPage>] [-title <Title>] [-dept <Department>]
[-company <Company>] [-mgr <Manager>] [-hmdir <HomeDir>]
[-hmdrv <DriveLtr:>] [-profile <ProfilePath>] [-loscr <ScriptPath>]
[-mustchpwd {yes | no}] [-canchpwd {yes | no}]
[-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}]
[-acctexpires <NumDays>] [-disabled {yes | no}]
[{-s <Server> | -d <Domain>}] [-u <UserName>]
[-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]
Parameters:
Value Description
<UserDN> Required. Distinguished name (DN) of user to add.
If the target object is omitted, it will be taken
from standard input (stdin).
-samid <SAMName> Set the SAM account name of user to <SAMName>.
If not specified, dsadd will attempt
to create SAM account name using up to
the first 20 characters from the
common name (CN) value of <UserDN>.
-upn <UPN> Set the upn value to <UPN>.
-fn <FirstName> Set user first name to <FirstName>.
-mi <Initial> Set user middle initial to <Initial>.
-ln <LastName> Set user last name to <LastName>.
-display <DisplayName> Set user display name to <DisplayName>.
-empid <EmployeeID> Set user employee ID to <EmployeeID>.
-pwd {<Password> | *} Set user password to <Password>. If *, then you are
prompted for a password.
-desc <Description> Set user description to <Description>.
-memberof <Group ...> Make user a member of one or more groups <Group ...>
-office <Office> Set user office location to <Office>.
-tel <Phone#> Set user telephone# to <Phone#>.
-email <Email> Set user e-mail address to <Email>.
-hometel <HomePhone#> Set user home phone# to <HomePhone#>.
-pager <Pager#> Set user pager# to <Pager#>.
-mobile <CellPhone#> Set user mobile# to <CellPhone#>.
-fax <Fax#> Set user fax# to <Fax#>.
-iptel <IPPhone#> Set user IP phone# to <IPPhone#>.
-webpg <WebPage> Set user web page URL to <WebPage>.
-title <Title> Set user title to <Title>.
-dept <Department> Set user department to <Department>.
-company <Company> Set user company info to <Company>.
-mgr <Manager> Set user's manager to <Manager> (format is DN).
-hmdir <HomeDir> Set user home directory to <HomeDir>. If this is
UNC path, then a drive letter that will be mapped to
this path must also be specified through -hmdrv.
-hmdrv <DriveLtr:> Set user home drive letter to <DriveLtr:>
-profile <ProfilePath> Set user's profile path to <ProfilePath>.
-loscr <ScriptPath> Set user's logon script path to <ScriptPath>.
-mustchpwd {yes | no} User must change password at next logon or not.
Default: no.
-canchpwd {yes | no} User can change password or not. This should be
"yes" if the -mustchpwd is "yes". Default: yes.
-reversiblepwd {yes | no}
Store user password using reversible encryption or
not. Default: no.
-pwdneverexpires {yes | no}
User password never expires or not. Default: no.
-acctexpires <NumDays> Set user account to expire in <NumDays> days from
today. A value of 0 implies account expires
at the end of today; a positive value
implies the account expires in the future;
a negative value implies the account already expired
and sets an expiration date in the past;
the string value "never" implies that the
account never expires.
-disabled {yes | no} User account is disabled or not. Default: no.
{-s <Server> | -d <Domain>}
-s <Server> connects to the domain controller (DC)
with name <Server>.
-d <Domain> connects to a DC in domain <Domain>.
Default: a DC in the logon domain.
-u <UserName> Connect as <UserName>. Default: the logged in user.
User name can be: user name, domain\user name,
or user principal name (UPN).
-p {<Password> | *} Password for the user <UserName>. If * is entered,
then you are prompted for a password.
-q Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci} -uc Specifies that input from or output to pipe is
formatted in Unicode.
-uco Specifies that output to pipe or file is
formatted in Unicode.
-uci Specifies that input from pipe or file is
formatted in Unicode.
Remarks:
If you do not supply a target object at the command prompt, the target
object is obtained from standard input (stdin). Stdin data can be
accepted from the keyboard, a redirected file, or as piped output from
another command. To mark the end of stdin data from the keyboard or
in a redirected file, use Control+Z, for End of File (EOF).
If a value that you supply contains spaces, use quotation marks
around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).
The special token $username$ (case insensitive) may be used to place the SAM
account name in the value of a parameter. For example, if the target user DN
is CN=Jane Doe,CN=users,CN=microsoft,CN=com and the SAM account name
attribute is "janed," the -hmdir parameter can have
the following substitution:
-hmdir \users\$username$\home
The value of the -hmdir parameter is modified to the following value:
- hmdir \users\janed\home
See also:
dsadd computer /? - help for adding a computer to the directory.
dsadd contact /? - help for adding a contact to the directory.
dsadd group /? - help for adding a group to the directory.
dsadd ou /? - help for adding an organizational unit to the directory.
dsadd user /? - help for adding a user to the directory.
dsadd quota /? - help for adding a quota to the directory.
Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
dsadd failed:The parameter is incorrect.
type dsadd /? for help.
C:\Documents and Settings\administrator>
That should solve your problem.
Danny
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question