create large number of users 1

[bookouri]

I need to create 50 to 100 new users in Active Directory. Is there any mechanism that anyone knows of that i can use so i dont have to create them individually?

thanks for any suggestions

 

[itsp1965]

The ADDUSERS reskit tool (don't recall if does AD), CSVDE and LDFIDE tools should work. There are also plenty of predefined VBScripts written by MS

http://www.microsoft.com/scripting.

 

[bookouri]

thanks, ill take a look at those...

 

[acl03]

bookouri:

Here's a script i wrote (and modified a bit for you). I think it'll help.

To run it, cut and paste all the code into notepad, and save as a file with a .vbs extension (eg. AddUsersComputers.vbs)

To run, just double-click.

This script creates users and/or computers in the deafult users and computers container:


''''''''''''''''''''''''''''''''''''''
'Written by Andrew Levine - 2/2005
''''''''''''''''''''''''''''''''''''''

'This script will add users or computers to active directory.
'Program will repeat until a field is left blank or cancel is pressed

'set Fully Qualified Domain Name
FQDomainName="INSERT FQ DOMAIN NAME" 'this will be after the @ in the user principal name
defaultPassword = "INSERT PASSWORD"



Set objRootDSE = GetObject("LDAP://rootDSE")

'Set OU in which to add Computers (from the bottom up)
Set computerOU = GetObject("LDAP://cn=Computers," & objRootDSE.Get("defaultNamingContext"))

'Set OU in which to add Users
Set userOU = GetObject("LDAP://cn=Users," & objRootDSE.Get("defaultNamingContext"))

sub addComputer (name)
strComputer = name
Const ADS_UF_PASSWD_NOTREQD = &h0020
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &h1000
Set objComputer = computerOU.Create("Computer", "cn=" & strComputer)
objComputer.Put "sAMAccountName", strComputer & "$"
objComputer.Put "userAccountControl", _
ADS_UF_PASSWD_NOTREQD Or ADS_UF_WORKSTATION_TRUST_ACCOUNT
objComputer.SetInfo
end sub


sub addUser(shortName, firstname, lastname, description)
Set usr = userOU.Create("user", "CN=" & firstname & " " & lastname)
usr.Put "sAMAccountName", ShortName
usr.Put "userPrincipalName", shortName & "@" & FQDomainName
usr.Put "GivenName", firstname
usr.Put "Sn", lastname
usr.Put "description", description
usr.Put "displayName", firstname & " " & lastname
usr.SetInfo
usr.SetPassword defaultPassword
usr.AccountDisabled = False
usr.SetInfo
end sub

done=0

Sub checkEmpty (userInput)
If userInput = "" Then
Wscript.quit
End if
End sub


Sub addComputers
While done=0
cn = InputBox ("Enter computer to add. Leave blank to exit.", "Add Computers")
checkEmpty cn
addComputer cn
Wend
End Sub

Sub addUsers
While done=0
sn = InputBox ("Enter User ID:", "New User - Leave blank to exit.")
checkEmpty sn
fn = InputBox ("Enter First Name:", "New User - Leave blank to exit.")
checkEmpty fn
ln = InputBox ("Enter Last Name:", "New User - Leave blank to exit.")
checkEmpty ln
de = InputBox ("Enter Description:", "New User - Leave blank to exit.")
checkEmpty de
addUser sn, fn, ln, de
Wend
End Sub

message = "Please pick an option:" & vbCrLf & _
"(Press cancel or leave blank to quit.)" & vbCrLf & vbCrLf & _
"1 - Add Users" & vbCrLf & _
"2 - Add Computers" & vbCrLf & _
"3 - Skip These Menus" & vbCrLf & _
vbCrLf & vbCrLf & "Please enter a number:"

Do
userChoice = InputBox(message, "Add Users & Computers")
select case userChoice
case "1"
addUsers
case "2"
addComputers
case "3"
massUpdate
case ""
WScript.Quit
case else
msgbox "Invalid entry. Please try again."
end select
loop while userChoice <> "" and userChoice <> "0"


Sub massUpdate

'addUser "userID", "fName", "lName", "description"
'addComputer "Computer1"


Wscript.quit
End Sub

 

[acl03]

To exit this script at any time, just leave an input box blank, or press cancel. There are three options in this script.

1 - add users - this will cycle through the userid, firstname, lastname, and description fields over and over.

2 - add computers - this cycles through the computer name input box over and over

3 - skip these menus - this will jump to the bottom of the script, where you can pre-code all the computers and users you want to add followint the two examples i gave.

If this doesnt meet your needs or you'd liek something added or removed, feel free to let me know and i'll post another version for you.

I hope you find this helpful,
Andrew

 

[bookouri]

thanks, Ill try running that and see how it works.. i looked at some scripts on line but most of them looked way over my head so i didnt follow up on them..

 

[acl03]

Well it's actually much more simple than it looks - let me know of any questions at all.
Dont forget - there are 2 variables you need to set at the top of ths script. FQDomainName and defaultPassword.

 

[acl03]

Did you try it? How'd it work?

 

[bookouri]

sorry, i got the script in a file this morning but then got side-tracked on another issue... hopefully Ill get back on it this evening...

thanks again... i wont forget to let you know though..

 

[acl03]

Ah - no worries, I was just curious, since I never gave that script out to anyone, I've just used it myself. Don't forget to set the 2 variables.

 

[bookouri]

thanks, that's a GREAT little script... i have to look close at it, if i can add an option for the user group(s) and/or user home directory that would really make it work for my current project..the only thing i ever have to set are the user groups, and under user profile, i connect a drive letter to their home folder and set a logon script..

thanks again, yours is one of the few scripts Ive ever gotten on line that simply worked right out of the box without any tweaks or anything else...

 

[bookouri]

by adding these lines i can set the user home directory

usr.put "homeDirectory", "\\myserver\" & LCase(shortname) & "$"
usr.put "homeDrive", "U:"

Im still working on the others...

 

[bookouri]

the user logon script can be added with
usr.put "scriptpath","basic.bat"

there also seems to be a 'usr.Put "LoginScript", "basic.bat" but it doesnt work...

 

[acl03]

Are all of your users wk and above? If so, why not use group policy to push out login scripts instead of user by user? MUCH easier to change later.

 

[bookouri]

its just a hold over from when we had an NT domain.. I just never have made that transition over to the "new" way of doing some things, especially with group policies. Ive got a couple of group policies, but i still dont like using them.

the one thing that's turned out to be harder than i expected is creating a user folder and sharing it and assigning permissions to it...

 

[acl03]

I would strongly recommend using group policy for your login scripts, it's just easier to have them in one spot. We use them here and it works great (along with bunch of other options I use in group policy).

Why don't you like using them?

 

[bookouri]

well, when i started using group policies in NT you had to be careful to have a "reverse" policy or you could mess up a PC , turn things off and on and not be able to get them back to normal. When Ive used policies recently Ive also experienced unexpected behavior.. it may be that i dont understand them well enough, but they still seem flaky and unpredictable.

 

[acl03]

I've never had a problem with them at all - I'm using a 2000 environment right now.

 

[djeddieed]

My question maybe a little different from this one, not by much. I have 1400 users in an OU with there full names as a log on. Example (John.Doe)- I would like all users to use there first initial of there first name and there full last name EXAMPLE (JDoe). Please advise on how to.

Thanks a mil

A tech from massachusetts.

 

[bookouri]

thats funny, that's exactly the opposite of what our central IT "committee" is trying to impose on us. We currently use a form of the first initial and lastname user names, and they're pushing us to change to the first.last convention.. but then this is the 4th "convention" they've implemented in 5 years...<G>