I have created a VB script to create numerous users in a Windows 2000 Active Dicretory domain reading the usernames from a text file in the format
firstname lastname
The script creates the users, maps home directory, enables account, sets password
however when any try to log on they get the message:
"your account has expired"
The accoutn properties are the same as the existing accounts when i check them manually - they are enabled, they havent expired, etc can someone tell me where i am going wrong as its driving me crazy!
Script below:
On Error Resume Next
Password = "password"
usrfile = "usernames.txt"
dcroot = "ou=test users,dc=testdomain,dc=COM"
hdrive = "H:"
bat = "login.bat"
hdirectory = "\\Server\users\%username%"
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(usrfile) Then
Set objFile = objFSO.OpenTextFile(usrfile, 1)
Else
Wscript.Echo "File" & usrfile & " does not exist."
WScript.Quit
End If
WScript.Echo "Reading user names from " & usrfile & VbCrLf
WScript.Echo "Line number:" & VbTab & "Action:"
WScript.Echo "========================================================================="
Do Until objFile.AtEndOfStream
CurLine = objFile.Line
Userline = objFile.ReadLine
If not Userline = "" Then
useNames = Split(Userline, " ")
FirstName = useNames(0)
Length = UBound(useNames)
If Length > 1 Then
LastName = useNames(1) & " " & useNames(2)
Else
LastName = useNames(1)
End If
FullName = useNames(0) & " " & LastName
FirstInitial = left(FirstName, 1)
LName = useNames(Length)
LogonName = LName & FirstInitial
Userpn = LogonName & "@testdomain.COM"
Set objContainer = GetObject("LDAP://" & dcroot)
If Err <> 0 Then
WScript.Echo "Can not bind to " & dcroot & ". Check syntax."
WScript.Quit
End If
Err.Clear
Set objNew = objContainer.Create("User", "cn=" & FullName)
objNew.Put "sAMAccountName", LogonName
objNew.Put "UserPrincipalName", Userpn
objNew.Put "givenName", FirstName
objNew.Put "sn", LastName
objNew.Put "displayName", FirstName & " " & LastName
objNew.Put "homeDrive", hdrive
objNew.Put "homeDirectory", hdirectory
objNew.Put "scriptPath", bat
objNew.SetInfo
Set objNew = Nothing
Set objUser = GetObject("LDAP://cn=" & _
FullName & "," & dcroot)
objUser.ChangePassword "", Password
objUser.SetInfo
objUser.AccountDisabled = FALSE
objUser.SetInfo
objUser.AccountExpires = -1
objUser.SetInfo
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR _
ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
Set grp = GetObject("LDAP://cn=test group,ou=testusers,dc=testdomain,dc=COM")
grp.Add(objUser.AdsPath)
grp.SetInfo
Set objUser = Nothing
Set grp = Nothing
WScript.Echo CurLine & vbTab & vbTab & "User """ & _
FullName & """ (" & LogonName & " , " & Userpn & ") created. " & pwderr
Else
WScript.Echo CurLine & vbTab & vbTab & _
"Skipping Empty line in " & usrfile
End If
Loop
objFile.Close
firstname lastname
The script creates the users, maps home directory, enables account, sets password
however when any try to log on they get the message:
"your account has expired"
The accoutn properties are the same as the existing accounts when i check them manually - they are enabled, they havent expired, etc can someone tell me where i am going wrong as its driving me crazy!
Script below:
On Error Resume Next
Password = "password"
usrfile = "usernames.txt"
dcroot = "ou=test users,dc=testdomain,dc=COM"
hdrive = "H:"
bat = "login.bat"
hdirectory = "\\Server\users\%username%"
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(usrfile) Then
Set objFile = objFSO.OpenTextFile(usrfile, 1)
Else
Wscript.Echo "File" & usrfile & " does not exist."
WScript.Quit
End If
WScript.Echo "Reading user names from " & usrfile & VbCrLf
WScript.Echo "Line number:" & VbTab & "Action:"
WScript.Echo "========================================================================="
Do Until objFile.AtEndOfStream
CurLine = objFile.Line
Userline = objFile.ReadLine
If not Userline = "" Then
useNames = Split(Userline, " ")
FirstName = useNames(0)
Length = UBound(useNames)
If Length > 1 Then
LastName = useNames(1) & " " & useNames(2)
Else
LastName = useNames(1)
End If
FullName = useNames(0) & " " & LastName
FirstInitial = left(FirstName, 1)
LName = useNames(Length)
LogonName = LName & FirstInitial
Userpn = LogonName & "@testdomain.COM"
Set objContainer = GetObject("LDAP://" & dcroot)
If Err <> 0 Then
WScript.Echo "Can not bind to " & dcroot & ". Check syntax."
WScript.Quit
End If
Err.Clear
Set objNew = objContainer.Create("User", "cn=" & FullName)
objNew.Put "sAMAccountName", LogonName
objNew.Put "UserPrincipalName", Userpn
objNew.Put "givenName", FirstName
objNew.Put "sn", LastName
objNew.Put "displayName", FirstName & " " & LastName
objNew.Put "homeDrive", hdrive
objNew.Put "homeDirectory", hdirectory
objNew.Put "scriptPath", bat
objNew.SetInfo
Set objNew = Nothing
Set objUser = GetObject("LDAP://cn=" & _
FullName & "," & dcroot)
objUser.ChangePassword "", Password
objUser.SetInfo
objUser.AccountDisabled = FALSE
objUser.SetInfo
objUser.AccountExpires = -1
objUser.SetInfo
intUAC = objUser.Get("userAccountControl")
objUser.Put "userAccountControl", intUAC XOR _
ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
Set grp = GetObject("LDAP://cn=test group,ou=testusers,dc=testdomain,dc=COM")
grp.Add(objUser.AdsPath)
grp.SetInfo
Set objUser = Nothing
Set grp = Nothing
WScript.Echo CurLine & vbTab & vbTab & "User """ & _
FullName & """ (" & LogonName & " , " & Userpn & ") created. " & pwderr
Else
WScript.Echo CurLine & vbTab & vbTab & _
"Skipping Empty line in " & usrfile
End If
Loop
objFile.Close
