Creating Domain user accounts script

Posted on 2004-08-11
Last Modified: 2008-09-18
Hi Experts,

I am looking for a VBScript example of how to create a Windows Domain user account from a computer within the domain.

Currently I have a script that was creating a user account in a specifed OU and group but the server (Win2k3) that was running the script was the Domain Controller. With our new network design the domain controller is running on a separate server and the computer running the script is simply a member of the domain. The domain controller is using Active Directory and the server that will be running the script does not. The server executing the script is running an application that requires to create new user accounts within the domain. The scripting server is and scripts will be executed by the Domain Controller Administrator account as that is login i use.

I am not a skilled VB programmer but can work with a script to include command line supplied arguments to replace values for DOMAIN, OU, GROUP, PASSWORD. The user account password should never expire.

Many thanks,

Question by:greghess
LVL 76

Accepted Solution

David Lee earned 500 total points
ID: 11780074
Hi, Greg.

I'm a little confused.  If you already have a script that creates users, then it should work regardless of where it's run from.  The only requirement I know of is that the script be run under an account that has sufficient permissions to create accounts in the domain.  Are you saying that the script you currently have does not work when run from a computer other than the domain controller?  If so, can you post the script?  It might be something that could be fixed rather than coming up with a new script.  Or is it that your current script used fixed parameters and you'd like one with flexible parameters?


Author Comment

ID: 11784085
Hi thanks for your reply,

Sorry for my confusing post.

Yes my script that I was using befor does not work on any other computer other than the Domain Controller. Below you will find my current impl.

'Declare all variables
option explicit

'Dont fail on error
on error resume next

' Constants for the NameTranslate object.
Const ADS_NAME_TYPE_1779 = 1

dim args
dim bExists
dim sDomain, sOU, sGroup, sUserName, sPassword
dim sDNSDomain, sNetBIOSDomain, sGroupPath
dim objRoot, objDomain, objOU, objContainer, objGroup, objLeaf, objTrans

' Get the arguments
set args = wscript.arguments
call processCommandLine(args, sDomain, sOU, sGroup, sUserName, sPassword)

set objRoot = GetObject("LDAP://rootDSE")
set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNamingContext"))      

'Create the user      
set objContainer = GetObject("LDAP://OU=" & sOU &"," & _
call displayErrorAndBail(err, TRUE, "Unable to get OU")
set objLeaf = objContainer.create("User", "cn=" & sUserName)
call displayErrorAndBail(err, TRUE, "Unable to create user")
objLeaf.put "samAccountName", sUserName
call objLeaf.setPassword(sPassword)
objLeaf.AccountDisabled = FALSE
objLeaf.AllowLogon = 1
'Add user to specified group
set objTrans = CreateObject("NameTranslate")
sDNSDomain = objRoot.Get("DefaultNamingContext")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, sDNSDomain
sNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
sNetBIOSDomain = Left(sNetBIOSDomain, Len(sNetBIOSDomain) - 1)
objTrans.Set ADS_NAME_TYPE_NT4, sNetBIOSDomain & "\" & sGroup
sGroupPath = objTrans.Get(ADS_NAME_TYPE_1779)
call displayErrorAndBail(err, TRUE, "Unable to find group")
set objGroup = GetObject("LDAP://" & sGroupPath)

'All Done            
wscript.echo "Added Windows User:" & sUserName & " to OU:" & sOU & " group:" & sGroup

'Clean up
set objRoot = Nothing
set objDomain = Nothing
set objOU = Nothing
set objContainer = Nothing
set objGroup = Nothing
set objLeaf = Nothing
set objTrans = Nothing

' Sub to display the usage for the script
sub displayUsage
  WScript.Echo "USAGE: cscipt.exe createUserAccount.vbs DOMAIN_NAME OU GROUP USER_NAME PASSWORD"
  WScript.Echo VbCrLf & "Where: DOMAIN_NAME is the computer domain name"
  WScript.Echo "GROUP is the user group th add this user account to"
  WScript.Echo "OU is the users organizational unit"
  WScript.Echo "USER_NAME is the userId"
  WScript.Echo "PASSWORD valid user password"
end Sub

' Sub to process the command line
sub processCommandLine(args, sDomain, sOU, sGroup, sUserName, sPassword)
   if( args.Count < 4 ) then
      WScript.Echo "ERROR: Wrong number of arguments."
      Call displayUsage ( )
      WScript.Quit 1
      sDomain = args(0)
      sOU = args(1)
      sGroup = args(2)
      sUserName = args(3)
      sPassword = args(4)
   end if
end sub

' Error processing sub.  Takes 3 args,
' 1. is the error object
' 2. is a flag, TRUE means terminate if an error was found,
'    FALSE- Display an error, clear the error object, continue
' 3. A user defined error text to display with the error information
sub displayErrorAndBail( oErr, bFlag, sMsg )
   if( oErr.Number <> 0 ) then
      ' We have an error, display the error text and the error number
      ' along with the error description
      WScript.Echo sMsg
      WScript.Echo "ERROR Number: " & hex( oErr.Number ) & " has occurred. "
      WScript.Echo oErr.Description
      if( bFlag ) then
        WScript.Echo "Terminating script "
        WScript.Quit 1
      end if
    end if
end sub

When running the script as follows I get this error:

cscript.exe createUserAccount.vbs WIN2K goglobal clients jdoe test123test***!

Error MSG:
Unable to get OU
Error 1A8 has occurred
Object required
Terminating script

Thanks for your help,


Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now