Solved

Automating new user setups

Posted on 2004-10-06
7
269 Views
Last Modified: 2006-11-17
It's about to be my turn to create new users for my organization.   We recently migrated to exchange 2003, and as such, our "user manager NT" program, no longer creates users properly.  I will have to manually create all new users in AD, add security groups, create server profile directories, configure email etc etc...  most of the new users will have the same permissions, so it's going to be a drag.

Anyone have any advice on a good new user creation tool ?  Would be nice if it also created profiles, but not necessary.  We have primarily XP machines, but some Win2K & some WinNT boxes.

What are you guys using to create lists of new users out there ? Thanks for any help offered.
0
Comment
Question by:Gitcho
7 Comments
 

Expert Comment

by:Dave_Slater
ID: 12235761
You could use the Net Use command in a batch file to add multiple users with passwords.
0
 
LVL 1

Expert Comment

by:kinobestew123
ID: 12236044
You could just not be lazy and do it?? lol, only joking. I dont know anything about exchange 2003. Sorry.
0
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12236795
If you use AD (i.e. Windows 2003 Server along with MS Exchange Server 2003) you can do this in an easy manner; by adding new user, copying a user and forth. Any user has an Exchange management tabs that allows you to add only the username thus getting an automated mail box using the default settings.
In the Exchange Server, you can change the default settings of a new user addition via using say its first name and the seond letter of his last name @ domain.com (George Harry's e-mail would automaticlly be: GeorgeA@domain.com).

Here are some links:
Exchnage in AD:
http://www.microsoft.com/technet/prodtechnol/exchange/2003/admt.mspx

A very important procedure to begin doing all of this is the initiation of the Exchange Mail Wizar:
http://www.msexchange.org/tutorials/Using_Exchange_2003_Mail_Wizard.html

Another resource is the MailBox Managemet:
http://www.msexchange.org/tutorials/Mailbox-Management.html

And policies:
http://www.msexchange.org/tutorials/Implementing_System_Policies.html

Hope that helped:

Cyber
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 13

Assisted Solution

by:seb_acker
seb_acker earned 250 total points
ID: 12238405
You have other facilities that came up with w2003, that are using of scripts VB.
You can virtually create any object and set any property of an object in AD.

For example, if you have a csv file that lists your users and properties of their account, you should launch something like that :


On Error Resume Next
dcroot = "dc=mycompany,dc=int"
Password = "password"    
usrfile=  "d:\liste.csv"

Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(usrfile) Then
    Set objFile = objFSO.OpenTextFile(usrfile, 1)
Else
    Wscript.Echo "File" & usrfile & " does not exist."
    WScript.Quit
End If

WScript.Echo "Reading user names from " & usrfile & VbCrLf
WScript.Echo "Line number:" & VbTab & "Action:"
WScript.Echo "=================================================="

Do Until objFile.AtEndOfStream
    succ = FALSE
    i = 1
    CurLine = objFile.Line
    FullLine = objFile.ReadLine
    If not FullLine = "" Then
        st = split(FullLine, ";")
       
      FirstName = st(1)
        LastName  = st(0)
        LogonName = st(2)
      FullName = st(0) & " " & st(1)
      
      Set objContainer = GetObject("LDAP://cn=Users," & dcroot)
        If Err <> 0 Then
            WScript.Echo "Can not bind to " & dcroot & ". Check syntax."
            WScript.Quit
        End If
        Err.Clear
        Do Until succ or i>3
            Set objNew = objContainer.Create("User", "cn=" & FullName)
            objNew.Put "sAMAccountName", LogonName
            objNew.SetInfo
            If Err <> 0 Then
                i = i+1
                LogonName = LCase(Lastname) & LCase(Mid(FirstName,1,i))
                Err.Clear
            Else
                succ = TRUE
                objNew.Put "givenName", FirstName
                objNew.Put "sn", LastName
                objNew.Put "displayName", FirstName & " " & LastName
            objNew.Put "mail", st(3)
            objNew.Put "scriptpath", "login.cmd"
            objNew.Put "UserAccountControl", 512
            objNew.Put "userprincipalname", LogonName & "cofime.int"
            objNew.Put "profilepath", "\\SRV-DC2\profils$\%username%"
            objNew.Put "homeDirectory", "\\srv-dc2\RepUsers$\%username%"
            objNew.put "homeDrive", "H:"
                objNew.SetInfo
                Set objNew = Nothing
                Set objUser = GetObject("LDAP://cn=" & _
                              FullName & ",cn=Users," & dcroot)
                objUser.ChangePassword "", st(4)
                objUser.SetInfo
                If Err <> 0 Then
                    pwderr = "Can not set password (restrictions?). Left blank."
                    Err.Clear
                Else
                    pwderr = ""
                End If
                objUser.AccountDisabled = FALSE
                objUser.Put "pwdLastSet", 0
                objUser.SetInfo
                Set objUser = Nothing
                WScript.Echo CurLine & vbTab & vbTab & "User """ & _
                             FullName & """ (" & LogonName & ") created. " & pwderr
            End If
        Loop
        If not succ Then
            WScript.Echo CurLine & vbTab & vbTab & _
                         "Can not create user """ & FullName & """"
        End If
    Else
        WScript.Echo CurLine & vbTab & vbTab & _
                     "Skipping Empty line in " & usrfile
    End If
Loop
objFile.Close
0
 
LVL 5

Author Comment

by:Gitcho
ID: 12238759
Thanks for the suggestions, but I need something that's got :

Custom AD attributes support        
Exchange 2003 support        
Terminal Server & Citrix support        
Global shared configuration        
Create user accounts        
Modify user attributes        
Customizable password settings        
Remove user accounts        
Create home directories        
Create profile directories        
Create (private) shares        
Set home directory permissions        
Set share permissions        
Command line plug-in support        
Assign group memberships        
Assign Exchange mailbox        
Assign Terminal Server settings

I'm looking for feedback from anyone who's used commercial software to do this, and what their impression of that software is.
0
 
LVL 4

Accepted Solution

by:
internetsavant earned 250 total points
ID: 12239131
I'd really recommend that you just use the 2003 Admin tools that come in the admin pack off of the server 2003 CD for AD changes.  It'll give you the quickest turn around time (no replication) and their Windows tools for a Windows feature so you're more likely to not have problems in the future with it.  In AD, you can created Email accounts through Exchange when you create a new user.  

Custom AD attributes support - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Exchange 2003 support - Exchange Administrator (installed from your Exchange 2003 CD)
Terminal Server & Citrix support - Terminal Server requires licenses in 2003 so use RDWC (http://techrepublic.com.com/5100-6268_11-5285909.html).  You can even make this SSL for secure connections.  We use this on our network and love it.  It's free and uses the same licensing as TS did in 2k.        
Global shared configuration - don't know what you're looking for
Create user accounts - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Modify user attributes - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Customizable password settings - AD GPO
Remove user accounts - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Create home directories - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Create profile directories - Active Directory Users and Computers (MMC Snap-In from the AdminPack)/Logon Scripts/Disk Quotas (All free, inherent tools)
Create (private) shares - Add a "$" to the end of the share        
Set home directory permissions - Use a custom script or manually set    
Set share permissions - manually set        
Command line plug-in support - don't know what you're looking for        
Assign group memberships - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Assign Exchange mailbox - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Assign Terminal Server settings - Active Directory Users and Computers/Terminal Services Manager (MMC Snap-In(s) from the AdminPack)



I've also used management software like Directory Resource Administrator by NetIQ but I'd prefer to use the inherent tools over this product.  There is replication overhead and you just don't get all the features you'd get if you got familiar with the Admin Pack.

0
 
LVL 4

Expert Comment

by:internetsavant
ID: 12239191
Oops:

under "Create (private) shares", what I said will create HIDDEN shares, not private.  to make private shares, just set the permission on the share to "Everyone - Read" and then manage the Security permissions by global security groups for more restrictive or permissive access.  <-- that will allow you to make them as 'private' as you like
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now