Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Automating new user setups

Posted on 2004-10-06
Medium Priority
Last Modified: 2006-11-17
It's about to be my turn to create new users for my organization.   We recently migrated to exchange 2003, and as such, our "user manager NT" program, no longer creates users properly.  I will have to manually create all new users in AD, add security groups, create server profile directories, configure email etc etc...  most of the new users will have the same permissions, so it's going to be a drag.

Anyone have any advice on a good new user creation tool ?  Would be nice if it also created profiles, but not necessary.  We have primarily XP machines, but some Win2K & some WinNT boxes.

What are you guys using to create lists of new users out there ? Thanks for any help offered.
Question by:Gitcho

Expert Comment

ID: 12235761
You could use the Net Use command in a batch file to add multiple users with passwords.

Expert Comment

ID: 12236044
You could just not be lazy and do it?? lol, only joking. I dont know anything about exchange 2003. Sorry.
LVL 15

Expert Comment

ID: 12236795
If you use AD (i.e. Windows 2003 Server along with MS Exchange Server 2003) you can do this in an easy manner; by adding new user, copying a user and forth. Any user has an Exchange management tabs that allows you to add only the username thus getting an automated mail box using the default settings.
In the Exchange Server, you can change the default settings of a new user addition via using say its first name and the seond letter of his last name @ domain.com (George Harry's e-mail would automaticlly be: GeorgeA@domain.com).

Here are some links:
Exchnage in AD:

A very important procedure to begin doing all of this is the initiation of the Exchange Mail Wizar:

Another resource is the MailBox Managemet:

And policies:

Hope that helped:

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

LVL 13

Assisted Solution

seb_acker earned 1000 total points
ID: 12238405
You have other facilities that came up with w2003, that are using of scripts VB.
You can virtually create any object and set any property of an object in AD.

For example, if you have a csv file that lists your users and properties of their account, you should launch something like that :

On Error Resume Next
dcroot = "dc=mycompany,dc=int"
Password = "password"    
usrfile=  "d:\liste.csv"

Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(usrfile) Then
    Set objFile = objFSO.OpenTextFile(usrfile, 1)
    Wscript.Echo "File" & usrfile & " does not exist."
End If

WScript.Echo "Reading user names from " & usrfile & VbCrLf
WScript.Echo "Line number:" & VbTab & "Action:"
WScript.Echo "=================================================="

Do Until objFile.AtEndOfStream
    succ = FALSE
    i = 1
    CurLine = objFile.Line
    FullLine = objFile.ReadLine
    If not FullLine = "" Then
        st = split(FullLine, ";")
      FirstName = st(1)
        LastName  = st(0)
        LogonName = st(2)
      FullName = st(0) & " " & st(1)
      Set objContainer = GetObject("LDAP://cn=Users," & dcroot)
        If Err <> 0 Then
            WScript.Echo "Can not bind to " & dcroot & ". Check syntax."
        End If
        Do Until succ or i>3
            Set objNew = objContainer.Create("User", "cn=" & FullName)
            objNew.Put "sAMAccountName", LogonName
            If Err <> 0 Then
                i = i+1
                LogonName = LCase(Lastname) & LCase(Mid(FirstName,1,i))
                succ = TRUE
                objNew.Put "givenName", FirstName
                objNew.Put "sn", LastName
                objNew.Put "displayName", FirstName & " " & LastName
            objNew.Put "mail", st(3)
            objNew.Put "scriptpath", "login.cmd"
            objNew.Put "UserAccountControl", 512
            objNew.Put "userprincipalname", LogonName & "cofime.int"
            objNew.Put "profilepath", "\\SRV-DC2\profils$\%username%"
            objNew.Put "homeDirectory", "\\srv-dc2\RepUsers$\%username%"
            objNew.put "homeDrive", "H:"
                Set objNew = Nothing
                Set objUser = GetObject("LDAP://cn=" & _
                              FullName & ",cn=Users," & dcroot)
                objUser.ChangePassword "", st(4)
                If Err <> 0 Then
                    pwderr = "Can not set password (restrictions?). Left blank."
                    pwderr = ""
                End If
                objUser.AccountDisabled = FALSE
                objUser.Put "pwdLastSet", 0
                Set objUser = Nothing
                WScript.Echo CurLine & vbTab & vbTab & "User """ & _
                             FullName & """ (" & LogonName & ") created. " & pwderr
            End If
        If not succ Then
            WScript.Echo CurLine & vbTab & vbTab & _
                         "Can not create user """ & FullName & """"
        End If
        WScript.Echo CurLine & vbTab & vbTab & _
                     "Skipping Empty line in " & usrfile
    End If

Author Comment

ID: 12238759
Thanks for the suggestions, but I need something that's got :

Custom AD attributes support        
Exchange 2003 support        
Terminal Server & Citrix support        
Global shared configuration        
Create user accounts        
Modify user attributes        
Customizable password settings        
Remove user accounts        
Create home directories        
Create profile directories        
Create (private) shares        
Set home directory permissions        
Set share permissions        
Command line plug-in support        
Assign group memberships        
Assign Exchange mailbox        
Assign Terminal Server settings

I'm looking for feedback from anyone who's used commercial software to do this, and what their impression of that software is.

Accepted Solution

internetsavant earned 1000 total points
ID: 12239131
I'd really recommend that you just use the 2003 Admin tools that come in the admin pack off of the server 2003 CD for AD changes.  It'll give you the quickest turn around time (no replication) and their Windows tools for a Windows feature so you're more likely to not have problems in the future with it.  In AD, you can created Email accounts through Exchange when you create a new user.  

Custom AD attributes support - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Exchange 2003 support - Exchange Administrator (installed from your Exchange 2003 CD)
Terminal Server & Citrix support - Terminal Server requires licenses in 2003 so use RDWC (http://techrepublic.com.com/5100-6268_11-5285909.html).  You can even make this SSL for secure connections.  We use this on our network and love it.  It's free and uses the same licensing as TS did in 2k.        
Global shared configuration - don't know what you're looking for
Create user accounts - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Modify user attributes - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Customizable password settings - AD GPO
Remove user accounts - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Create home directories - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Create profile directories - Active Directory Users and Computers (MMC Snap-In from the AdminPack)/Logon Scripts/Disk Quotas (All free, inherent tools)
Create (private) shares - Add a "$" to the end of the share        
Set home directory permissions - Use a custom script or manually set    
Set share permissions - manually set        
Command line plug-in support - don't know what you're looking for        
Assign group memberships - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Assign Exchange mailbox - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Assign Terminal Server settings - Active Directory Users and Computers/Terminal Services Manager (MMC Snap-In(s) from the AdminPack)

I've also used management software like Directory Resource Administrator by NetIQ but I'd prefer to use the inherent tools over this product.  There is replication overhead and you just don't get all the features you'd get if you got familiar with the Admin Pack.


Expert Comment

ID: 12239191

under "Create (private) shares", what I said will create HIDDEN shares, not private.  to make private shares, just set the permission on the share to "Everyone - Read" and then manage the Security permissions by global security groups for more restrictive or permissive access.  <-- that will allow you to make them as 'private' as you like

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question