• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Automating new user setups

It's about to be my turn to create new users for my organization.   We recently migrated to exchange 2003, and as such, our "user manager NT" program, no longer creates users properly.  I will have to manually create all new users in AD, add security groups, create server profile directories, configure email etc etc...  most of the new users will have the same permissions, so it's going to be a drag.

Anyone have any advice on a good new user creation tool ?  Would be nice if it also created profiles, but not necessary.  We have primarily XP machines, but some Win2K & some WinNT boxes.

What are you guys using to create lists of new users out there ? Thanks for any help offered.
2 Solutions
You could use the Net Use command in a batch file to add multiple users with passwords.
You could just not be lazy and do it?? lol, only joking. I dont know anything about exchange 2003. Sorry.
If you use AD (i.e. Windows 2003 Server along with MS Exchange Server 2003) you can do this in an easy manner; by adding new user, copying a user and forth. Any user has an Exchange management tabs that allows you to add only the username thus getting an automated mail box using the default settings.
In the Exchange Server, you can change the default settings of a new user addition via using say its first name and the seond letter of his last name @ domain.com (George Harry's e-mail would automaticlly be: GeorgeA@domain.com).

Here are some links:
Exchnage in AD:

A very important procedure to begin doing all of this is the initiation of the Exchange Mail Wizar:

Another resource is the MailBox Managemet:

And policies:

Hope that helped:

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

You have other facilities that came up with w2003, that are using of scripts VB.
You can virtually create any object and set any property of an object in AD.

For example, if you have a csv file that lists your users and properties of their account, you should launch something like that :

On Error Resume Next
dcroot = "dc=mycompany,dc=int"
Password = "password"    
usrfile=  "d:\liste.csv"

Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(usrfile) Then
    Set objFile = objFSO.OpenTextFile(usrfile, 1)
    Wscript.Echo "File" & usrfile & " does not exist."
End If

WScript.Echo "Reading user names from " & usrfile & VbCrLf
WScript.Echo "Line number:" & VbTab & "Action:"
WScript.Echo "=================================================="

Do Until objFile.AtEndOfStream
    succ = FALSE
    i = 1
    CurLine = objFile.Line
    FullLine = objFile.ReadLine
    If not FullLine = "" Then
        st = split(FullLine, ";")
      FirstName = st(1)
        LastName  = st(0)
        LogonName = st(2)
      FullName = st(0) & " " & st(1)
      Set objContainer = GetObject("LDAP://cn=Users," & dcroot)
        If Err <> 0 Then
            WScript.Echo "Can not bind to " & dcroot & ". Check syntax."
        End If
        Do Until succ or i>3
            Set objNew = objContainer.Create("User", "cn=" & FullName)
            objNew.Put "sAMAccountName", LogonName
            If Err <> 0 Then
                i = i+1
                LogonName = LCase(Lastname) & LCase(Mid(FirstName,1,i))
                succ = TRUE
                objNew.Put "givenName", FirstName
                objNew.Put "sn", LastName
                objNew.Put "displayName", FirstName & " " & LastName
            objNew.Put "mail", st(3)
            objNew.Put "scriptpath", "login.cmd"
            objNew.Put "UserAccountControl", 512
            objNew.Put "userprincipalname", LogonName & "cofime.int"
            objNew.Put "profilepath", "\\SRV-DC2\profils$\%username%"
            objNew.Put "homeDirectory", "\\srv-dc2\RepUsers$\%username%"
            objNew.put "homeDrive", "H:"
                Set objNew = Nothing
                Set objUser = GetObject("LDAP://cn=" & _
                              FullName & ",cn=Users," & dcroot)
                objUser.ChangePassword "", st(4)
                If Err <> 0 Then
                    pwderr = "Can not set password (restrictions?). Left blank."
                    pwderr = ""
                End If
                objUser.AccountDisabled = FALSE
                objUser.Put "pwdLastSet", 0
                Set objUser = Nothing
                WScript.Echo CurLine & vbTab & vbTab & "User """ & _
                             FullName & """ (" & LogonName & ") created. " & pwderr
            End If
        If not succ Then
            WScript.Echo CurLine & vbTab & vbTab & _
                         "Can not create user """ & FullName & """"
        End If
        WScript.Echo CurLine & vbTab & vbTab & _
                     "Skipping Empty line in " & usrfile
    End If
GitchoAuthor Commented:
Thanks for the suggestions, but I need something that's got :

Custom AD attributes support        
Exchange 2003 support        
Terminal Server & Citrix support        
Global shared configuration        
Create user accounts        
Modify user attributes        
Customizable password settings        
Remove user accounts        
Create home directories        
Create profile directories        
Create (private) shares        
Set home directory permissions        
Set share permissions        
Command line plug-in support        
Assign group memberships        
Assign Exchange mailbox        
Assign Terminal Server settings

I'm looking for feedback from anyone who's used commercial software to do this, and what their impression of that software is.
I'd really recommend that you just use the 2003 Admin tools that come in the admin pack off of the server 2003 CD for AD changes.  It'll give you the quickest turn around time (no replication) and their Windows tools for a Windows feature so you're more likely to not have problems in the future with it.  In AD, you can created Email accounts through Exchange when you create a new user.  

Custom AD attributes support - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Exchange 2003 support - Exchange Administrator (installed from your Exchange 2003 CD)
Terminal Server & Citrix support - Terminal Server requires licenses in 2003 so use RDWC (http://techrepublic.com.com/5100-6268_11-5285909.html).  You can even make this SSL for secure connections.  We use this on our network and love it.  It's free and uses the same licensing as TS did in 2k.        
Global shared configuration - don't know what you're looking for
Create user accounts - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Modify user attributes - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Customizable password settings - AD GPO
Remove user accounts - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Create home directories - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Create profile directories - Active Directory Users and Computers (MMC Snap-In from the AdminPack)/Logon Scripts/Disk Quotas (All free, inherent tools)
Create (private) shares - Add a "$" to the end of the share        
Set home directory permissions - Use a custom script or manually set    
Set share permissions - manually set        
Command line plug-in support - don't know what you're looking for        
Assign group memberships - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Assign Exchange mailbox - Active Directory Users and Computers (MMC Snap-In from the AdminPack)
Assign Terminal Server settings - Active Directory Users and Computers/Terminal Services Manager (MMC Snap-In(s) from the AdminPack)

I've also used management software like Directory Resource Administrator by NetIQ but I'd prefer to use the inherent tools over this product.  There is replication overhead and you just don't get all the features you'd get if you got familiar with the Admin Pack.


under "Create (private) shares", what I said will create HIDDEN shares, not private.  to make private shares, just set the permission on the share to "Everyone - Read" and then manage the Security permissions by global security groups for more restrictive or permissive access.  <-- that will allow you to make them as 'private' as you like
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now