Solved

AD User Template

Posted on 2004-10-15
4
295 Views
Last Modified: 2011-09-20
Recently I spent some time going through AD adding phone numbers, addresses, departments, locations and all for every user.  I'm hoping that I'm missing something, but is there an easy way to create a template for certain OUs so when we create new users in any OU so all this information is automatically populated?  I tried doing a copy of an existing user and only one or two fields came over when I did that.  Is there another way to to this, or how to other admins keep all this information filled out when adding several users?
0
Comment
Question by:Eagle6990
  • 2
  • 2
4 Comments
 
LVL 21

Expert Comment

by:marc_nivens
ID: 12323628
You can use the admodify utility to modify all of those properties (plus many more) in bulk.  The interface is even designed after the users and computers GUI.  You can download it here:

http://gotdotnet.com/Workspaces/Workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2

You'll need the .NET framework installed to run it.
0
 
LVL 17

Author Comment

by:Eagle6990
ID: 12323925
That is actually what I used to do the first modification of all my users.  My problem now is that when I add a new user, they don't have all of the same information set as those I did the bulk modify to.  Now that all old users are in sync with each other I want to be able to create new users that have the same settings without needing to go back through ADModify.
0
 
LVL 21

Accepted Solution

by:
marc_nivens earned 250 total points
ID: 12336084
The only way to do this in Windows 2000 is to modify the schema.  The searchFlags property of the attribute is what tells ADU&C whether or not to copy the attribute when copying a current user account.  This value is bitwise, and the flag that turns the copy feature on is decimal 16.  

So, if you want to do this you will first need to follow this article to allow you to make the proper schema change:

216060 Registry Modification Required to Allow Write Operations to Schema
http://support.microsoft.com/?id=216060

Note that this does NOT work for Windows 2003.  Now, open ADSIEdit, go to the schema, and find the attribute you want copied.  Find the searchFlags attribute value.  Open calculator, type in the current searchFlags value, hit OR, and type in 16 and hit enter.  If you place the resulting value back into searchFlags and apply it, it will now be included in the list of attributes that are copied when you copy a user account.

If you're not comfortable modifying the schema, you can always use the cmd version of admodify and batch it out to run when you need it to.
0
 
LVL 17

Author Comment

by:Eagle6990
ID: 12405664
Sorry, I've been on vacation.  

I think batching ADmodify is exactly what I'm looking for.  I didn't realize I could batch it.  Do you trust the download source you listed? It feels like I could get a bunk version pretty easily from there, but the version that I got from Microsoft's site hasn't been updated since 7/21/2004 and the telephone option doesn't work properly for ADModify.net
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2000 Kerberos problem 5 346
Robocopy - migrate user shares access denied 6 1,533
Retrieve process time in memory in VB 6 130
AD account Auto logoff 1 35
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question