Solved

Setting the CN in AD to a strCN value instead of a specific CN

Posted on 2009-05-04
4
521 Views
Last Modified: 2012-05-06
I created an .hta app with vbscript to be used as a help desk application to create accounts in an active directory.  I've posted a large chunk of the script below, enough to hopefully help make sense out of this.  The script works correctly, but I get a nasty error that I really don't like.  I could live with this, but this application is used by some staff who would call every time they see an error box.  The error came after I realized that I needed to set the option that wouldn't require the password to be changed on first login.  So I added the lines:

Set objUser = GetObject("LDAP://CN=(strCN),OU=Public Internet Users,DC=mydomain,DC=localhost")

objUser.Put "pwdLastSet", CLng(-1)

The script error I receive is that the object isn't found on the server.  The script runs correctly and the user is created without the need to change their password.  If I set the CN to the exact name that is being created, it works without an error.  I'm sure it's right in my face and I'm making a newbie mistake, but I don't know what to set my LDAP://CN= value to in order to use the strCN input from the text boxes.  Please help!  Thanks      
<script type="text/vbscript">

Sub CreateAccount

strFinitial = TextBox0.Value

If strFinitial = "" Then

MsgBox "You're missing required fields.",64, "Alert"

Exit Sub

End If

strFirst = TextBox1.Value

If strFirst = "" Then

MsgBox "You're missing required fields",64, "Alert"

Exit Sub

End If

strLast = TextBox2.Value

If strLast = "" Then

MsgBox "You're missing required fields",64, "Alert"

Exit Sub

End If

strPassword = TextBox3.Value

If strPassword = "" Then

MsgBox "You're missing required fields",64, "Alert"

Exit Sub

End If

strExpire = TextBox4.Value

If strPassword = "" Then

MsgBox "You're missing required fields",64, "Alert"

Exit Sub

End If

strDisplay = strFirst & " " & strLast

strCN = strDisplay

strUser = LCASE (strFinitial & "" & strLast)

Const ADS_UF_ACCOUNTDISABLE = 2

Const ADS_PROPERTY_UPDATE = 2

Set objOU = GetObject("LDAP://OU=Public Internet Users,dc=mydomain,dc=localhost")

Set objUser = objOU.Create("User", "cn=" & strDisplay)

objUser.Put "sAMAccountName", LCase(strUser)

objUser.Put "userPrincipalName", strUser & "@mydomain.localhost"

objUser.Put "givenName", strFirst

objUser.Put "sn", strLast

objUser.Put "displayName", strDisplay

objUser.SetInfo

objUser.SetPassword(strPassword)

objUser.accountdisabled = False

objUser.AccountExpirationDate = (strExpire)

objUser.SetInfo

Set objUser = GetObject("LDAP://CN=(strCN),OU=Public Internet Users,DC=mydomain,DC=localhost")

objUser.Put "pwdLastSet", CLng(-1)

objUser.SetInfo

If strInitial <> "" Then

objUser.Put "initials", strInitial

End If

objUser.Put "sn", strLast

objUser.Put "displayName", strDisplay

objUser.SetPassword "Passw0rd"

objUser.Put "pwdLastSet", 0

intUAC = objUser.Get("userAccountControl")

If intUAC And ADS_UF_ACCOUNTDISABLE Then

objUser.Put"userAccountControl", intUAC Xor ADS_UF_ACCOUNTDISABLE

End If

objUser.SetInfo

End Sub

Open in new window

0
Comment
Question by:tcmh_65483
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 24298578
Assuming strCN holds the value you want, you'll want to change:

Set objUser = GetObject("LDAP://CN=(strCN),OU=Public Internet Users,DC=mydomain,DC=localhost")

to

Set objUser = GetObject("LDAP://CN=" & strCN &",OU=Public Internet Users,DC=mydomain,DC=localhost")
0
 
LVL 2

Author Comment

by:tcmh_65483
ID: 24298786
That got rid of the error, but the change password at first logon is enabled again.  A also swapped out strCN with strDisplay and strFirst & strLast in an attempt for some dumb luck, but no go.
0
 
LVL 13

Accepted Solution

by:
usachrisk1983 earned 125 total points
ID: 24298919
You're first setting it to -1 (don't prompt user) on line #46, and then setting it to 0 on line #54.

Try adding this code after your CONST statements.  I removed your multiple SetInfo statements and replaced with just one.  You were also setting the sn and displayname twice which isn't necessary.  You'll setup all your parameters and then set them all at once.

Also, you have two setPassword statements, you should decide which one you want to use.



Set objOU = GetObject("LDAP://OU=Public Internet Users,dc=mydomain,dc=localhost")

Set objUser = objOU.Create("User", "cn=" & strDisplay)
 

objUser.Put "sAMAccountName", LCase(strUser)

objUser.Put "userPrincipalName", strUser & "@mydomain.localhost"

objUser.Put "givenName", strFirst

objUser.Put "sn", strLast

objUser.Put "displayName", strDisplay

objUser.Put "pwdLastSet", CLng(-1)
 

objUser.Put "sn", strLast

objUser.Put "displayName", strDisplay
 

If strInitial <> "" Then

	objUser.Put "initials", strInitial

End If
 

If intUAC And ADS_UF_ACCOUNTDISABLE Then

	objUser.Put"userAccountControl", intUAC Xor ADS_UF_ACCOUNTDISABLE

End If
 

objUser.SetInfo
 

objUser.SetPassword "Passw0rd"

objUser.SetPassword(strPassword)
 

objUser.accountdisabled = False

objUser.AccountExpirationDate = (strExpire)

Open in new window

0
 
LVL 2

Author Comment

by:tcmh_65483
ID: 24299347
Heh, I was waiting for my messy and jumbled script to come into this.  That took care of it, I neglected to notice the password setting at 0 in a later line.  Also, thanks for pointing out my other duplicates.  Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need help with VBScript adding Signature 3 34
Vb  script to restart the services 13 74
Need help to rewrite script 3 68
Batch/VBScript : Disable Windows tasks 7 24
Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now