Solved

Setting the CN in AD to a strCN value instead of a specific CN

Posted on 2009-05-04
4
552 Views
Last Modified: 2012-05-06
I created an .hta app with vbscript to be used as a help desk application to create accounts in an active directory.  I've posted a large chunk of the script below, enough to hopefully help make sense out of this.  The script works correctly, but I get a nasty error that I really don't like.  I could live with this, but this application is used by some staff who would call every time they see an error box.  The error came after I realized that I needed to set the option that wouldn't require the password to be changed on first login.  So I added the lines:

Set objUser = GetObject("LDAP://CN=(strCN),OU=Public Internet Users,DC=mydomain,DC=localhost")

objUser.Put "pwdLastSet", CLng(-1)

The script error I receive is that the object isn't found on the server.  The script runs correctly and the user is created without the need to change their password.  If I set the CN to the exact name that is being created, it works without an error.  I'm sure it's right in my face and I'm making a newbie mistake, but I don't know what to set my LDAP://CN= value to in order to use the strCN input from the text boxes.  Please help!  Thanks      
<script type="text/vbscript">
Sub CreateAccount
strFinitial = TextBox0.Value
If strFinitial = "" Then
MsgBox "You're missing required fields.",64, "Alert"
Exit Sub
End If
strFirst = TextBox1.Value
If strFirst = "" Then
MsgBox "You're missing required fields",64, "Alert"
Exit Sub
End If
strLast = TextBox2.Value
If strLast = "" Then
MsgBox "You're missing required fields",64, "Alert"
Exit Sub
End If
strPassword = TextBox3.Value
If strPassword = "" Then
MsgBox "You're missing required fields",64, "Alert"
Exit Sub
End If
strExpire = TextBox4.Value
If strPassword = "" Then
MsgBox "You're missing required fields",64, "Alert"
Exit Sub
End If
strDisplay = strFirst & " " & strLast
strCN = strDisplay
strUser = LCASE (strFinitial & "" & strLast)
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_PROPERTY_UPDATE = 2
Set objOU = GetObject("LDAP://OU=Public Internet Users,dc=mydomain,dc=localhost")
Set objUser = objOU.Create("User", "cn=" & strDisplay)
objUser.Put "sAMAccountName", LCase(strUser)
objUser.Put "userPrincipalName", strUser & "@mydomain.localhost"
objUser.Put "givenName", strFirst
objUser.Put "sn", strLast
objUser.Put "displayName", strDisplay
objUser.SetInfo
objUser.SetPassword(strPassword)
objUser.accountdisabled = False
objUser.AccountExpirationDate = (strExpire)
objUser.SetInfo
Set objUser = GetObject("LDAP://CN=(strCN),OU=Public Internet Users,DC=mydomain,DC=localhost")
objUser.Put "pwdLastSet", CLng(-1)
objUser.SetInfo
If strInitial <> "" Then
objUser.Put "initials", strInitial
End If
objUser.Put "sn", strLast
objUser.Put "displayName", strDisplay
objUser.SetPassword "Passw0rd"
objUser.Put "pwdLastSet", 0
intUAC = objUser.Get("userAccountControl")
If intUAC And ADS_UF_ACCOUNTDISABLE Then
objUser.Put"userAccountControl", intUAC Xor ADS_UF_ACCOUNTDISABLE
End If
objUser.SetInfo
End Sub

Open in new window

0
Comment
Question by:tcmh_65483
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 24298578
Assuming strCN holds the value you want, you'll want to change:

Set objUser = GetObject("LDAP://CN=(strCN),OU=Public Internet Users,DC=mydomain,DC=localhost")

to

Set objUser = GetObject("LDAP://CN=" & strCN &",OU=Public Internet Users,DC=mydomain,DC=localhost")
0
 
LVL 2

Author Comment

by:tcmh_65483
ID: 24298786
That got rid of the error, but the change password at first logon is enabled again.  A also swapped out strCN with strDisplay and strFirst & strLast in an attempt for some dumb luck, but no go.
0
 
LVL 13

Accepted Solution

by:
usachrisk1983 earned 125 total points
ID: 24298919
You're first setting it to -1 (don't prompt user) on line #46, and then setting it to 0 on line #54.

Try adding this code after your CONST statements.  I removed your multiple SetInfo statements and replaced with just one.  You were also setting the sn and displayname twice which isn't necessary.  You'll setup all your parameters and then set them all at once.

Also, you have two setPassword statements, you should decide which one you want to use.



Set objOU = GetObject("LDAP://OU=Public Internet Users,dc=mydomain,dc=localhost")
Set objUser = objOU.Create("User", "cn=" & strDisplay)
 
objUser.Put "sAMAccountName", LCase(strUser)
objUser.Put "userPrincipalName", strUser & "@mydomain.localhost"
objUser.Put "givenName", strFirst
objUser.Put "sn", strLast
objUser.Put "displayName", strDisplay
objUser.Put "pwdLastSet", CLng(-1)
 
objUser.Put "sn", strLast
objUser.Put "displayName", strDisplay
 
If strInitial <> "" Then
	objUser.Put "initials", strInitial
End If
 
If intUAC And ADS_UF_ACCOUNTDISABLE Then
	objUser.Put"userAccountControl", intUAC Xor ADS_UF_ACCOUNTDISABLE
End If
 
objUser.SetInfo
 
objUser.SetPassword "Passw0rd"
objUser.SetPassword(strPassword)
 
objUser.accountdisabled = False
objUser.AccountExpirationDate = (strExpire)

Open in new window

0
 
LVL 2

Author Comment

by:tcmh_65483
ID: 24299347
Heh, I was waiting for my messy and jumbled script to come into this.  That took care of it, I neglected to notice the password setting at 0 in a later line.  Also, thanks for pointing out my other duplicates.  Thanks!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I met Paul Devereux (@pdevereux) today when I responded to his tweet asking “Anybody know how to automate adding files from disk to a folder in #outlook  ?”.  I replied back and told Paul that using automation, in this case scripting, to add files t…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question