Solved

Account Creation Validation Not Working

Posted on 2011-02-23
7
342 Views
Last Modified: 2012-05-11
My script prompts the user for various account data including FN, LN, Password, with preset variables for the Description, and the ADUC template to be used.

I have a validation function that should kick out in the event that someone attempts to put in an account name that already exists. Instead it begins to create the account and errors out at:

Set objNewUser = objDestOU.Create("User", "CN=" & strNewUserID) with the following error:

Active Directory: An invalid directory pathname was passed.

I would rather have it pick this up during validation, and echo the msg I already have setup. I'm just not sure why it isn't catching it.  
' Create connection to AD
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection


' Specify user to copy and new user parameters and generate user ID
strSimilarUser = "user_template"
strDomain = "dc=domain,dc=com"
strNewDescription = "Wireless User"

strNewFirstName = InputBox("Enter the first name of the new user", "Create Wireless User")
strNewLastName = InputBox("Enter the last name of the new user", "Create Wireless User")
strPassword = InputBox("Enter the last 2 octets of the MAC address.", "Create Wireless User")
strPossibleUserName = InputBox("Enter the Serial Number", "Create Wireless User")
strNewPassword = "HH" & strPassword

WScript.Echo "*** Processing " & strNewDisplayName & " ***"
Validate()

WScript.Echo ""
WScript.Echo "    * Querying user attributes For " & strSimilarUser & "..."


' Define filter to query the similar user parameters
strCategory = "(objectCategory=Person)"
strClass = "(ObjectClass=User)"
strTarget = "(cn=" & strSimilarUser & ")"
strFilter = strCategory & strClass & strTarget


' Query AD with filter defined above
objCommand.CommandText = "<LDAP://" & strDomain & ">;(&" & strFilter & ")" & ";DistinguishedName;subtree"
Set objRecordSet = objCommand.Execute


' Handle the query results, assign the new user the similar user's parameters
Do Until objRecordSet.EOF
  
  WScript.Echo "    * Assigning attributes to " & strNewDisplayName & VbCrLf
  strLocation = objRecordSet.Fields("DistinguishedName")
  Set ObjUser = GetObject("LDAP:" & strLocation )'
  
  objMemberOf = objUser.GetEx("MemberOf")
  
  strNewLocation = Replace(strLocation, "CN=" & strSimilarUser & ",","")
  strNewDescription = objUser.Description
  strNewScript = ObjUser.ScriptPath
    
  objRecordSet.MoveNext
  
Loop


' Echo out the parameters for the new user
WScript.Echo "    * Attributes for " & strNewDisplayName & ":"
WScript.Echo "      ------------------------------------------"
WScript.Echo "      First Name:  " & strNewFirstName
WScript.Echo "      Last Name:  " & strNewLastName
WScript.Echo "      Display Name:  " & strNewDisplayName
WScript.Echo "      User ID:  " & strNewUserID
WScript.Echo "      Password:  " & strNewPassword
WScript.Echo "      OU:  " & strNewLocation
WScript.Echo "      Description:  " & strNewDescription
WScript.Echo ""


' Create the new user
WScript.Echo "    * Creating new accounts for " & strNewDisplayName
Set objDestOU = GetObject("LDAP://" & strNewLocation)

Set objNewUser = objDestOU.Create("User", "CN=" & strNewUserID)
    objNewUser.Put "sAMAccountName", strNewUserID
    objNewUser.Put "GivenName", strNewFirstName
    objNewUser.Put "SN", strNewLastName
    objNewUser.Put "DisplayName", strNewDisplayName
    objNewUser.Put "Description", strNewDescription
    objNewUser.Put "UserPrincipalName", strNewUserID & "@medctr.ad.wfubmc.edu"
    
    objNewUser.SetInfo
    
    objNewUser.SetPassword strNewPassword
    objNewUser.pwdLastSet = 0
    objNewUser.AccountDisabled = False
    
    objNewUser.Put "employeetype", "GENERIC"
       
    objNewUser.setinfo
    
    For Each objGroup In objMemberOf
      Set Group = GetObject("LDAP://" & objGroup)
      Group.add "LDAP://" & "CN=" & strNewUserID & "," & strNewLocation
    Next
    WScript.Echo "    - New user account for " & strNewDisplayName & " has been created"


'----------------------------------------------------------------
' Function to validate user name
'----------------------------------------------------------------
Function Validate()

strCategory = "(objectCategory=person)"
strClass = "(ObjectClass=user)"
strTarget = "(cn=" & strPossibleUserName & ")"
strfilter = strCategory & strClass & strTarget

objCommand.CommandText = "<GC://dc=domain,dc=com>;(&" & strFilter & ")" & ";DistinguishedName;subtree"
Set objRecordset = objCommand.Execute

intNumberofRecords = objRecordset.RecordCount

If intNumberofRecords > 0 Then
  While Not objRecordSet.EOF
    strLocation = objRecordset.Fields("DistinguishedName")
    Set objUser = GetObject("LDAP://" & strLocation )
    strExistingUser = objUser.DisplayName
    WScript.Echo "    > User ID is assigned to " & strExistingUser
    strAssignID = 0
    objRecordSet.MoveNext
  Wend
Else
  WScript.Echo "    > User ID doesn't exist and will be assigned to " & strNewDisplayName
  strAssignID = 1
  strNewUserID = strPossibleUserName
  strNewDisplayName = strNewUserID
End If

End Function

' Close AD connection
objConnection.Close

Open in new window

0
Comment
Question by:JB4375
  • 4
  • 3
7 Comments
 
LVL 12

Expert Comment

by:prashanthd
Comment Utility
Where are you assigning a value to "strNewUserID" ?
0
 
LVL 1

Author Comment

by:JB4375
Comment Utility
Line 126
0
 
LVL 12

Expert Comment

by:prashanthd
Comment Utility
strNewUserID is not a Global variable, so value is not retained outside function
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
Comment Utility
Declare strNewUserID and other variables as Global variables
0
 
LVL 1

Author Comment

by:JB4375
Comment Utility
My bad.... I'm running Option Explicit, with On Error Resume Next commented out, and I've declared everything. I was just attempting to save space.

I know the value is holding because it's listing it on the echo before it attempts to create the account.

Solution: I added a more descriptive error msg stating that it was already in use, and then adding a WScript.Quit within the IF to prevent it from moving forward at all. Because it's getting user input it's never going to have another record to read anyway.

Final result of the Validation below.

Thanks for your help!!
Function Validate()

strCategory = "(objectCategory=person)"
strClass = "(ObjectClass=user)"
strTarget = "(cn=" & strPossibleUserName & ")"
strFilter = strCategory & strClass & strTarget

objCommand.CommandText = "<GC://dc=Domain,dc=ad,dc=xxx,dc=com>;(&" & strFilter & ")" & ";DistinguishedName;subtree"
Set objRecordset = objCommand.Execute

intNumberofRecords = objRecordset.RecordCount

If intNumberofRecords > 0 Then
  While Not objRecordSet.EOF
    strLocation = objRecordset.Fields("DistinguishedName")
    Set objUser = GetObject("LDAP://" & strLocation )
    strExistingUser = objUser.DisplayName
    WScript.Echo "    > User ID is is already in use. Assigned to " & strExistingUser
    strAssignID = 0
    WScript.Quit
'     objRecordSet.MoveNext
  Wend
Else
  WScript.Echo "    > User ID doesn't exist and will be assigned to " & strNewDisplayName
  strAssignID = 1
  strNewUserID = strPossibleUserName
  strNewDisplayName = strNewUserID
End If

End Function

<Edited by SouthMod to remove live domain information>

Open in new window

0
 
LVL 1

Author Closing Comment

by:JB4375
Comment Utility
Points assigned because I felt PRASHANTHD was accurated based on the information I had provided.

Further, talking through the process helped me to arrive at a solution.
0
 
LVL 12

Expert Comment

by:prashanthd
Comment Utility
Thanks!! JB
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now