• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 352
  • Last Modified:

Account Creation Validation Not Working

My script prompts the user for various account data including FN, LN, Password, with preset variables for the Description, and the ADUC template to be used.

I have a validation function that should kick out in the event that someone attempts to put in an account name that already exists. Instead it begins to create the account and errors out at:

Set objNewUser = objDestOU.Create("User", "CN=" & strNewUserID) with the following error:

Active Directory: An invalid directory pathname was passed.

I would rather have it pick this up during validation, and echo the msg I already have setup. I'm just not sure why it isn't catching it.  
' Create connection to AD
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection


' Specify user to copy and new user parameters and generate user ID
strSimilarUser = "user_template"
strDomain = "dc=domain,dc=com"
strNewDescription = "Wireless User"

strNewFirstName = InputBox("Enter the first name of the new user", "Create Wireless User")
strNewLastName = InputBox("Enter the last name of the new user", "Create Wireless User")
strPassword = InputBox("Enter the last 2 octets of the MAC address.", "Create Wireless User")
strPossibleUserName = InputBox("Enter the Serial Number", "Create Wireless User")
strNewPassword = "HH" & strPassword

WScript.Echo "*** Processing " & strNewDisplayName & " ***"
Validate()

WScript.Echo ""
WScript.Echo "    * Querying user attributes For " & strSimilarUser & "..."


' Define filter to query the similar user parameters
strCategory = "(objectCategory=Person)"
strClass = "(ObjectClass=User)"
strTarget = "(cn=" & strSimilarUser & ")"
strFilter = strCategory & strClass & strTarget


' Query AD with filter defined above
objCommand.CommandText = "<LDAP://" & strDomain & ">;(&" & strFilter & ")" & ";DistinguishedName;subtree"
Set objRecordSet = objCommand.Execute


' Handle the query results, assign the new user the similar user's parameters
Do Until objRecordSet.EOF
  
  WScript.Echo "    * Assigning attributes to " & strNewDisplayName & VbCrLf
  strLocation = objRecordSet.Fields("DistinguishedName")
  Set ObjUser = GetObject("LDAP:" & strLocation )'
  
  objMemberOf = objUser.GetEx("MemberOf")
  
  strNewLocation = Replace(strLocation, "CN=" & strSimilarUser & ",","")
  strNewDescription = objUser.Description
  strNewScript = ObjUser.ScriptPath
    
  objRecordSet.MoveNext
  
Loop


' Echo out the parameters for the new user
WScript.Echo "    * Attributes for " & strNewDisplayName & ":"
WScript.Echo "      ------------------------------------------"
WScript.Echo "      First Name:  " & strNewFirstName
WScript.Echo "      Last Name:  " & strNewLastName
WScript.Echo "      Display Name:  " & strNewDisplayName
WScript.Echo "      User ID:  " & strNewUserID
WScript.Echo "      Password:  " & strNewPassword
WScript.Echo "      OU:  " & strNewLocation
WScript.Echo "      Description:  " & strNewDescription
WScript.Echo ""


' Create the new user
WScript.Echo "    * Creating new accounts for " & strNewDisplayName
Set objDestOU = GetObject("LDAP://" & strNewLocation)

Set objNewUser = objDestOU.Create("User", "CN=" & strNewUserID)
    objNewUser.Put "sAMAccountName", strNewUserID
    objNewUser.Put "GivenName", strNewFirstName
    objNewUser.Put "SN", strNewLastName
    objNewUser.Put "DisplayName", strNewDisplayName
    objNewUser.Put "Description", strNewDescription
    objNewUser.Put "UserPrincipalName", strNewUserID & "@medctr.ad.wfubmc.edu"
    
    objNewUser.SetInfo
    
    objNewUser.SetPassword strNewPassword
    objNewUser.pwdLastSet = 0
    objNewUser.AccountDisabled = False
    
    objNewUser.Put "employeetype", "GENERIC"
       
    objNewUser.setinfo
    
    For Each objGroup In objMemberOf
      Set Group = GetObject("LDAP://" & objGroup)
      Group.add "LDAP://" & "CN=" & strNewUserID & "," & strNewLocation
    Next
    WScript.Echo "    - New user account for " & strNewDisplayName & " has been created"


'----------------------------------------------------------------
' Function to validate user name
'----------------------------------------------------------------
Function Validate()

strCategory = "(objectCategory=person)"
strClass = "(ObjectClass=user)"
strTarget = "(cn=" & strPossibleUserName & ")"
strfilter = strCategory & strClass & strTarget

objCommand.CommandText = "<GC://dc=domain,dc=com>;(&" & strFilter & ")" & ";DistinguishedName;subtree"
Set objRecordset = objCommand.Execute

intNumberofRecords = objRecordset.RecordCount

If intNumberofRecords > 0 Then
  While Not objRecordSet.EOF
    strLocation = objRecordset.Fields("DistinguishedName")
    Set objUser = GetObject("LDAP://" & strLocation )
    strExistingUser = objUser.DisplayName
    WScript.Echo "    > User ID is assigned to " & strExistingUser
    strAssignID = 0
    objRecordSet.MoveNext
  Wend
Else
  WScript.Echo "    > User ID doesn't exist and will be assigned to " & strNewDisplayName
  strAssignID = 1
  strNewUserID = strPossibleUserName
  strNewDisplayName = strNewUserID
End If

End Function

' Close AD connection
objConnection.Close

Open in new window

0
JB4375
Asked:
JB4375
  • 4
  • 3
1 Solution
 
prashanthdCommented:
Where are you assigning a value to "strNewUserID" ?
0
 
JB4375Author Commented:
Line 126
0
 
prashanthdCommented:
strNewUserID is not a Global variable, so value is not retained outside function
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
prashanthdCommented:
Declare strNewUserID and other variables as Global variables
0
 
JB4375Author Commented:
My bad.... I'm running Option Explicit, with On Error Resume Next commented out, and I've declared everything. I was just attempting to save space.

I know the value is holding because it's listing it on the echo before it attempts to create the account.

Solution: I added a more descriptive error msg stating that it was already in use, and then adding a WScript.Quit within the IF to prevent it from moving forward at all. Because it's getting user input it's never going to have another record to read anyway.

Final result of the Validation below.

Thanks for your help!!
Function Validate()

strCategory = "(objectCategory=person)"
strClass = "(ObjectClass=user)"
strTarget = "(cn=" & strPossibleUserName & ")"
strFilter = strCategory & strClass & strTarget

objCommand.CommandText = "<GC://dc=Domain,dc=ad,dc=xxx,dc=com>;(&" & strFilter & ")" & ";DistinguishedName;subtree"
Set objRecordset = objCommand.Execute

intNumberofRecords = objRecordset.RecordCount

If intNumberofRecords > 0 Then
  While Not objRecordSet.EOF
    strLocation = objRecordset.Fields("DistinguishedName")
    Set objUser = GetObject("LDAP://" & strLocation )
    strExistingUser = objUser.DisplayName
    WScript.Echo "    > User ID is is already in use. Assigned to " & strExistingUser
    strAssignID = 0
    WScript.Quit
'     objRecordSet.MoveNext
  Wend
Else
  WScript.Echo "    > User ID doesn't exist and will be assigned to " & strNewDisplayName
  strAssignID = 1
  strNewUserID = strPossibleUserName
  strNewDisplayName = strNewUserID
End If

End Function

<Edited by SouthMod to remove live domain information>

Open in new window

0
 
JB4375Author Commented:
Points assigned because I felt PRASHANTHD was accurated based on the information I had provided.

Further, talking through the process helped me to arrive at a solution.
0
 
prashanthdCommented:
Thanks!! JB
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now