Microsoft KB Archive/230750

= Basic User Account Creation with ADSI Scripting =

PSS ID Number: 230750

Article Last Modified on 11/21/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Active Directory Service Interfaces 2.5

-



This article was previously published under Q230750



SUMMARY
The Active Directory Services Interface (ADSI) tool provides a single consistent set of interfaces that can be called in scripts using the Microsoft Windows Script Host, or other scripting languages (VBScript and JScript are supported natively).

This article demonstrates how an administrator can use ADSI to script the creation of user accounts within Active Directory.



MORE INFORMATION
The following sample script is used for demonstration purposes.

NOTE: This script requires the appropriate security context to operate. It must be run from a session in which the logged-on user has permission to create an object in the target organizational unit (OU).

Sample Script
Set ou = GetObject("LDAP://OU=Marketing,OU=DSys,DC=adsidev,DC=nttest,DC=microsoft,DC=com") Set usr = ou.Create("user", "CN=John Smith") '--- Mandatory Attributes usr.Put "samAccountName", "jsmith"

' Optional Attributes, you can optionally skip these usr.Put "sn", "Smith" usr.Put "givenName", "John" usr.Put "userPrincipalName", "jsmith@arcadiaybay.com" usr.Put "telephoneNumber", "(425) 123 4567" usr.Put "title", "Marketing Administrator Dept" usr.SetInfo

'--Now that the user is created, reset the user's password and '--enable its account

usr.SetPassword "secret***!" usr.AccountDisabled = False usr.SetInfo

Explanation of the Sample Script

 * 1) First, bind to a specific OU using the GetObject function. Pass this function the Lightweight Directory Access Protocol (LDAP) path to the specific object desired.
 * 2) A user object is created by performing the Create method directly on the OU object. The object type (user), and canonical name (John Smith) are passed as parameters of the create method.
 * 3) The only required property is samAccountName, which is passed in the next line. All other properties are optional. Properties are inserted into the object using the Put method.
 * 4) The SetInfo method is used to apply the current set of changes against the object. Once the object has been created, it is then possible to set its password and make the account enabled.

For more information, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/adsilinks.asp

Keywords: kbhowto KB230750

Technology: kbADSI250 kbADSISearch kbAudDeveloper kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ kbwin2000DataServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch kbWinDataServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.