How to quickly "throw" 100,500 new users in Active Directory (raised on MS Windows Server 2003) or Script to add user accounts to Active Directory
It so happened that I chose the profession of a system administrator. And I have been doing this at times ungrateful work for nearly 6 years.
One day, a couple of years ago, I was faced with a question, which later developed into a task, namely, how relatively quickly to get new user accounts in AD under MS Windows Server 2003?
I think that everyone knows how to add a user to the domain, so to speak, "pens". That is, to add AD user accounts you have to do something like the following: open the Users and Computers snap-in of the above OS, open the corresponding Organization Unite OU, initiate user creation using any known methods, and then create users in the window that opens after another. Agree, this is quite a long and dreary, especially if the required user accounts are not 10, but let's say - 300, 500 and more. Especially it will become a routine matter when you need to fill in not only the "login" and "password" fields, but also, located in various tabs, the fields "Last Name", "First Name, Middle Name", "Position", "Department", "Organization " etc. Of course, you will say that the “copy-paste” and “blind dialing” methods have not been canceled yet, but you try and feel what user account you are tired of, and if you don’t get tired, then count the number of errors made when filling data.
In general, having understood that something needs to be done with this and since my time was limited, I turned to Internet resources in order to search for a script that was supposed to exist and solve this problem, as suggested by my instincts. Alas, I was practically disappointed in what I saw. The Internet was full of all sorts of scripts to automate various tasks in the AD environment, but what I needed was completely absent. I had to turn to English-language resources, on one of which (alas, I already lost the site link at the time of writing this article, I had thoughts of where to look, and if I found it, I’ll publish) there was a certain “fish” script on VBS in very “raw” As it turned out when trying to use it on a test system, it did not lead to anything - it simply, a priori, did not work, due to the presence of a lot of flaws and trivial errors in it, as I found out later. I had to correct, add the code and become, in addition to everything, a little programmer in the VBS language :)
For this, allow me to submit to the court of a respected public a script for adding user accounts in AD to previously created OUs (level 1). If the question arises why OUs are not automatically created, then I will answer in advance that I didn’t find out how to do it, and the control is so harsher for the changes made in AD - it’s still not necessary to play in the sandbox, but to make tangible changes to the powerful and real time system, the so-called "Active Directory".
Important note!
In advance, you need to create a file containing a separator ";" Required parameters:
Login; Password; Name Patronymic name; Surname; Position; Department; Organization;
The presence of a closing delimiter ";" in each line, for example:
sirin-bird1; password1; First name1; Last Name1; Position1; Division1; Organization1;
sirin-bird2; password2; First name2; Last Name2; Position2; Division2; Organization2;
sirin-bird4; password3; Name2 Patronymic3 Surname3; Position3; Division3; Organization3;
sirin-bird3; password4; First name4; Surname4; Position4; Division4; Organization4;
sirin-bird5; password5; Name2 Patronymic5; Surname5; Position5; Division5; Organization5;
... ... ... ... ... ... ...
The creation of such a file can be entrusted to unqualified personnel who know how to handle an elementary text editor. And then just check the correctness of typing and placement of delimiters, as your humble servant did.
Another important note!
The “Organization” parameter is the OU for the corresponding user and is not created by this script, so in order for everything to work, first create the corresponding OU in the root of the domain (near the “Users” OU folder). This is due to the fact that in my domain there were several client organizations with their users, employees, hence this division.
')
So, the script itself:
Set objArgs = WScript.Arguments
if objArgs.Count = 0 then
WScript.Echo “Add users to the domain.”
WScript.Echo "add_to_ad.vbs [filename]"
WScript.Echo "[file name] - file with list of users"
WScript.Echo "file format: Login; Password; First Name; Last Name; Position; Department; Organization;"
WScript.Quit
end if
path = objArgs (0)
Set fso = CreateObject ("Scripting.FileSystemObject")
Set objFile = fso.OpenTextFile (path, 1)
Do Until objFile.AtEndOfStream
str = objFile.ReadLine
for i = 1 to Len (str) step 1
strCh = Mid (str, i, 1)
if strCh = ";" then
select case Z
case 0
UserName = strRez '*** Login
case 1
UserPassword = strRez '*** Password
case 2
FirstName = strRez '*** First Name
case 3
LastName = strRez '*** Last Name
case 4
Title = strRez '*** Title
case 5
Department = strRez '*** Division
case 6
Company = strRez '*** Organization
'case 7
'Manager = strRez' *** Head
'case 8
'OfficeRoom = strRez' *** Room
end select
strRez = ""
strCh = ""
Z = Z + 1
else
strRez = strRez + strCh
end if
next
strRez = ""
strCh = ""
Z = 0
Set objRoot = GetObject ("LDAP: // RootDSE")
Set objADSystemInfo = CreateObject ("ADSystemInfo")
DomainDNSName = objADSystemInfo.DomainDNSName
DomainDN = objRoot.Get ("DefaultNamingContext")
ContainerDN = "ou =" & Company & "," & DomainDN
pName = UserName & "@" & DomainDNSName '"@ snb.local"
'!!! IMPORTANT !!! *** We indicate in advance the CREATED OU in which new users rush *******
Set objOU = GetObject ("LDAP: //" & ContainerDN)
'*************************** Create domain user account ****************** *****
Set objUser = objOU.Create ("User", "cn =" + UserName)
'**** Login *****
objUser.Put "sAMAccountName", UserName
objUser.SetInfo
'****** password *******
Set objUser = GetObject ("LDAP: // cn =" + UserName + "," + ContainerDN)
objUser.SetPassword UserPassword
'******* UPN **********
objUser.Put "userPrincipalName", pName
'****** account shutdown *******
objUser.AccountDisabled = TRUE
'******** First Name *********
objUser.Put "givenName", FirstName
'***** Last Name *********
objUser.Put "sn", LastName
'***** Display Name ******
objUser.Put "displayName", LastName & "" & FirstName
'Initials
objUser.Put "initials", left (FirstName, 1) & "." '& left (LastName, 1)
' ***** Position ******
objUser.Put "title", Title
' ***** Department ******
objUser.Put "department", Department
'Organization
objUser.Put "Company", Company
'Head
'objUser.Put "manager", Manager
'room
'objUser.Put "physicalDeliveryOfficeName", OfficeRoom
'***** Const. Require password change on next login ***
objUser.Put "pwdLastSet", CLng (0)
objUser.SetInfo
'WScript.Echo "User -" + UserName + "added to AD"
Loop
WScript.Echo "Users added to AD"
objFile.Close
additional code to insert into the script:
'Home directory
'objUser.Put "HomeDirectory", strHomeDirPath
' mailbox
'objUser.Put "mailNickname", strName
' site
'objUser.Put "wWWHomePage", " www.test.com "
Some more examples:
'ObjUser.Put "Description", "Year 2"
'objUser.Put "physicalDeliveryOfficeName", sOfficeName
'objUser.Put "ProfilePath", sScPath
'sHDrive objUser.Put "HomeDrive", "Z"
'objUser.Put "TerminalServicesProfilePath", sTermProf
'objUser.Put "TerminalServicesHomeDirectory", sTermHDir
The code from the text editor should be saved with the extension .vbs
The launch of the script is carried out with the transfer of parameters from the file.
For example: script.vbs users.txt
where
script.vbs - the script itself
users.txt - file with input data.
Script execution takes seconds with instant output.
As you can see from the code, if you uncover a couple more lines and make additions to the file with the input parameters, then you can also add the Manager and the Room Number on the machine. The script can be developed indefinitely. For example, add the ability to add a field like “Phone” in the same way.
As a text editor for Windows, I can advise free to use and highly functional Notepad ++.
One of the useful links where there are scripts on VBS: forum.sysadmins.su
I hope this information will be for someone very useful and necessary.
One day, a couple of years ago, I was faced with a question, which later developed into a task, namely, how relatively quickly to get new user accounts in AD under MS Windows Server 2003?
I think that everyone knows how to add a user to the domain, so to speak, "pens". That is, to add AD user accounts you have to do something like the following: open the Users and Computers snap-in of the above OS, open the corresponding Organization Unite OU, initiate user creation using any known methods, and then create users in the window that opens after another. Agree, this is quite a long and dreary, especially if the required user accounts are not 10, but let's say - 300, 500 and more. Especially it will become a routine matter when you need to fill in not only the "login" and "password" fields, but also, located in various tabs, the fields "Last Name", "First Name, Middle Name", "Position", "Department", "Organization " etc. Of course, you will say that the “copy-paste” and “blind dialing” methods have not been canceled yet, but you try and feel what user account you are tired of, and if you don’t get tired, then count the number of errors made when filling data.
In general, having understood that something needs to be done with this and since my time was limited, I turned to Internet resources in order to search for a script that was supposed to exist and solve this problem, as suggested by my instincts. Alas, I was practically disappointed in what I saw. The Internet was full of all sorts of scripts to automate various tasks in the AD environment, but what I needed was completely absent. I had to turn to English-language resources, on one of which (alas, I already lost the site link at the time of writing this article, I had thoughts of where to look, and if I found it, I’ll publish) there was a certain “fish” script on VBS in very “raw” As it turned out when trying to use it on a test system, it did not lead to anything - it simply, a priori, did not work, due to the presence of a lot of flaws and trivial errors in it, as I found out later. I had to correct, add the code and become, in addition to everything, a little programmer in the VBS language :)
For this, allow me to submit to the court of a respected public a script for adding user accounts in AD to previously created OUs (level 1). If the question arises why OUs are not automatically created, then I will answer in advance that I didn’t find out how to do it, and the control is so harsher for the changes made in AD - it’s still not necessary to play in the sandbox, but to make tangible changes to the powerful and real time system, the so-called "Active Directory".
Important note!
In advance, you need to create a file containing a separator ";" Required parameters:
Login; Password; Name Patronymic name; Surname; Position; Department; Organization;
The presence of a closing delimiter ";" in each line, for example:
sirin-bird1; password1; First name1; Last Name1; Position1; Division1; Organization1;
sirin-bird2; password2; First name2; Last Name2; Position2; Division2; Organization2;
sirin-bird4; password3; Name2 Patronymic3 Surname3; Position3; Division3; Organization3;
sirin-bird3; password4; First name4; Surname4; Position4; Division4; Organization4;
sirin-bird5; password5; Name2 Patronymic5; Surname5; Position5; Division5; Organization5;
... ... ... ... ... ... ...
The creation of such a file can be entrusted to unqualified personnel who know how to handle an elementary text editor. And then just check the correctness of typing and placement of delimiters, as your humble servant did.
Another important note!
The “Organization” parameter is the OU for the corresponding user and is not created by this script, so in order for everything to work, first create the corresponding OU in the root of the domain (near the “Users” OU folder). This is due to the fact that in my domain there were several client organizations with their users, employees, hence this division.
')
So, the script itself:
Set objArgs = WScript.Arguments
if objArgs.Count = 0 then
WScript.Echo “Add users to the domain.”
WScript.Echo "add_to_ad.vbs [filename]"
WScript.Echo "[file name] - file with list of users"
WScript.Echo "file format: Login; Password; First Name; Last Name; Position; Department; Organization;"
WScript.Quit
end if
path = objArgs (0)
Set fso = CreateObject ("Scripting.FileSystemObject")
Set objFile = fso.OpenTextFile (path, 1)
Do Until objFile.AtEndOfStream
str = objFile.ReadLine
for i = 1 to Len (str) step 1
strCh = Mid (str, i, 1)
if strCh = ";" then
select case Z
case 0
UserName = strRez '*** Login
case 1
UserPassword = strRez '*** Password
case 2
FirstName = strRez '*** First Name
case 3
LastName = strRez '*** Last Name
case 4
Title = strRez '*** Title
case 5
Department = strRez '*** Division
case 6
Company = strRez '*** Organization
'case 7
'Manager = strRez' *** Head
'case 8
'OfficeRoom = strRez' *** Room
end select
strRez = ""
strCh = ""
Z = Z + 1
else
strRez = strRez + strCh
end if
next
strRez = ""
strCh = ""
Z = 0
Set objRoot = GetObject ("LDAP: // RootDSE")
Set objADSystemInfo = CreateObject ("ADSystemInfo")
DomainDNSName = objADSystemInfo.DomainDNSName
DomainDN = objRoot.Get ("DefaultNamingContext")
ContainerDN = "ou =" & Company & "," & DomainDN
pName = UserName & "@" & DomainDNSName '"@ snb.local"
'!!! IMPORTANT !!! *** We indicate in advance the CREATED OU in which new users rush *******
Set objOU = GetObject ("LDAP: //" & ContainerDN)
'*************************** Create domain user account ****************** *****
Set objUser = objOU.Create ("User", "cn =" + UserName)
'**** Login *****
objUser.Put "sAMAccountName", UserName
objUser.SetInfo
'****** password *******
Set objUser = GetObject ("LDAP: // cn =" + UserName + "," + ContainerDN)
objUser.SetPassword UserPassword
'******* UPN **********
objUser.Put "userPrincipalName", pName
'****** account shutdown *******
objUser.AccountDisabled = TRUE
'******** First Name *********
objUser.Put "givenName", FirstName
'***** Last Name *********
objUser.Put "sn", LastName
'***** Display Name ******
objUser.Put "displayName", LastName & "" & FirstName
'Initials
objUser.Put "initials", left (FirstName, 1) & "." '& left (LastName, 1)
' ***** Position ******
objUser.Put "title", Title
' ***** Department ******
objUser.Put "department", Department
'Organization
objUser.Put "Company", Company
'Head
'objUser.Put "manager", Manager
'room
'objUser.Put "physicalDeliveryOfficeName", OfficeRoom
'***** Const. Require password change on next login ***
objUser.Put "pwdLastSet", CLng (0)
objUser.SetInfo
'WScript.Echo "User -" + UserName + "added to AD"
Loop
WScript.Echo "Users added to AD"
objFile.Close
additional code to insert into the script:
'Home directory
'objUser.Put "HomeDirectory", strHomeDirPath
' mailbox
'objUser.Put "mailNickname", strName
' site
'objUser.Put "wWWHomePage", " www.test.com "
Some more examples:
'ObjUser.Put "Description", "Year 2"
'objUser.Put "physicalDeliveryOfficeName", sOfficeName
'objUser.Put "ProfilePath", sScPath
'sHDrive objUser.Put "HomeDrive", "Z"
'objUser.Put "TerminalServicesProfilePath", sTermProf
'objUser.Put "TerminalServicesHomeDirectory", sTermHDir
The code from the text editor should be saved with the extension .vbs
The launch of the script is carried out with the transfer of parameters from the file.
For example: script.vbs users.txt
where
script.vbs - the script itself
users.txt - file with input data.
Script execution takes seconds with instant output.
As you can see from the code, if you uncover a couple more lines and make additions to the file with the input parameters, then you can also add the Manager and the Room Number on the machine. The script can be developed indefinitely. For example, add the ability to add a field like “Phone” in the same way.
As a text editor for Windows, I can advise free to use and highly functional Notepad ++.
One of the useful links where there are scripts on VBS: forum.sysadmins.su
I hope this information will be for someone very useful and necessary.
Source: https://habr.com/ru/post/146980/
All Articles