In Active Directory it is possible to copy users using the Active Directory Users and Computers MMC. Based on this process we have the ability to setup template user accounts with the proper group membership, profile setting. There are many additional attributes that do not get copied across with this process.
Many customers maps users home drives during the logon script, and therefore this is not stored with the account information and cannot be copied during the copy user process.
Copying users in Active Directory does not present the administrator with pre-populated options following internal standards, instead the full name, description fields are completed at the administrator discretion, this flaw in the process does not help in anyway to encourage standard.
These limitations have driven many customers to create a process to fill the gaps in this default method, and encourage standard at the same time.
One option which was considered before writing the clone user script was to modified which attributes are copied using ADSI edit as specified in Microsoft KB article:
However this would not address the issues of home directory creation or encourage standards.
Script Summary
“CloneUser.vbs” is visual basic script developed on a Windows 2003 platform. The script has been tested on Windows 2003 servers, but will run from Windows XP clients and the Windows 2000 platform. The code uses standard LDAP and ADSI calls, the only exception is calls to mailbox properties which are only available if exchange extensions for Active Directory Users and Computer are installed on the computer where the script is being executed. The script makes use of the external program “CACLS.EXE” which is a standard operating system command on Windows 2000, Windows XP and Windows 2003.
The script can be run cscript CloneUser.vbs without any parameters.
Domain Controller: The code will then locate a local Domain Controller, otherwise a domain controller at random will be selected for use throughout the code to read and write information from the Active Directory.
TemplateSearch : The code will make a default search based on the Active Directory site the client is a member of. “zz_template*”
Both these parameters can be specified on the command line if desired.
“cscript CloneUser.vbs /dc:DC001 /template:zz_template*”
The following is a walk through of all the major steps in the code.
Step 1 - Command Line Parameters are determined, if values have been entered they will be used, otherwise the code calculates values for domain controller and template search string.
Step 2 - A LDAP search is preformed to find user objects that match the search criteria.
Step 3 - A list of templates is displayed and the user is prompted to choose a template to create a new user from.
Step 4 - The new user basic details are requested
Step 5 - The Active Directory is searched that this user does not already exist, if it does exist then we are prompted to adjust the users properties
Step 6 - The user is created in the Active Directory, with the values entered in Step 4
Step 7 - Attribute are copied from the template user to the newly created user:Step 8 - The User Principal Name is set.
Step 9 - The home directory is set based on the location of the home path for the template user. The home directory is physically created and the permissions are set so new user has full control of their home directory.
If there is no home path specified in the template user, then we assume the home directory is mapped in the logon script. The home directory is physically created on the same server as the profile and permissions are set so new user has full control of their home directory.
Step 10 - The profile path is set based on the location of the profile path of the template user. The profile directory will be automatically configured once the users has logged on and off for the first time.
Step 11 - Group membership is copied.
Step 12 - If the template account is mailbox-enabled then the code will mailbox-enable the new user account.(Exchange extensions are required)
Step 13 - The following is set : (Password set to Password1. Enable Account. Force users to change password at next logon.)
Step 14 - Prompt to confirm
Step 15 - Displays the created user and has the option to create another user.
Setup Template Account
Step 1 - Logon to computer with permissions to create a user account.
Step 2 - Start Active Directory User and Computers MMC.
Step 3 - Navigate to the OU for where you want to create a template account.
Step 4 - Right Click the mouse pointer on the OU and select New->User.
Step 5 - Enter the following details: First Name = zz_template Last Name= <template description>
Full Name=<generated by default> !! Remove the space between First and Last Name
User logon name= Copy Full Name
User logon name(pre-Windows 2000) = <generated by default from User Logon Name>
Tip: to Copy Full Name, select the text in Full Name, use <ctrl>-c to copy the text, put the cursor in the User Logon Name text box and use <ctrl>-v to past the text in.
Click Next
Step 6 - Enter a password that meets secuirty standard.
Step 7 - Check Account is disabled.
Step 8 - Click Next
Step 9 - If Exchange is installed you will be prompted to “Create an Exchange mailbox”. Un-Check this check box (do not create a mailbox).
Step 10 - Click Next
Step 11 - Click Finish
Setup Template Properties
Step 12 - Right Click on newly create user and select Properties.
Step 13 - On the General tab complete the following fields : Description = Office = Telephone number =
Step 14 - Select the Address tab.
Step 15 - On the Address Tab complete the following fields: Street = The address of the office.City = The city the office is in. State/Province = The state or province the office is in. Zip/Postal Code = The zip or postal code of the office. Country/Region = The country the office is in.
Step 16 - Select the Profile tab.
Step 17 - On the Profile tab complete the following fields:
Profile Path = The path to the profiles share on the local site. e.g. for Amsterdam \\FileServer\Profile$\%Username% always use %username%
Logon Script = the logon script name “Logon.Bat”
The home drive is mapped during the logon script, and the “CloneUser.vbs” script will create the home drive based on the profile path. We do not need to modify any setting associated with the home folder.
Step 18 - Select the Telephones tab.
Step 19 - On the Telephone tab complete the following fields:Home =Pager =Mobile =Fax = The Office default fax number.
Step 20 - Select the Member Of tab.
Step 21 - On the Member Of tab click Add, then add the user to the relevant list of groups.
Step 22 - Click OK.
Step 23 - The Template user is now ready for use.
Option Explicit
' Declare all Variables for main code
'
'
'Template Account should follow the following rules
'Firstname:zz_template_
' e.g. zz_template_
'Lastname:background
' e.g. default template'
'UPN(user logon name): Firtname+Lastname
' e.g zz_template_default template
'samaccount name (pre windows 2000 logon) :firstname+zz_template_default template
' (20 characters total)
'
'profilepath:<servername>\sharename\%username% =samaccountname
'homepath:<servername>\sharename\%username% =samaccountname
'
'
Dim argv
Dim sDomainController
Dim sTemplateSearch
Dim NewUser
Dim ChosenUser
Dim answer
Dim strfname
Dim strlastname
Dim strdescription
Dim strdisplayname
Dim strname
Dim strcountry
Dim strinitial
Dim userexists
Dim ContinueMainLoop
Dim GetUserToCopyLoop
GetArgs sDomainController,sTemplateSearch
'Main Program Loop
ContinueMainLoop=True
While ContinueMainLoop
GetUserToCopyLoop=True
While GetUsertoCopyLoop
' Get the user we want to use as a template
set ChosenUser = GetUserToCopy(sDomainController,sTemplateSearch)
wscript.echo "User Selected to Copy :" & ChosenUser.Get("distinguishedName")
answer= DisplayUserDetails(ChosenUser, _
"This is the template user selected" & vbCr & vblf, _
vbCr & vblf & "Do you want to use this template?",vbYesNo)
' If we don't want to use the user then quit
If answer=vbYes Then
GetUserToCopyLoop=false
'Get information about the new user we want to create
'We need the country to set a default display name
On Error Resume next
Err.Clear
strcountry=ChosenUser.Get("co")
If (Err.Number <> 0 And Err.Number <> -2147463155) Then
wscript.echo "An error has occured retrieving Country " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
strdescription=ChosenUser.Get("description")
If (Err.Number <> 0 And Err.Number <> -2147463155) Then
wscript.echo "An error has occured retrieving description " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
userexists=1
While userexists=1
GetNewUserDetails strfname,strlastname,strdescription,strdisplayname,strname, strcountry, strinitial
userexists=finduser(sDomainController,strfname & strinitial & strlastname,strdisplayname)
'Check the User doesnot already exist
If userexists=1 Then
If (MsgBox ("User " & vbCr & vbLf & strdisplayname & vbCr & vbLf _
& "Already Exists !!!" & vbCr & vbLf & _
vbCr & vbLf & _
"Try another username" & vbCr & vbLf _
,vbYesNo, "User Already Exists")) = vbNo Then
WScript.Quit(0)
End if
End if
Wend
' Create a new AD users based on the information and the template
set NewUser= CreateADUser (ChosenUser, sDomainController, strfname,strlastname,strdescription,strdisplayname,strname,strinitial)
' Copy Attributes from the Template
CopyUserAttrib ChosenUser,NewUser, Array("streetAddress", _
"Company", _
"countryCode", _
"c", _
"department", _
"facsimileTelephoneNumber", _
"l", _
"homePhone", _
"info", _
"mobile", _
"pager", _
"physicalDeliveryOfficeName", _
"postOfficeBox", _
"postalCode", _
"st", _
"telephoneNumber", _
"co", _
"title", _
"scriptPath")
' Setup the UPN for the New user
SetUPN Chosenuser,NewUser
' Setup the home directory for the new user
SetupHomeDir ChosenUser,NewUser
' Setup the profile path for the new user
SetupprofilePath Chosenuser,NewUser
' Setup the group membership
SetupGroupMembership Chosenuser,NewUser ,sDomainController
'Setup MailBox Enable the Account (only if the template user has an exchange mailbox
EnableMailBoxRecipient ChosenUser,NewUser
'Finalise Account
FinaliseAccount NewUser
' Check Phone Numbers
CheckPhoneNumbers NewUser
'Display the user that has been created
answer= DisplayUserDetails(NewUser,"This is the user that has been created" & vbCr & vblf, _
"Do you want to create another user ?" &vbCr & vblf ,vbYesNo)
If answer<>vbYes Then
ContinueMainLoop=False
Else
ContinueMainLoop=True
End If
End If
Wend
wend
Sub PrintUsage
wscript.echo "Usage: cscript CloneUser.wsf /templates:<template search string> /dc:<domain controller>"
wscript.echo "e.g. cscript CloneUser.wsf /templates:zz_template /dc:dc001"
wscript.echo Now()
wscript.quit(0)
End Sub
Function GetArgValue(argName, args())
Dim a
Dim v
Dim iLenArgName
Dim x
Dim iArgCount
Dim fullArgName
fullArgName = "/" & argName & ":"
iArgCount = Ubound(args)
' Get the length of the argname we are looking for
iLenArgName = Len(fullArgName)
GetArgValue = "" ' default to nothing
For x = 0 To iArgCount
If Len(args(x)) >= iLenArgName Then
a = Mid(args(x), 1, iLenArgName)
If UCase(a) = UCase(fullArgName) Then
' erase it so we can look for unknown args later
v = args(x)
args(x) = ""
If Len(v) > iLenArgName Then
GetArgValue = Mid(v, iLenArgName + 1)
Exit Function
Else
GetArgValue = ""
Exit Function
End If
End If
End If
Next
End Function
Function CheckForBadArgs(args())
Dim I
For i = 0 to UBound(args)
If Len(args(i)) > 0 Then
CheckForBadArgs = 1
Exit Function
End If
Next
CheckForBadArgs = 0
End Function
Function GetUserToCopy (DC,SearchFor)
Dim oConn 'Connection object for ldap queries
Dim oCmd 'Command object for ldap queries
Dim sQuery 'Query string for ldap
Dim oRecordset 'AD objects recordset
Dim oRecipient 'Recipient object
Dim strsAMAccountName 'sam account name
Dim strExchAlias 'exchange alias name
Dim i
Dim choices
Dim ChosenUser
GetUserToCopy=""
' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ado270/htm/mdaexamples_vbscript01_6.asp
' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/searching_with_activex_data_objects_ado.asp
' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vbsProcedures.asp
'Build an array of AD Users.
'Use LDAP to pull the information.
'
'Set up ADSI for AD.
'
Set oConn = wScript.CreateObject("ADODB.Connection")
oConn.Provider = "ADSDSOObject"
oConn.Open "Active Directory Provider"
Set oCmd = wScript.CreateObject("ADODB.Command")
'
' Search for all matching recipients as per constants defined above.
'
sQuery = "<LDAP://" & DC & _
">;(&(objectClass=User)(cn="& SearchFor & "))"& _
";sAMAccountName,UserPrincipalName,givenName,sn,cn,distinguishedName,description;subtree"
' ">;(& (objectClass=User) | (cn="& SearchFor & ")(UserPrincipalName=" & SearchFor & ")(samaccountname=" & SearchFor & ")(Name=" & SearchFor & "))"& _
' ";sAMAccountName,UserPrincipalName,givenName,sn,cn,distinguishedName,description;subtree"
wscript.echo
wscript.echo "LDAP Query being Run:" & sQuery
wscript.echo
Set oCmd.ActiveConnection = oConn
oCmd.CommandText = sQuery
oCmd.Properties("Page Size") = 1000
Set oRecordset = CreateObject("ADODB.RecordSet")
on error resume next
Set oRecordset = oCmd.Execute()
If Err.Number <> 0 Then
wscript.echo "The could not find the template begining With (" & sTemplateSearch & ")"
wscript.echo " On Domain Controller (" & DC & ")"
wscript.echo "Error #: " & Err.Number
wscript.echo "Error : " & Err.Description
Err.Clear
WScript.Quit(0)
End If
On Error GoTo 0
'
' Loop through recipients matched.
'
if oRecordSet.RecordCount=0 then
wscript.echo "The could not find the template begining With (" & sTemplateSearch & ")"
wscript.quit(0)
end if
wscript.echo "The Query has returned : (" & oRecordSet.RecordCount & ") records"
i=0
ChosenUser=""
choices=""
On Error Resume next
While Not oRecordset.EOF
'Loop through all user accounts
i=i+1
choices=choices & vbCr & vbLf
choices=choices & i & ". "
choices=choices & oRecordset("givenName").Value
choices=choices & " " & oRecordset("sn").Value
choices=choices & " " & oRecordset("description").Value
oRecordset.MoveNext
Wend
On Error goto 0
choices=choices & vbCr & vbLF
While ChosenUser=""
ChosenUser = InputBox(choices,"Select a template to use?","1")
If ChosenUser<>"" then
If (cint(ChosenUser)<1 Or cint(ChosenUser) >i) Then
ChosenUser=""
wscript.echo "Invalid Choice"
End If
Else
wscript.echo "Quitting Program"
WScript.Quit(0)
End If
wend
oRecordset.MoveFirst
oRecordset.Move(cint(ChosenUser)-1)
' Get the user template we will use top copy the details of
set GetUserToCopy = GetObject("LDAP://" & DC & "/" & oRecordset("distinguishedName").Value)
End Function
Function DisplayUserDetails(OUser,PreText,PostText,vbButtons)
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vbsProcedures.asp
'Dim OUser
Dim DisplayText
'Set oUser = GetObject("LDAP://" & DC & "/" & UserDN)
On Error Resume next
With oUser
.GetInfo
DisplayText=PreText & vbCr & vbLf
DisplayText=DisplayText & vbCr & vbLf & "First Name : "
DisplayText=DisplayText & .Get("givenName")
DisplayText=DisplayText & vbCr & vbLf & "Last Name : "
DisplayText=DisplayText & .Get("sn")
DisplayText=DisplayText & vbCr & vbLf & "Initial : "
DisplayText=DisplayText & .Get("initials")
DisplayText=DisplayText & vbCr & vbLf & "Display Name : "
DisplayText=DisplayText & .Get("Name")
DisplayText=DisplayText & vbCr & vbLf & "Description : "
DisplayText=DisplayText & .Get("description")
DisplayText=DisplayText & vbCr & vbLf & "SAM Account Name : "
DisplayText=DisplayText & .Get("sAMAccountName")
DisplayText=DisplayText & vbCr & vbLf & "UPN : "
DisplayText=DisplayText & .Get("userPrincipalName")
DisplayText=DisplayText & vbCr & vbLf
DisplayText=DisplayText & "Address : " & vbCr & vbLf
DisplayText=DisplayText & .Get("streetAddress")
DisplayText=DisplayText & vbCr & vbLf
DisplayText=DisplayText & vbCr & vbLf & "ZIP/PostCode : "
DisplayText=DisplayText & .Get("postalCode")
DisplayText=DisplayText & vbCr & vbLf & "State/Provence : "
DisplayText=DisplayText & .Get("st")
DisplayText=DisplayText & vbCr & vbLf & "Country : "
DisplayText=DisplayText & .Get("co")
DisplayText=DisplayText & vbCr & vbLf & "Telephone : "
DisplayText=DisplayText & .Get("telephoneNumber")
DisplayText=DisplayText & vbCr & vbLf & "Fax : "
DisplayText=DisplayText & .Get("facsimileTelephoneNumber")
DisplayText=DisplayText & vbCr & vbLf & "Pager : "
DisplayText=DisplayText & .Get("pager")
DisplayText=DisplayText & vbCr & vbLf & "Title : "
DisplayText=DisplayText & .Get("Title")
DisplayText=DisplayText & vbCr & vbLf
DisplayText=DisplayText & vbCr & vbLf
DisplayText=DisplayText & vbCr & vbLf & "Home Directory : "
DisplayText=DisplayText & .Get("homeDirectory")
DisplayText=DisplayText & vbCr & vbLf & "Home Drive : "
DisplayText=DisplayText & .Get("homeDrive")
DisplayText=DisplayText & vbCr & vbLf & "Logon Script : "
DisplayText=DisplayText & .Get("scriptPath")
DisplayText=DisplayText & vbCr & vbLf & "Profile Path : "
DisplayText=DisplayText & .Get("profilePath")
DisplayText=DisplayText & vbCr & vbLf & "Exch Home Srv : "
DisplayText=DisplayText & .Get("msExchHomeServerName")
DisplayText=DisplayText & vbCr & vbLf & vbCr & vbLf & PostText
End With
On Error goto 0
DisplayUserDetails=MsgBox(DisplayText,vbYesNo,"Display User Details")
End Function
Sub GetNewUserDetails(strfname,strlname,strdescription,strdisplayname,strname, _
strcountry,strinitial)
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vbsProcedures.asp
strfname = InputBox("Enter First Name","Get Info",strfname)
strlastname = InputBox("Enter Last Name","Get Info",strlname)
strinitial =InputBox("Enter Initials","Get Info",strinitial)
strdisplayname= strlname & ", " & strfname & " ("& strcountry &")"
strdisplayname = InputBox("Enter Display Name","Get Info",strdisplayname)
strname = strfname & strinitial & strlname
strname = InputBox("Logon Name","Get Info",strname)
strdescription = InputBox("Enter Description","Get Info",strdescription)
End sub
'CheckPhoneNumbers NewUser
Sub CheckPhoneNumbers(NewUser)
'"Company", _
'"c","department","facsimileTelephoneNumber", "l", _
'"homePhone", "info", "mobile", "pager", "physicalDeliveryOfficeName", _
'telephoneNumber","title", _
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iads.asp
On Error Resume Next
Dim Temp
temp=""
temp= NewUser.Get("telephoneNumber")
temp = InputBox("Enter Phone number","Get Info",temp)
NewUser.Put "telephoneNumber",temp
NewUser.SetInfo
'
temp=""
temp= NewUser.Get("facsimileTelephoneNumber")
temp = InputBox("Enter Fax number","Get Info",temp)
NewUser.Put "facsimileTelephoneNumber",temp
NewUser.SetInfo
'
temp=""
temp= NewUser.Get("pager")
temp = InputBox("Enter pager number","Get Info",temp)
NewUser.Put "pager",temp
NewUser.SetInfo
'
temp=""
temp= NewUser.Get("title")
temp = InputBox("Enter Title","Get Info",temp)
NewUser.Put "title",temp
NewUser.SetInfo
On Error Goto 0
End sub
Function finduser(dc,strname,strdisplayname)
on error resume Next
Err.Clear
finduser=0
Dim oConn
Dim oCmd
Dim sQuery
Dim orecordSet
Set oConn = wScript.CreateObject("ADODB.Connection")
oConn.Provider = "ADSDSOObject"
oConn.Open "Active Directory Provider"
Set oCmd = wScript.CreateObject("ADODB.Command")
'
' Search for all matching recipients as per constants defined above.
'
sQuery = "<LDAP://" & DC & _
">;(&(objectClass=User)(|(UserPrincipalName="& strname & "@*)(displayName="& strdisplayname &")))"& _
";givenName,sn,cn,distinguishedName;subtree"
wscript.echo
wscript.echo "LDAP Query being Run:" & sQuery
wscript.echo
Set oCmd.ActiveConnection = oConn
oCmd.CommandText = sQuery
oCmd.Properties("Page Size") = 1000
Set oRecordset = CreateObject("ADODB.RecordSet")
Set oRecordset = oCmd.Execute()
If Err.Number <> 0 Then
wscript.echo "Error searching for user (" & strname & ")"
wscript.echo " On Domain Controller (" & DC & ")"
wscript.echo "Error #: " & Err.Number
wscript.echo "Error : " & Err.Description
Err.Clear
WScript.Quit(0)
End If
On Error GoTo 0
'
' Loop through recipients matched.
'
if oRecordSet.RecordCount>0 then
finduser=1
wscript.echo "User Alredy exists (" & strname & ")"
end if
End Function
Function CreateADUser (objTemplateUser, dc, strfname,strlname,strdescription,strdisplayname,strname,strintial)
'The following code example creates a user account with the default attributes.
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iads.asp
Dim ou
Dim strou
Dim dname
strou=objTemplateUser.Get("distinguishedname")
strou=Right(strou,len(strou)-InStr(strou,","))
wscript.echo strou
'Do our own error checking here.
On Error Resume Next
Err.Clear
' dname="cn=" & strlname & "\" & Hex(Asc(",")) & " " & strfname
' need to use dislpay name
dname="cn=" & strdisplayname
dname=Replace(dname, "," ,"\" & Hex(Asc(",")))
'need to use \ escape sequence to use , in directory name
Set ou = GetObject("LDAP://" & strou)
wscript.echo "dname:" & dname
Set CreateADUser = ou.Create("user", dname)
CreateADUser.SetInfo
If (Err.Number <> 0) Then
wscript.echo "An error has occurred creating the user: " & Err.Number
wscript.echo "Err Description: " & Err.Description
wscript.echo "Try Again Adding (Initial) to the Display Name"
WScript.Quit(0)
End If
With CreateADUser
wscript.echo "adding samAccountName: "
wscript.echo left(strname,20)
.Put "samAccountName", left(strname,20)
.SetInfo
If (Err.Number <> 0 and Err.Number <> -2147463160) Then
wscript.echo "An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
wscript.echo "adding fullname: "
wscript.echo strdisplayname
.put "displayName", strdisplayname
.SetInfo
If (Err.Number <> 0 and Err.Number <> -2147463160) Then
wscript.echo "An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
wscript.echo "adding firstname: "
wscript.echo strfname
.put "givenName", strfname
.SetInfo
If (Err.Number <> 0 and Err.Number <> -2147463160) Then
wscript.echo "An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
wscript.echo "adding initials: "
wscript.echo strinitial
.put "initials" ,strinitial
.SetInfo
If (Err.Number <> 0 and Err.Number <> -2147463160) Then
wscript.echo "An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
wscript.echo "adding lastnamename: "
wscript.echo strlname
.put "sn", strlname
.SetInfo
If (Err.Number <> 0 and Err.Number <> -2147463160) Then
wscript.echo "An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
wscript.echo "adding description: "
wscript.echo strdescription
.put "description", strdescription
.setinfo
'-2147463160 = trying to set to a null value
If (Err.Number <> 0 and Err.Number <> -2147463160) Then
wscript.echo "An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
End With
Set ou = Nothing
Set usr = Nothing
On Error Goto 0
End Function
Sub CopyUserAttrib(FromUser,ToUser,Attribs)
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iads.asp
On Error Resume Next
Err.Clear
Dim strAttribute
For Each strAttribute In Attribs
If Not IsNull(FromUser.Get(strAttribute)) Then
wscript.echo "Copying Attrib: " & strAttribute
ToUser.Put strAttribute, FromUser.Get(strAttribute)
Touser.Setinfo
If (Err.Number <> 0 And Err.Number <> -2147463155) Then
wscript.echo "An error has occured copying the attribute " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
End if
Next
End Sub
sub SetupHomeDir (ChosenUser,NewUser)
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iads.asp
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wscondrivingapplications.asp
On Error Resume Next
Err.Clear
Dim NewHomeDir
Dim fso,wshshell,fldUserHomedir, cmdline
NewHomeDir=""
NewHomeDir= Replace(ucase(ChosenUser.Get("homeDirectory")),ucase(ChosenUser.Get("sAMAccountName")),NewUser.Get("sAMAccountName"),vbTextCompare)
If NewHomeDir<>"" then
wscript.echo "NewHomeDir: " & NewHomeDir
NewUser.Put "homeDirectory", NewHomeDir
NewUser.Put "homeDrive", ChosenUser.Get("homeDrive")
NewUser.Setinfo
If (Err.Number <> 0) Then
wscript.echo "Error Setting Home Drive Paramaters " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
Else
' Home drive has not been set so assume that it is being mapped in the logon script
' Create directory for logon script to mapto based on profile path.
NewHomeDir= Replace(ucase(ChosenUser.Get("profilePath")),ucase(ChosenUser.Get("sAMAccountName")),NewUser.Get("sAMAccountName"),vbTextCompare)
NewHomeDir= Replace(NewHomeDir,"PROFILE","HOME",vbTextCompare)
End If
If NewHomeDir<>"" Then
Err.Clear
'Physically create home drive
'Create the home directory.
Set fso = CreateObject("Scripting.FileSystemObject")
If Not fso.FolderExists(NewHomeDir) Then
Set fldUserHomedir = fso.CreateFolder(NewHomeDir)
End If
Set wshShell = WScript.CreateObject("Wscript.Shell")
cmdline="cacls " & NewHomeDir & " /e /g " & NewUser.Get("userPrincipalName") & ":F"
wscript.echo "CMD=" & cmdline
wshShell.Run cmdline, 1, True
If (Err.Number <> 0) Then
wscript.echo "Error Creating Home Drive " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
End If
On Error goto 0
End Sub
sub SetupprofilePath (ChosenUser,NewUser)
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iads.asp
On Error Resume Next
Err.Clear
Dim NewprofilePath
NewprofilePath= Replace(ucase(ChosenUser.Get("profilePath")),ucase(ChosenUser.Get("sAMAccountName")),NewUser.Get("sAMAccountName"),vbTextCompare)
wscript.echo "profilePath: " & NewprofilePath
NewUser.Put "profilePath", NewprofilePath
NewUser.Setinfo
If (Err.Number <> 0) Then
wscript.echo "An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
On Error Goto 0
End Sub
Sub SetUPN (ChosenUser,NewUser)
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iads.asp
'Setup the UsersPrincipalName base on First&LastName
Dim OldName
Dim NewName
On Error Resume Next
Err.Clear
Dim NewUPN
OldName=ucase(ChosenUser.Get("givenName")& ChosenUser.Get("sn"))
' if no initials exist then the following line will fail so oldname = firstname+lastname
OldName=ucase(ChosenUser.Get("givenName")& ChosenUser.Get("Initials") & ChosenUser.Get("sn"))
wscript.echo "Old: " & OldName
NewName=NewUser.Get("givenName")& NewUser.Get("sn")
' if no initials exist then the following line will fail so newname = firstname+lastname
NewName=NewUser.Get("givenName")& NewUser.Get("Initials") & NewUser.Get("sn")
wscript.echo "New: " & NewName
wscript.echo "TemplateUPN: " & Replace(ucase(ChosenUser.Get("userPrincipalName")))
Err.Clear
'Clear any errors from above
NewUPN= Replace(ucase(ChosenUser.Get("userPrincipalName")),OldName,NewName)
wscript.echo "NewUPN: " & NewUPN
NewUser.Put "userPrincipalName", NewUPN
NewUser.Setinfo
If (Err.Number <> 0) Then
wscript.echo "SetUPN:An error has occured setting the property " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
On Error Goto 0
End sub
Sub SetupGroupMembership (Chosenuser,NewUser,dc)
'http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/iads.asp
Dim arrMembers
Dim member
Dim CurrentGroup
On Error Resume Next
Err.Clear
arrMembers = Chosenuser.GetEx("memberOf")
For Each member In arrMembers
wscript.echo member
Set CurrentGroup=GetObject("LDAP://" & dc & "/" & member)
CurrentGroup.Add("LDAP://" & NewUser.Get("distinguishedname"))
CurrentGroup.SetInfo
If (Err.Number <> 0) Then
wscript.echo "An error has occured adding user to the group " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
Set CurrentGroup= Nothing
Next
On Error Goto 0
End Sub
Sub EnableMailBoxRecipient(ChosenUser,NewUser)
' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_cdo_creating_a_mailbox_enabled_recipient.asp
On Error Resume Next
Dim HomeMDB
Err.Clear
HomeMDB=""
HomeMDB=ChosenUser.HomeMDB
If HomeMDB <> "" Then
wscript.echo "Template Has a Mailbox: " & HomeMDB
wscript.echo "MailBox Enabling New User"
NewUser.CreateMailbox "LDAP://" & HomeMDB
NewUser.SetInfo
If (Err.Number <> 0) Then
wscript.echo "An error has occured MailBox Enabling user" & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
Else
wscript.echo "Template Does not have a Mailbox."
wscript.echo "****** No Mailbox Created ******"
End if
On Error Goto 0
End Sub
Sub FinaliseAccount(NewUser)
On Error Resume Next
Err.Clear
NewUser.SetPassword "Password1"
NewUser.AccountDisabled = False
' Set the pwdLastSet property to zero, which forces the
' user to change the password at next log on.
NewUser.Put "pwdLastSet", 0
NewUser.SetInfo
If (Err.Number <> 0) Then
wscript.echo "An error has occured finalising the account " & Err.Number
wscript.echo "Err Description: " & Err.Description
Err.Clear
End If
End Sub
Sub GetArgs(sDomainController,sTemplateSearch)
Dim sys
Set sys = CreateObject("ADSystemInfo")
Dim args()
ReDim args(0)
args(0) = ""
Dim i
For i = 0 to wscript.arguments.count - 1
ReDim Preserve args(i)
args(i) = wscript.arguments.item(i)
Next
sTemplateSearch = GetArgValue("templates", args)
If sTemplateSearch ="" Then
sTemplateSearch="zz_template*"
wscript.echo "No template entered will search based on :" & sTemplateSearch
End If
sDomainController = GetArgValue("dc", args)
If sDomainController="" Then
sDomainController=sys.GetAnyDCName()
wscript.echo "No dc entered will use:" & sDomainController
End if
If CheckForBadArgs(args) Then
wscript.echo "Unknown command-line arguments specified"
PrintUsage
End If
End sub
