Automatically create users with VBScript

This VBScript will automatically create and configure users, including exchange mailbox, home drive and user groups.

Lee Oliphant

Published: 06 May 2005

This VBScript will automatically create and configure users, including Exchange mailbox, home drive (with permissions)...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

and user groups. It will need some customisation for your particular site, but it works extremely well and has saved me a lot of time. You could also change it to read the user information from a CSV file.

'Option Explicit
Dim WshShell, fso
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = WScript.CreateObject("WScript.Network")

DomainName = "EnterYourDomainName.com"
OUNamePt1 = "Windows 2000 Users"
OUNamePt2 = "Tunbridge Wells Users"
DefaultPassword = "EnterYourDefaultPassword"
Set dom = GetObject("LDAP://" & DomainName)
InputPrompt1 = "Domain = "&DomainName&vbCrLf&"Container = "&OUName&vbCrLf&vbCrLf&"Enter Users Initials:"
InputPrompt2 = "Domain = "&DomainName&vbCrLf&"Container = "&OUName&vbCrLf&vbCrLf&"Enter Users First Name:"
InputPrompt3 = "Domain = "&DomainName&vbCrLf&"Container = "&OUName&vbCrLf&vbCrLf&"Enter Users Surname:"
InputPrompt4 = "Domain = "&DomainName&vbCrLf&"Container = "&OUName&vbCrLf&vbCrLf&"Enter Users Job Title:"
'InputPrompt5 = "Domain = "&DomainName&vbCrLf&"Container = "&OUName&vbCrLf&vbCrLf&"Please Enter F for Fee Earner or N for Non Fee Earner:"
UserName = InputBox(InputPrompt1, "UserInitials")
FirstName = InputBox(InputPrompt2, "FirstName")
Surname = InputBox(InputPrompt3, "Surname")
Department = InputBox(InputPrompt4, "Job Title")
UserStatus = WshShell.popup("Is this user a Fee Earner",,"User Type",4)
Set usr = dom.Create("user", "CN=" & Surname & ", " & FirstName & ",OU=" & OUNamePt1 & ",OU=" & OUNamePt2)
Set ProfileServer = fso.GetFolder("EnterYourFileServerhome$")

'Create User
usr.put "samAccountName", LCase(UserName)
usr.put "userPrincipalName", FirstName & "." & Surname & "@" & DomainName usr.put "givenName", FirstName
usr.put "sn", Surname
usr.put "displayName", Surname & ", " & FirstName
usr.put "initials", LCase(Mid(UserName,2,1))
usr.put "description", Department
usr.put "homeDirectory", "EnterYourFileServer" & LCase(UserName) & "$"
usr.put "homeDrive", "H:"
usr.put "profilePath", "EnterYourFileServerprofile$" & LCase(UserName)
usr.setinfo usr.setpassword DefaultPassword usr.accountdisabled = False
usr.setinfo

'Create Users Mailbox
Dim oIADSUser
Dim MStore
strDefaultNC = "DC=EnterYourDomainName,DC=com"
Set oIADSUser = GetObject("LDAP://CN=" & Surname & ", " & FirstName & ",OU=Windows 2000 Users,OU=Tunbridge Wells Users,DC=EnterYourDomainName,DC=com")

If UCase(Right(Username,1)) <= Chr(76) Then
 MStore = "Mailboxes A-L"
Else
 MStore = "Mailboxes M-Z"
End If

oIADSUser.CreateMailbox "LDAP://CN=" & MStore & ",
CN=First Storage Group,
CN=InformationStore,
CN=EnterYourMailServer,
CN=Servers,
CN=EnterYourAdminGroup,
CN=Administrative Groups,
CN=EnterYourSMTPOrganisationName,
CN=Microsoft Exchange,
CN=Services,
CN=Configuration,
DC=EnterYourDomainName,DC=com"
oIADSUser.SetInfo

'Add member to groups
Const ADS_PROPERTY_APPEND = 3

Set objGroup = GetObject("LDAP://CN=Docs_Users,CN=Users,DC=EnterYourDomainName,DC=com")
objGroup.PutEx ADS_PROPERTY_APPEND, "member",
Array("CN=" & Surname & ", " & FirstName & ",OU=Windows 2000 Users,OU=Tunbridge Wells Users,DC=EnterYourDomainName,DC=com")
objGroup.SetInfo

Set objGroup = GetObject("LDAP://CN=SuperScout All Users,CN=Users,DC=EnterYourDomainName,DC=com")
objGroup.PutEx ADS_PROPERTY_APPEND, "member",
Array("CN=" & Surname & ", " & FirstName & ",OU=Windows 2000 Users,OU=Tunbridge Wells Users,DC=EnterYourDomainName,DC=com")
objGroup.SetInfo


If UserStatus = vbYes Then
 Set objGroup = GetObject("LDAP://CN=Fee Earners,CN=Users,DC=EnterYourDomainName,DC=com")
 objGroup.PutEx ADS_PROPERTY_APPEND, "member",
Array("CN=" & Surname & ", " & FirstName & ",OU=Windows 2000 Users,OU=Tunbridge Wells Users,DC=EnterYourDomainName,DC=com")
 objGroup.SetInfo
 UserStatus = WshShell.popup("Is this user a Trainee Solicitor",,"User Type",4)
 
 If UserStatus = vbYes Then
  Set objGroup = GetObject("LDAP://CN=All Solicitors,OU=Exchange Mailing Lists,OU=Tunbridge Wells Users,DC=EnterYourDomainName,DC=com")
  objGroup.PutEx ADS_PROPERTY_APPEND, "member",
Array("CN=" & Surname & ", " & FirstName & ",OU=Windows 2000 Users,OU=Tunbridge Wells Users,DC=EnterYourDomainName,DC=com")
  objGroup.SetInfo
 End If
Else 
 UserStatus = WshShell.popup("Is this user a standard Non Fee Earner",,"User Type",4)

 If UserStatus = vbYes Then
  Set objGroup = GetObject("LDAP://CN=Non Fee Earners,CN=Users,DC=EnterYourDomainName,DC=com")
 Else 
  UserStatus = WshShell.popup("Is this a member of IT",,"User Type",4)
 End If
End If

Wscript.quit

'Create users home directory
If fso.FolderExists(ProfileServer & "" & UserName) = False Then
 fso.CreateFolder(ProfileServer & "" & LCase(UserName))
 fso.CreateFolder(ProfileServer & "" & UserName & "interface") End If

'Share user home directory
AdminServer = "EnterYourAdminServer"
ShareName = LCase(Username) & "$"
FolderName = "E:usershome" & UserName
Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "ROOTCIMV2")
Set SecDescClass = Services.Get("Win32_SecurityDescriptor")
Set SecDesc = SecDescClass.SpawnInstance_() 
Set Share = Services.Get("Win32_Share") 
Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_()
InParam.Properties_.Item("Access") = SecDesc
InParam.Properties_.Item("Description") = "Home Directory"
InParam.Properties_.Item("Name") = ShareName
InParam.Properties_.Item("Path") = FolderName
InParam.Properties_.Item("Type") = 0
Share.ExecMethod_"Create", InParam

If fso.FileExists("C:winntsystem32adssecurity.dll") = False Then
 fso.CopyFile("EnterYourFileServerinstallsoftwareadsiadssecurity.dll"),("c:winntsystem32")
 WshShell.Run("%comspec% /c regsvr32.exe /s C:winntsystem32adssecurity.dll")
 Wscript.sleep 50000
End If

ReplaceACL ProfileServer & "" & Username,"add(" & UserName & ":F)+add(domain admins:F)"

Set WshShell = Nothing
Set fso = Nothing
Set WshNetwork = Nothing
Set usr = Nothing
Set NewShare = Nothing
Set Services = Nothing
Set SecDescClass = Nothing
Set SecDesc = Nothing
Set Share = Nothing
Set InParam = Nothing
Set sec = Nothing
Set sd = Nothing
Set dacl = Nothing
Set ace = Nothing
Set oIADSUser = Nothing
Set objGroup = Nothing

MsgBox "The creation of user: " & FirstName & " " & Surname & VbCrLf &_
  "has completed without error"


'Functions

'Set permissions on users home directory Function ReplaceACL(foldernm, permspart)
 foldernm = ProfileServer & "" & Username
 If fso.FolderExists(foldernm)= False Then
  MsgBox "Sorry this folder is not present on the server"
 Else
  ChangeACLS foldernm, permspart, "REPLACE", "FOLDER"
 End If
End Function

'Edit ACLS of specified folder
Function ChangeAcls(FILE,PERMS,REDIT,FFOLDER)

 Const ADS_ACETYPE_ACCESS_ALLOWED = 0
 Const ADS_ACETYPE_ACCESS_DENIED = 1
 Const ADS_ACEFLAG_INHERIT_ACE = 2
 Const ADS_ACEFLAG_SUB_NEW = 9
     
 Set sec = Wscript.CreateObject("ADsSecurity")
 Set sd = sec.GetSecurityDescriptor("FILE://" & FILE)
 Set dacl = sd.DiscretionaryAcl

 If UCase(REDIT)="REPLACE" Then
  For Each existingAce In dacl
  dacl.removeace existingace
  Next
 End If
     
 'break up Perms into individual actions
 cmdArray=split(perms,"+")
   
 For x=0 to ubound(cmdarray)
 tmpVar1=cmdarray(x)
 If UCase(left(tmpVar1,3))="DEL" Then
  ACLAction="DEL"
 Else
  ACLAction="ADD"
 End If

 tmpcmdVar=left(tmpVar1,len(tmpVar1)-1)
 tmpcmdVar=right(tmpcmdVar,len(tmpcmdVar)-4)
 cmdparts=split(tmpcmdVar,":")
 nameVar=cmdparts(0)
 rightVar=cmdparts(1)

 If ACLAction="ADD" Then
  If UCase(FFOLDER)="FOLDER" Then
   addace dacl, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_SUB_NEW
   addace dacl, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE
  Else
   addace dacl, namevar, rightvar, ADS_ACETYPE_ACCESS_ALLOWED,0
  End If
 End If
 Next

 For Each ace in dacl
  If instr(ucase(ace.trustee),"NT AUTHORITY") then
   newtrustee=right(ace.trustee, len(ace.trustee)-instr(ace.trustee, ""))
   ace.trustee=newtrustee
  End If
 Next

 sd.DiscretionaryAcl = dacl 
 sec.SetSecurityDescriptor sd

End Function

Function addace(dacl,trustee, maskvar, acetype, aceflags)
 ' add ace to the specified dacl
 Const RIGHT_READ = &H80000000 Const RIGHT_EXECUTE = &H20000000 Const RIGHT_WRITE = &H40000000 Const RIGHT_DELETE = &H10000 Const RIGHT_FULL = &H10000000 Const RIGHT_CHANGE_PERMS = &H40000 Const RIGHT_TAKE_OWNERSHIP = &H80000     
 Set ace = CreateObject("AccessControlEntry")
 ace.Trustee = trustee
 
 Select Case UCase(MaskVar)
 Case "F"
 ace.AccessMask = RIGHT_FULL
 Case "C"
 ace.AccessMask = RIGHT_READ or RIGHT_WRITE or RIGHT_EXECUTE or RIGHT_DELETE
 Case "R"
 ace.AccessMask = RIGHT_READ or RIGHT_EXECUTE
 End Select

 ace.AceType = acetype
 ace.AceFlags = aceflags
 dacl.AddAce ace
End Function

This VBScript tip was submitted to the SearchVB.com tip exchange by member Lee Oliphant. Please let others know how useful it is via the rating scale below. Do you have comments on this tip? Let us know.

Do you have a useful Visual Basic, .NET or Visual Studio tip or code to share? Submit it to our monthly tip contest.

Dig Deeper on Visual Basic 6 programming language

A closer look at the Ntdsutil command-line tools for Active Directory Dig into the slew of Ntdsutil commands in Windows Server 2008 and R2 that provide admins with improved Active Directory management.

Using ADFind.exe when LDIFDE fails you Different Active Directory tools are better suited for different situations. Expert Gary Olsen provides details for how using ADFind is sometimes better than LDIFDE when listing group SIDs in a domain.

Defrag script for all volumes This tip contains a script that finds all local volumes and runs the defrag for each volume. This works for Server 2003 and XP.

Automate Active Directory tasks with scripts Scripting can be very useful in automating Active Directory tasks. This tip provides a consolidated script that demonstrates a number of Active Directory related tasks you can automate using VBScript.

Active Directory tools ease import/export of data Expert Gary Olsen explains how to use LDIFDE import and CSVDE export features to better manage your Active Directory architecture.

Mastering the LDAP search filter, Part 2 LDIFDE is a powerful command line tool that with a little practice, can easily extract specific information about AD objects. Expert Gary Olsen explains how to limit your search by way of an object class LDAP filter.

Please create a username to comment.

Google boosts VMware public cloud support with CloudSimple buy

Top 5 benefits of hybrid cloud

AI-driven development trends shake up the cloud market

IBM's latest Kubernetes tools ease use for cloud developers

How to perform test automation maintenance

How to write test cases, one component at a time

Ideas on how to hold a successful code hackathon

A Jenkins tutorial for beginners with examples

Why AI application development isn't as far away as you think

Dig Deeper on Visual Basic 6 programming language

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.