Question regarding New User Creation Script

From: meridean <chris.john.flynn@xxxxxxxxx>
Date: Thu, 6 Dec 2007 03:04:05 -0800 (PST)

Hello Everybody,

I wonder if someone can help with the questions I have.

I have a Citrix Server which is a member of an NT4 domain which in
turn trusts and AD Domain. My administrators access the citrix server
to manage both the NT4 domain and the AD Domain. However if my users
use the VBScript I have created to create user accounts they can only
create accounts on the NT4 domain and not the AD domain. If they run
the script directly on a server which is a member of the AD domain
then it works fine and creates accounts on the AD domain. (I am unsure
if it successfully creates accounts on the NT4 Domain from the AD
Domain as I have not tested this yet.)
Does anyone know if there are restrictions in place preventing a
script from creating user accounts on Multiple different domains from
one domain and if so does anyone know how to resolve this issue?

I have posted the code below which shows how I am querying the AD
domain and the NT Domain:

----------------------------------------------------------NT
Domain-------------------------------------------------------------------------------------------
Sub
AccountCreateNT4(firstname,middlename,lastname,template,username,strNTServer)

Set objNetwork=CreateObject("Wscript.network")
If Len(username) > 15 Then
MsgBox "The length of the user's SAMaccountname " & "is too long.
The limit is 15. The account you entered " &_
"has a length of " & Len(username) & "."
btnRunScript.disabled = false
btnReset.disabled = false
btnClose.disabled = false
Exit Sub
End If
strPassword="password"
dtExpire=DateAdd("d",Now,iExpire)

'***Now we get the array of groups that the template account is a
member of.***

If template = "" then
btnRunScript.disabled = false
btnReset.disabled = false
btnClose.disabled = false
Exit Sub
Else
'Do Nothing and continue the script.
End If

Set objDomain = GetObject("WinNT://" & strNTServer)
Set objUser = objDomain.GetObject("user", template)

For Each objGroup In objUser.Groups
strGroupList = strGroupList & objGroup.Name & ","
next

'***Search to see if the user already exists in the domain.***

Set objComputer = GetObject("WinNT://" & strNTServer)
objComputer.Filter = Array("user")
intFound = 0

For Each User In objComputer
If lcase(User.Name) = lcase(username) Then
intFound = 1
End If
Next

If intFound = 1 Then
MsgBox "The " & username & " account already exists."
btnRunScript.disabled = false
btnReset.disabled = false
btnClose.disabled = false
Exit Sub
Else
'Do Nothing and continue with the script.
End If

'***Create the User Account in the domain.***

Set objUser = objComputer.Create("user", username)
objUser.Fullname = firstname & middlename & lastname
objUser.Description = firstname & middlename & lastname
objUser.SetInfo
objUser.SetPassword strPassword
objuser.Accountdisabled = FALSE
objUser.SetInfo

'***Add New User to Groups as per the template account.***

'***use the Split function to turn the comma-separated list into an
array

sGroupList = Split(strGroupList, ",")

'***go through the array and add the user to each group.***

For iTemp = 0 To uBound(sGroupList) - 1
'***get the group.***

Set oDomain = GetObject("WinNT://" & strNTServer)
Set objGroup = oDomain.GetObject("Group", sGroupList(itemp))

'***add the user account.***
'***When user created, they are a member of "Domain Users".***
If (objGroup.IsMember(objUser.AdsPath) = False) Then
objGroup.Add(objUser.AdsPath)
End If

'oGroup.Add(objUser.ADSpath)

'***release the group.***

Set oGroup = Nothing
Set oDomain = Nothing

NEXT
End Sub

------------------------------------------------------------AD
Domain-----------------------------------------------------------------------------------------
Sub
AccountCreate2003(firstname,middlename,lastname,template,username,strNTServer)

inputdomain = strNTServer
intAccValue = 544

fullname = "cn=" & username
displayname = firstname & " " & lastname
strBase = "<LDAP://dc="; & inputdomain & ",dc="input",dc="input">"
strQuery = "(&(objectCategory=person)(sAMAccountname=" & template &
"))"
strFilters = "sAMAccountname,adspath"

LDAPCMDTXT = strBase & ";" & strQuery & ";" & strFilters

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider="ADsDSOObject"
objConnection.Open = "Active Directory Provider"
objCommand.ActiveConnection = objConnection

objCommand.CommandText = LDAPCMDTXT

Set objRecordSet = objCommand.Execute

Const ADS_UF_NORMAL_ACCOUNT = 512
adsTemplate = objRecordset.fields("adspath").value

Set ou = Getobject("LDAP://cn=users,dc="; & inputdomain &
",dc="input",dc="input")

set templateobject=getobject(adsTemplate)

'***Now we get the array of groups that the template account is a
member of.***

grouplist=usersgroups(adsTemplate)
templategroups=split(grouplist,",")

for groups=0 to ubound(templategroups)
'msgbox templategroups(groups)
next

'***Now we create the new user account so that we can set its
properties***

Set objuser = ou.Create("user", fullname)
objuser.Put "samAccountName", username
objuser.SetInfo
objuser.lastname=lastname
objuser.givenname=firstname
if len(middlename)>0 then
objuser.initials=left(middlename,1)
end if
objuser.setinfo
objuser.userPrincipalName=username & "@" & inputdomain & "." &
"input.input"
objuser.displayname=displayname
objuser.description=displayname
objuser.setinfo

'****Now we enable the account and add the account to the necessary
groups.***

res=addgroups(grouplist,objuser.adspath,inputdomain)

objuser.Accountdisabled=0
strPassword="password"
objuser.setpassword strPassword
objUser.Put "userAccountControl", intAccValue
objuser.setinfo

objConnection.Close

End sub

---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks for any help you can provide.
.

Prev by Date: Re: What do I need to install to use vbscripting
Next by Date: Re: WMI StopService
Previous by thread: Re: UserAccounts.CommonDialog on Windows 2000
Next by thread: Re: querying an array
Index(es):
- Date
- Thread

Relevant Pages

Re: Password migration
... If it is to be a member server, there must be another domain controller. ... domain and go to a workgroup, you'll have to create individual accounts on ... Or How to migrate user accounts to SAM? ...
(microsoft.public.win2000.group_policy)
Re: Mailbox maps to Sid when running Data collection
... Is it an Account from the NT4 domain or an account ... > 10 of them come up with a second match to a sid in ... The user accounts do not exist in that OU. ...
(microsoft.public.exchange.setup)
Re: DS tools? Help needed group & user creation
... accounts and all the groups and nested groups that these members are a ... every group that each member is a member of. ... all the groups first and then create the user accounts. ...
(microsoft.public.windows.server.active_directory)
Re: AD Delegation Fails - Permissions Disappear
... in turn a member of the Print Operators group. ... inheriting permissions?? ... ACL on all security principals (users, groups, and machine accounts) present ... AdminSDHolder Object Affects Delegation of Control for Past Administrator ...
(microsoft.public.windows.server.active_directory)
Re: security INF files
... member of and remove it. ... Use of included script samples are subject ... >>That will remove all accounts from the power users group. ...
(microsoft.public.win2000.security)