Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


June 01, 1999

An ADSI Primer, Part 6: Using ADSI to Create and Manipulate User Accounts


A Web Exclusive from Windows IT Pro
Alistair G. Lowe-Norris
An ADSI Primer
InstantDoc #5456
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
View this exclusive article with VIP access -- click here to join |
See More Systems Administration Articles Here | Reprints | Or sign up for our VIP Monthly Pass!
SideBar    Boolean Arithmetic with Hexadecimal Values, Oops

Editor's note: This article is the sixth part of a 12-part series about Active Directory Service Interfaces (ADSI) The series started in the January 1999 issue. Refer to previous installments for definitions and background information.

In the previous five articles, I discussed the basics of ADSI and how ADSI works. In the remaining articles, I'll show you how to use ADSI to help you with daily tasks, such as manipulating user accounts, services, shares, and sessions in Windows NT's SAM and Windows 2000's (Win2K's) Active Directory (AD). This month, I show you how to automate two fundamental administrative tasks: creating and manipulating user accounts.

Although tools to create user accounts already exist (e.g., the Microsoft Windows NT Server 4.0 Resource Kit's Addusers utility), ADSI's versatility lets you quickly write a script that creates one or many user accounts and manipulate existing accounts. For example, you can write a script that creates one standard or full-featured user account or a script that creates 1000 full-featured user accounts. You can even create a command-line utility that unlocks locked-out user accounts. . . .

Reader Comments
<p>Is there a way to check if a user account exists on Win 2000 to determine if the container::create (username...) is necessary?</p>
<br>
<p>Charles - Use the SearchAD function from article 5 in the ADSI Primer series (May 1999) to search the AD first using ADO.<br>
<br>
Note that September 1999 contained a correction to that article.<br>
<b>--Alistair</b></p>

Charles Schmidt March 27, 2001

<p>Can I disable the sAMAccountName property of the user class? When I try to set the sAMAccountName property data to more than 25 characters, it gives me an error like <i>Automation error.</i> Are there other possibilities?</p>
<br>
<p>Sneha - No, I'm afraid you cannot disable the sAMAccountName. As this MSDN page http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/naming_properties.asp indicates, it's an important property for Win2K servers and needs to be unique on a per-domain basis. It should be less than 20 characters to support downlevel servers and clients. The exact definitions are here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adschema/w2k/A_sAMAccountName.asp<br>
<b>--Alistair</b></p>

sneha February 13, 2002

<p>Hi! You mentioned the following in the article: "You can't use VBScript to access all the read-write attributes. For example, ADSI returns the ObjectSID attribute as a byte array. Unfortunately, VBScript understands only variant arrays, which renders the returned data useless. As a result, you must use Perl, Visual Basic (VB), or C++ if you want to use ObjectSID."<br>
<br>
I'm trying to search for a specific objectSID using LDAP, and I'm using VB.NET to run the search. Might you have any idea what the objectSID type would be in order to search for that user in the directory (e.g., convert objectSID byte array into a string? or search for the hex alphanumberic values? or something else?). I've been making baby steps in my application and this is possibly the last hurdle. I've attempted a number of things--even hardcoding my objectSID's ASCII value--but nothing worked. Any help would be GREATLY appreciated!</p>
<br>
<p>Jerermy - If you check MSDN, you’ll find that the Object-SID is described here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adschema/w2k/A_objectSid.asp?frame=true. Its syntax is 2.1.1.17, which according to the page at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adschema/w2k/syntaxList.asp is a String(Sid). If you click the String(Sid) link (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adschema/w2k/S_String(Sid).asp), you can see String(Sid) is the type ADSTYPE_OCTET_STRING and the variant VT_UI1 | VT_ARRAY. You can find out more from MSDN at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adschema/schemahelp.asp. Hope that helps.<br>
<b>--Alistair</b></p>


Jeremy April 30, 2002

How can I set a user's UPN from vbscript? I am having a tough go of it! Thanks!

BDakis August 23, 2004 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...

Microsoft Delivers Service Pack 2 Beta 2 for Vista, Server 2008

Microsoft on Tuesday announced the availability of the Beta 2 version of Service Pack 2 (SP2) for Windows Vista and Windows Server 2008. Since both operating systems were developed from the same code base, they have a common servicing structure and thus ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...
Related Events SQL Server 2008 – Can You Wait? | Philadelphia

SQL Server 2008 – Can You Wait? | Atlanta

SQL Server 2008 – Can You Wait? | Chicago

Check out our list of Free Email Newsletters!
Scripting eBooks Keeping Your Business Safe from Attack: Encryption and Certificate Services

Best Practices for Managing Linux and UNIX Servers

Building an Effective Reporting System
Related Scripting Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Implement a Successful Archiving Solution
View this web seminar to learn the best practices for creating an email archive that is secure, compliant, and searchable.
Protect Your Company’s Digital Assets
Do you know the risks of sending important files over email or FTP? Read this white paper to learn what you can do to safeguard your company’s data.

Prepare Yourself for Exchange Catastrophe
Read this white paper to learn how you can keep Exchange server healthy, as well as predict and respond to server failure.

Boost Customer Confidence and Satisfaction
Read this eBook to learn how faxing can ease communication with less computer-savvy customers while reducing your security, compliance and support woes.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing