Basic User Account Creation with ADSI Scripting

ID: Q230750

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server
  • Microsoft Active Directory Service Interfaces, version 2.5

SUMMARY

The Active Directory Services Interface (ADSI) tool provides a single consistent set of interfaces that can be called in scripts using the Microsoft Windows Script Host, or other scripting languages (VBScript and JScript are supported natively).

This article demonstrates how an administrator can use ADSI to script the creation of user accounts within Active Directory.


MORE INFORMATION

The following sample script is used for demonstration purposes.

NOTE: This script requires the appropriate security context to operate. It must be run from a session in which the logged-on user has permission to create an object in the target organizational unit (OU).

Sample Script


Set ou = GetObject("LDAP://OU=Marketing,OU=DSys,DC=adsidev,DC=nttest,DC=microsoft,DC=com")
Set usr = ou.Create("user", "CN=John Smith")
'--- Mandatory Attributes----
usr.Put "samAccountName", "jsmith"

'---- Optional Attributes, you can optionally skip these----
usr.Put "sn", "Smith"
usr.Put "givenName", "John"
usr.Put "userPrincipalName", "jsmith@arcadiaybay.com"
usr.Put "telephoneNumber", "(425) 123 4567"
usr.Put "title", "Marketing Administrator Dept"
usr.SetInfo

'--Now that the user is created, reset the user's password and
'--enable its account

usr.SetPassword "secret***!"
usr.AccountDisabled = False
usr.SetInfo

Explanation of the Sample Script


  1. First, bind to a specific OU using the GetObject function. Pass this function the Lightweight Directory Access Protocol (LDAP) path to the specific object desired.


  2. A user object is created by performing the Create method directly on the OU object. The object type (user), and canonical name (John Smith) are passed as parameters of the create method.


  3. The only required property is samAccountName, which is passed in the next line. All other properties are optional. Properties are inserted into the object using the Put method.


  4. The SetInfo method is used to apply the current set of changes against the object. Once the object has been created, it is then possible to set its password and make the account enabled.


For more information, visit the following Microsoft Web site:
http://www.microsoft.com/windows/server/Technical/directory/adsilinks.asp

Additional query words:

Keywords : kbtool kbADSI kbWinOS2000
Version : WINDOWS:2000; winnt:2.5
Platform : WINDOWS winnt
Issue type : kbhowto


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.