1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Adding New Users To Active Directory/LDAP Server Using A Script

Discussion in 'Programming' started by pradeep, May 14, 2008.

  1. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    As systems administrations/application integrations developers we always want to automate things like adding new users to the DC (Domain Controller)/Active Directory, so, here's a VBScript and Perl Script which can be used to add users, either from a uploaded CSV file, or in any way you want just by modifying a few lines. You'll understand the basic idea of how to acheive the task, for everything else there is for,while,etc.

    The VBScript reads a CSV file containing names, creates the users and sets a default password for the newly created users. This script needs to be run on the active directory itself.

    Code:
     Const ADS_PROPERTY_APPEND = 3
     set WshShell = WScript.CreateObject("WScript.Shell")
     Set FSO = CreateObject("Scripting.FileSystemObject")
     
     Set NamesFile = FSO.OpenTextFile("dc_users.csv", 1)
     FullName = "NoName"
     
     do until namesfile.AtEndOfStream
     
         Temp = NamesFile.ReadLine
         NamesList = Nameslist & ", " & temp
         if temp <> "" then
             Seperator = instr(Temp, ",") + 1
             Seperator2 = instr((seperator), temp, ",") - 1
             FirstName = left(Temp, Seperator - 2)
             LastName = Mid(Temp, Seperator, Seperator2 - Seperator + 1)
             userName = Left(firstname,1) & lastname
             FullName = FirstName & " " & LastName
     
             Set objOU = GetObject("LDAP://ou=Development,dc=Go4Expert,dc=com")
     
             'create user account
             Set objUser = objOU.Create("user", "cn=" & FullName)
             objUser.Put "sAMAccountName", username
             objUser.sn = LastName
             objUser.givenname = FirstName
             objUser.physicalDeliveryOfficeName = "MD"
             objUser.displayname = FirstName & " " & LastName
             objUser.userPrincipalName = UserName & "@go4expert.com"
             objUser.Description = "Developer"
             objUser.SetInfo
     
             'things that have to be set after account created
             objUser.ChangePassword "", "password"
             objUser.AccountDisabled = FALSE
             objUser.Put "pwdLastSet", 0
             objUser.SetInfo
     
             'put in to groups if required
             Set objGroup = GetObject("LDAP://cn=Developers,dc=Go4Expert,dc=com")
             objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array("cn=" & FullName & ",ou=Development,dc=Go4Expert,dc=com")
             objGroup.SetInfo
     
         end if
     
     loop
     
     NamesFile.close
     
    The Perl script uses an all-together different approach, for those who don't know, active directory also works like a LDAP server, so you can connect to it using LDAP and do you stuff! :) This script can be used to connect to the Active Directory from a different server/remote location to create the new user. You can modify the code to read a CSV file, like the VBScript example above.

    Code:
     #!/usr/bin/perl
     
     use Net::LDAPS;
     
     $Ad = Net::LDAPS->new("ldap.go4expert.com", version => 3, port => 636) or die("failed $!");
     print "Failed connecting" if(!$Ad);
     
     ## bind as an admin or someone who has privileges to create an user
     $b = $Ad->bind(dn => 'cn=Admin,cn=Developers,dc=Go4Expert,dc=com', password => 'adminzhsh') or die("failed $!; ".$b->error);
     
     $result = $ldap->add( 'cn=Developers,dc=Go4Expert,dc=com',
                            attr => [
                              'cn'   => 'Shabbir Bhimani',
                              'sn'   => 'Bhimani',
                              'mail' => 'shabbir @ go4expert.com',
                              'objectclass' => ['top', 'person','organizationalPerson','inetOrgPerson' ]]
                          );
     
     $result->code && warn "failed to add entry: ", $result->error ;
     
     

Share This Page