What are the steps for creating a new domain user, exchange account & shared drives?
Is it possible to automate this on Windows Server 2003/2008 using a script?
Alexander Roberts
To create the new domain users, exchange accounts and shared drives in windows 2003 servers or win 2008 you may use some scripts, which will allow to keep on using the same for any new such entities, instead of going through the long procedure of creating these individually.
START WITH The following script without the serial numbers:
1. Dim StrOU, strUser, strDNSDomain, objCommand
2. Dim objRootLDAP, objGroup, objUser, strQuery
3. Dim strDN, objManager, strDateCreated
Now Use ADO to get Active Directory information
1. Set objConnection = CreateObject("ADODB.Connection")
2. Set objCommand = CreateObject("ADODB.Command")
3. ObjConnection.Provider = "ADsDSOObject"
4. ObjConnection.Open "Active Directory Provider"
5. Set objCommand.ActiveConnection = objConnection
Again Get Time Zone Information from local computer
1. dtmLatestLogon = #1/1/1601#
2. dtmWhenCreated = #1/1/1601#
3. strComputer = "."
4. Set objWMIService = GetObject("winmgmts:" & strComputer & "rootcimv2")
5. Set colTimeZones = objWMIService.ExecQuery("Select * From
6. Win32_TimeZone")
7. For Each objTimeZone in colTimeZones
8. intTimeZoneBias = objTimeZone.Bias
9. intDaylightBias = objTimeZone.DaylightBias
10. Next
Now Define User and Group Information
1. '##### — Change These Values — #####
2. strUser = "CN=TestUser," ' Name of existing AD user
3. strOU = "OU=Test," ' Name of OU that user is in
4. strGroup = "CN=Test Group," ' Name of existing group to add user to
5. '##### — End Section — #####
Now Check for Password Last Set and Password Expiration
1. Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
2. Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
3. Const ONE_HUNDRED_NANOSECOND = .000000100
4. Const SECONDS_IN_DAY = 86400
5. intUserAccountControl = objUser.Get("userAccountControl")
6. If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then ' LINE11
7. WScript.Echo "The password does not expire."
8. Else
9. dtmValue = objUser.PasswordLastChanged
10. If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then ' LINE16
11. WScript.Echo "The password has never been set."
12. Else
13. intTimeInterval = Int(Now – dtmValue)
14. WScript.Echo "The password was last set on " & _
15. DateValue(dtmValue) & " at " & TimeValue(dtmValue) & vbCrLf &
16. _
17. "The difference between when the password was last" & vbCrLf &
18. _
19. "set and today is " & intTimeInterval & " days"
20. End If
21. Set objDomain = GetObject("LDAP://" & strDNSDomain)
22. Set objMaxPwdAge = objDomain.Get("maxPwdAge")
23. If objMaxPwdAge.LowPart = 0 Then
24. WScript.Echo "The Maximum Password Age is set to 0 in the " & _
25. "domain. Therefore, the password does not expire."
26. Else
27. dblMaxPwdNano = _
28. Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
29. dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND
30. ' LINE37
31. dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY) ' LINE38
32. WScript.Echo "Maximum password age is " & dblMaxPwdDays & "days"
33. If intTimeInterval >= dblMaxPwdDays Then
34. WScript.Echo "The password has expired."
35. Else
36. WScript.Echo "The password will expire on " & _
37. DateValue(dtmValue + dblMaxPwdDays) & " (" & _
Int((dtmValue + dblMaxPwdDays) – Now) & " days from today)."
38. End If
39. End If
40. End If
41. 'Wscript.Quit
Now Add User to a Group
1. '##### — Uncomment the following lines to add user to group defined
2. above — #####
3. 'Wscript.Echo "Adding " & objUser.DisplayName & " to the " & strGroup &
4. " group…"
5. 'set objGroup = GetObject("LDAP://" & strGroup & strOU & strDNSDomain)
6. 'objGroup.add(objUser.ADSPath)
7. '##### — End Section– #####
Copy these scripts in NOTEPAD ++, and save either individually or combine them by adding the extension .vbs
Now lets prepare a script for sharing a folder on the network.
Using the administrator log on to the domain controller
Look for the folder you want to share, and copy its complete path, and paste on NOTEPAD.
For example:
net use X: \mydomain.com\MyRoot which is the path of DFS root folder.
Now save this file with an extension of .bat. For example “sharefolder.bat”
Now we prepare to use these scripts automatically. For this purpose, click on start-Administrative tools.
50. Click on Active Directory users and computers
51. Now right click on the domain name for example. Mydomain.com, click on properties
52. Go to Group Policy tab and click on new- name the new policy as MapNetworkDrive
53. Now Click on Edit button . In the opened snap in under User Configuration expand Windows Settings and select Scripts (Logon/Logoff).
54. On the right pane double click on Logon script- click on properties box-add button-click on browse
55. Now copy the sharefolder.bat, and paste it, click on open button,click on add a script box, press OK
56. Now Close the opened snap-in.
57. Now open the command prompt, and type “gpupdate/force” (without quotation) to update the group policy settings.
Same way by using the steps from serial 50 onward you can automate the scripts saved above with .vbs extension.
PT
