Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

AD Account Creation

by jds (Acolyte)
on Mar 04, 2003 at 14:08 UTC ( #240346=sourcecode: print w/replies, xml ) Need Help??
Category: Win32 Stuff
Author/Contact Info John Shearer -
Description: This is an account creation script specifically aimed at Active Directory. It is obviously very specific to our environment, but makes use of some concepts that may be useful to others.
use strict;

use Win32::AdminMisc;
use Text::ParseWords;
use Win32::NetAdmin qw(UserCreate LocalGroupAddUsers LocalGroupIsMembe
+r GroupIsMember);
use Win32::Perms;
use Win32::OLE;

# Add Modules:
# perl install
# perl install
# CSV should be:  Logon_Name, Full_Name, Primary_Group, Password
# Version:  1.3a

# $server is location of Home Dirs
my $server = "\\\\DataStore";
my $Dir;
my ($logon, $name, $group, $pw, $year);
my $flags = "UF_DONT_EXPIRE_PASSWD";
my $ldapdc = "DC=nmh, DC=nmhschool, DC=ORG";
my $validgroups = 'Teacher|Admin|Student';

# Open the CSV file of account info (format listed above)
open IN, 'Add-Users.txt'
   or die "Could not open data file\n";

while (<IN>) {
   # Check input, escape single quotes, ingore comments, etc
   next unless ($_);
   next if (/^$|^#/);
   # Parse the line and remove new lines
   ($logon, $name, $group, $pw) = &quotewords(',', 0, $_);
   chomp ($logon, $name, $group, $pw);

   # Sanity checks and some parsing...
   die "Need valid group\n" unless ($group =~ /$validgroups/i);
   # Find class year of student from the logon name
   if ($group =~ /Student/i) {
      $year = substr($logon, -2);
      die "Not a valid year for student: $name\n" unless ($year =~ /\d

   # %OU is for the final OU placement
   my %OU = ("admin"   => "Admin",
             "teacher" => "Teachers",
             "student" => "Students");

   # %comment is for the comment field on the user form
   my %comment = ("admin"   => "Staff",
                  "teacher" => "Faculty",
                  "student" => "Class of 20$year");

   # %lgroup is the primary Local Group for the user
   my %lgroup = ("admin"   => "Admin",
                 "teacher" => "Teacher",
                 "student" => "Students");
   # %homes is the path for the user's Home Directory or Portfolio Dir
   my %homes = ("admin"      => "AdminHome",
                "teacher"    => "TeacherHome",
                "student"    => "Students20$year",
                "portfolio"  => "Portfolios\\Class20$year");

   # For on-screen status of creation progress...
   print "Comment: " . $comment{lc($group)} . "\n";

   # Create the user if it is not a member of "Domain Users" (meaning 
+it does not exist)
   unless ( GroupIsMember('ProdDC-NF', "Domain Users", $logon) ) {
      UserCreate("ProdDC-NF", $logon, "$pw", 0, USER_PRIV_USER, '', "$
+comment{lc($group)}", UF_DONT_EXPIRE_PASSWD, 'default.bat')
         || print "Did not create user $logon\n";
      print "Created User $logon\n";

   # Add the user to their primary local group
   unless ( LocalGroupIsMember('ProdDC-NF', "$lgroup{lc($group)}", "$l
+ogon") ) {
      LocalGroupAddUsers('ProdDC-NF', "$lgroup{lc($group)}", "$logon")
         || print "Could not add $logon to $lgroup{lc($group)}\n";

   # If it's a student, add them to their class year group
   if ($group =~ /Student/i) {
      LocalGroupAddUsers('ProdDC-NF', "Users20$year", "$logon") 
         || print "Could not add $logon to Users20$year\n";

   # Set the Full name of the new user
      USER_FULL_NAME => "$name")
         || print "Could not edit $logon\n";

   # If the Home dir does not exist, create and permission it
   # SetOwner is a program from a product called Quota Advisor to chan
+ge ownership of files and folders from the command line
   unless ( -d "$server\\$homes{lc($group)}\\$logon" ) {
      mkdir "$server\\$homes{lc($group)}\\$logon";
      `cacls "$server\\$homes{lc($group)}\\$logon\" /E /G NMH\\$logon:
      system("setowner /f $server\\$homes{lc($group)}\\$logon /o $logo

   # If in the Students group, create and permission the Portfolio
   if ($group =~ /Student/i) {
      unless ( -d "$server\\d\$\\$homes{portfolio}\\$logon" ) {
         mkdir "$server\\d\$\\$homes{portfolio}\\$logon";
         `cacls "$server\\d\$\\$homes{portfolio}\\$logon\" /E /G NMH\\
         system("setowner /f $server\\d\$\\$homes{portfolio}\\$logon /
+o $logon");

   # Use the 3rd party app TSCMD to populate the info on the TS tab
   system("tscmd \\\\ProdDC-NF \"$logon\" TerminalServerProfilePath \"
   system("tscmd \\\\ProdDC-NF \"$logon\" TerminalServerHomeDir \"\\\\
   system("tscmd \\\\ProdDC-NF \"$logon\" TerminalServerHomeDirDrive \

   # Move user from the Users OU to the OU specified by the Group
   my $oContainer = Win32::OLE->GetObject("LDAP://OU=$OU{lc($group)}, 
   my $oUser = $oContainer->MoveHere("LDAP://CN=$logon, cn=Users, $lda

close IN;
Replies are listed 'Best First'.
Re: AD Account Creation
by Cmdr_Tofu (Scribe) on Jun 13, 2003 at 12:56 UTC
    This is great, do you know how to make the user get an Exchange 2000 Mailbox as well?

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: sourcecode [id://240346]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (3)
As of 2022-08-18 23:07 GMT
Find Nodes?
    Voting Booth?

    No recent polls found