auto add sutdents to AD 2008

Discussion:

(too old to reply)

nico

2009-06-11 14:05:04 UTC

Hello,

I have a script that auto add's student to my AD for win2003 server.
for win2008server it does not work
I get errors

Any suggestions?

N.

' Author Guy Thomas http://computerperformance.co.uk/

' ------------------------------------------------------'
Option Explicit
Dim objRootLDAP, objContainer, objUser, objShell
Dim objExcel, objSpread, intRow
Dim strUser, strOU, strSheet
Dim strCN, strSam, strFirst, strLast, strPWD

' -------------------------------------------------------------'
' Important change OU= and strSheet to reflect your domain
' -------------------------------------------------------------'

strOU = "OU=Studenten ," ' Note the comma
strSheet = "D:\IT\users aanmaken\adduser.xls"

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strOU & _
objRootLDAP.Get("defaultNamingContext"))

' Open the Excel spreadsheet
Set objExcel = CreateObject("Excel.Application")
Set objSpread = objExcel.Workbooks.Open(strSheet)
intRow = 3 'Row 1 often contains headings

' Here is the 'DO...Loop' that cycles through the cells
' Note intRow, x must correspond to the column in strSheet
Do Until objExcel.Cells(intRow,1).Value = ""
strSam = Trim(objExcel.Cells(intRow, 1).Value)
strCN = Trim(objExcel.Cells(intRow, 2).Value)
strFirst = Trim(objExcel.Cells(intRow, 3).Value)
strLast = Trim(objExcel.Cells(intRow, 4).Value)
strPWD = Trim(objExcel.Cells(intRow, 5).Value)

' Build the actual User from data in strSheet.
Set objUser = objContainer.Create("User", "cn=" & strCN)
objUser.sAMAccountName = strSam
objUser.givenName = strFirst
objUser.sn = strLast
objUser.SetInfo

' Separate section to enable account with its password
objUser.userAccountControl = 512
objUser.pwdLastSet = 0
objUser.SetPassword strPWD
objUser.SetInfo

intRow = intRow + 1
Loop
msgbox "Script met succes uitgevoerd",8,1
objExcel.Quit

WScript.Quit

' End of free example UserSpreadsheet VBScript.

Richard Mueller [MVP]

2009-06-11 15:01:49 UTC

Permalink

Post by nico
Hello,
I have a script that auto add's student to my AD for win2003 server.
for win2008server it does not work
I get errors
Any suggestions?
N.
' Author Guy Thomas http://computerperformance.co.uk/
' ------------------------------------------------------'
Option Explicit
Dim objRootLDAP, objContainer, objUser, objShell
Dim objExcel, objSpread, intRow
Dim strUser, strOU, strSheet
Dim strCN, strSam, strFirst, strLast, strPWD
' -------------------------------------------------------------'
' Important change OU= and strSheet to reflect your domain
' -------------------------------------------------------------'
strOU = "OU=Studenten ," ' Note the comma
strSheet = "D:\IT\users aanmaken\adduser.xls"
' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strOU & _
objRootLDAP.Get("defaultNamingContext"))
' Open the Excel spreadsheet
Set objExcel = CreateObject("Excel.Application")
Set objSpread = objExcel.Workbooks.Open(strSheet)
intRow = 3 'Row 1 often contains headings
' Here is the 'DO...Loop' that cycles through the cells
' Note intRow, x must correspond to the column in strSheet
Do Until objExcel.Cells(intRow,1).Value = ""
strSam = Trim(objExcel.Cells(intRow, 1).Value)
strCN = Trim(objExcel.Cells(intRow, 2).Value)
strFirst = Trim(objExcel.Cells(intRow, 3).Value)
strLast = Trim(objExcel.Cells(intRow, 4).Value)
strPWD = Trim(objExcel.Cells(intRow, 5).Value)
' Build the actual User from data in strSheet.
Set objUser = objContainer.Create("User", "cn=" & strCN)
objUser.sAMAccountName = strSam
objUser.givenName = strFirst
objUser.sn = strLast
objUser.SetInfo
' Separate section to enable account with its password
objUser.userAccountControl = 512
objUser.pwdLastSet = 0
objUser.SetPassword strPWD
objUser.SetInfo
intRow = intRow + 1
Loop
msgbox "Script met succes uitgevoerd",8,1
objExcel.Quit
WScript.Quit
' End of free example UserSpreadsheet VBScript.

I don't see anything that would work in W2k3 but not W2k8, with the possible
exception of strong passwords. A minor point is that I would remove the
space before the comma in the following statement:

strOU = "OU=Studenten ," ' Note the comma

If the error is raised on the first SetInfo, then the problem is with cn,
sAMAccountName, givenName, or sn. The only way givenName or sn will raise an
error is if the value is blank. If this is possible, test for it and do not
assign if the value in the spreadsheet is blank. cn will raise an error if
it is not unique in the container, sAMAccountName will raise an error if it
is not unique in the domain.

I don't see how an error could be raised on the second SetInfo statement,
unless for some reason 512 is not allowed for userAccountControl. It might
help to use the AccountDisabled property method instead to enable the
account. For example

objUser.AccountDisabled = False

Finally, if the error is raised on the SetPassword statement, then your
password does not meet domain requirements, probably complexity.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

nico

2009-06-12 11:50:47 UTC

Permalink

R.,

the error is raised on the first SetInfo

neither givenName or sn is blank and
sAMAccountName is unique (the same as sn and givenname)

the error has as source "active directory"
and the (translated from dutch) error = access error

any suggestions?

Post by Richard Mueller [MVP]

I don't see anything that would work in W2k3 but not W2k8, with the possible
exception of strong passwords. A minor point is that I would remove the
strOU = "OU=Studenten ," ' Note the comma
If the error is raised on the first SetInfo, then the problem is with cn,
sAMAccountName, givenName, or sn. The only way givenName or sn will raise an
error is if the value is blank. If this is possible, test for it and do not
assign if the value in the spreadsheet is blank. cn will raise an error if
it is not unique in the container, sAMAccountName will raise an error if it
is not unique in the domain.
I don't see how an error could be raised on the second SetInfo statement,
unless for some reason 512 is not allowed for userAccountControl. It might
help to use the AccountDisabled property method instead to enable the
account. For example
objUser.AccountDisabled = False
Finally, if the error is raised on the SetPassword statement, then your
password does not meet domain requirements, probably complexity.

Richard Mueller [MVP]

2009-06-12 15:06:56 UTC

Permalink

The sn and givenName attributes can be assigned anything, except a blank
string. If there is no value for either of these, just don't assign any
value.

If the value for sAMAccountName is unique in the domain, and the value of cn
is unique in the OU, then the only possible causes of the error I can think
of are:

1. You don't have permission to create user objects in the OU.
2. The sAMAccountName is more than 20 characters long.
3. The cn is more than 104 characters (if I remember correctly).
4. The sAMAccountName includes any of the following characters:
[ ] : ; | = + ? < > * "
5. If the value of the cn attribute includes any of the following
characters:
, \ # + < > ; " = /
or a leading or trailing space, then the character must be escaped using the
backslash, "\", escape character. For example, if the common name is "Smith,
Jim", then you must specify "Smith\, Jim". See this link for details:

http://www.rlmueller.net/CharactersEscaped.htm

Hopefully this accounts for the error.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Post by Richard Mueller [MVP]
R.,
the error is raised on the first SetInfo
neither givenName or sn is blank and
sAMAccountName is unique (the same as sn and givenname)
the error has as source "active directory"
and the (translated from dutch) error = access error
any suggestions?

Post by Richard Mueller [MVP]

I don't see anything that would work in W2k3 but not W2k8, with the
possible exception of strong passwords. A minor point is that I would
strOU = "OU=Studenten ," ' Note the comma
If the error is raised on the first SetInfo, then the problem is with cn,
sAMAccountName, givenName, or sn. The only way givenName or sn will raise
an error is if the value is blank. If this is possible, test for it and
do not assign if the value in the spreadsheet is blank. cn will raise an
error if it is not unique in the container, sAMAccountName will raise an
error if it is not unique in the domain.
I don't see how an error could be raised on the second SetInfo statement,
unless for some reason 512 is not allowed for userAccountControl. It
might help to use the AccountDisabled property method instead to enable
the account. For example
objUser.AccountDisabled = False
Finally, if the error is raised on the SetPassword statement, then your
password does not meet domain requirements, probably complexity.

Richard Mueller [MVP]

2009-06-12 15:23:51 UTC

Permalink

The maximum length for the cn attribute is 64 characters. I think your error
is most likely due to an embedded comma in the cn, or a similar character
that must be escaped.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Post by Richard Mueller [MVP]
The sn and givenName attributes can be assigned anything, except a blank
string. If there is no value for either of these, just don't assign any
value.
If the value for sAMAccountName is unique in the domain, and the value of
cn is unique in the OU, then the only possible causes of the error I can
1. You don't have permission to create user objects in the OU.
2. The sAMAccountName is more than 20 characters long.
3. The cn is more than 104 characters (if I remember correctly).
[ ] : ; | = + ? < > * "
5. If the value of the cn attribute includes any of the following
, \ # + < > ; " = /
or a leading or trailing space, then the character must be escaped using
the backslash, "\", escape character. For example, if the common name is
"Smith, Jim", then you must specify "Smith\, Jim". See this link for
http://www.rlmueller.net/CharactersEscaped.htm
Hopefully this accounts for the error.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Post by Richard Mueller [MVP]

I don't see anything that would work in W2k3 but not W2k8, with the
possible exception of strong passwords. A minor point is that I would
strOU = "OU=Studenten ," ' Note the comma
If the error is raised on the first SetInfo, then the problem is with
cn, sAMAccountName, givenName, or sn. The only way givenName or sn will
raise an error is if the value is blank. If this is possible, test for
it and do not assign if the value in the spreadsheet is blank. cn will
raise an error if it is not unique in the container, sAMAccountName will
raise an error if it is not unique in the domain.
I don't see how an error could be raised on the second SetInfo
statement, unless for some reason 512 is not allowed for
userAccountControl. It might help to use the AccountDisabled property
method instead to enable the account. For example
objUser.AccountDisabled = False
Finally, if the error is raised on the SetPassword statement, then your
password does not meet domain requirements, probably complexity.

nico

2009-06-15 07:44:13 UTC

Permalink

Post by Richard Mueller [MVP]
The sn and givenName attributes can be assigned anything, except a blank
string. If there is no value for either of these, just don't assign any
value.
If the value for sAMAccountName is unique in the domain, and the value of cn
is unique in the OU, then the only possible causes of the error I can think
1. You don't have permission to create user objects in the OU.
2. The sAMAccountName is more than 20 characters long.
3. The cn is more than 104 characters (if I remember correctly).
[ ] : ; | = + ? < > * "
5. If the value of the cn attribute includes any of the following
, \ # + < > ; " = /
or a leading or trailing space, then the character must be escaped using the
backslash, "\", escape character. For example, if the common name is "Smith,
http://www.rlmueller.net/CharactersEscaped.htm
Hopefully this accounts for the error.

Tx for the very appreciated help
the main problem was as it seems that i could not create users with a
script when i was logged on with a new created adminaccount that
neverthelesss was added to the same groups as the regular admin.