----------------------------------------------------------------------------- Set DomainObj = GetObject("WinNT://YourDomain") Set UserObj = DomainObj.Create("user", "UserID") UserObj.SetInfo Set UserObj = Nothing This is a list of what you can't do when you use WinNT:// moniker: Create OU and contacts. Create mail-enabled users. Create distribution groups and universal groups. Fill out Active Directory fields which a Windows 2000 specific. Change user mailbox parameters. So, what to do? The rule number one: for Windows 2000 Active Directories environment use LDAP:// provider instead of WinNT://. WinNT:// is good for Windows NT 4.0 only. The above written in LDAP:// var objRootDSE; var objContainer; var objNewObject; // This string connects you to your AD root DSE. DOMAIN must be your FQDN // or the name for any of your DC. This could be omitted only if you've // logged as a user for the domain you want to connect to. objRootDSE = GetObject("LDAP://DOMAIN/RootDSE"); // This returns you a container (normally, organisational unit) you want // to create your object at. 'Test Users' OU must exist. // objRootDSE.Get("defaultNamingContext") returns your FQDN in x.500 // format, ie for foo.vic.com.au it would be 'DC=foo,DC=vic,DC=gov,DC=au'. objContainer = GetObject("LDAP://DOMAIN/" + "ou=Test Users," + objRootDSE.Get("defaultNamingContext")); // This creates an object off the type 'user' and an object name // 'TestUser', see Table 1 below. objNewObject = objContainer.Create("user","cn=TestUser"); // This sets up another mandatory parameter for the object 'user', see // Table 1 below. objNewObject.Put("sAMAccountName", " TestUser"); // This updates AD with an information you set up. objNewObject.SetInfo(); WScript.Quit(0); -----------------------------------------------------------------------------
Object classMandatory parameters
computercn
sAMAcountName
contactcn
containercn
groupcn
groupType:
Security Local: -2147483644
Security Global: -2147483646
Distribution Local: 4
Distribution Global: 2
Distribution Universal: 8
sAMAcountName
localityl
organizationalUnitou
printQueuecn
shortServerName
serverName
printerName
versionNumber
uNCName
usercn
sAMAcountName
Optional parameters: Optional parameters can be set up before or after SetInfo() method call with only exception: if you have got password policy in place you have to set up user password before you call SetInfo() method. Therefore the script will look as follows: // Disclaimer: // // This sample code is provided AS IS WITHOUT WARRANTY // OF ANY KIND AND IS PROVIDED WITHOUT ANY IMPLIED WARRANTY // OF FITNESS FOR PURPOSES OF MERCHANTABILITY. Use this code // is to be undertaken entirely at your risk, and the // results that may be obtained from it are dependent on the user. // Please note to fully back up files and system(s) on a regular // basis. A failure to do so can result in loss of data or damage // to systems. var objRootDSE; var objContainer; var objNewObject; objRootDSE = GetObject("LDAP://DOMAIN/RootDSE"); objContainer = GetObject("LDAP://DOMAIN/" + "ou=Test Users," + objRootDSE.Get("defaultNamingContext")); objNewObject = objContainer.Create("user","cn=TestUser"); objNewObject.Put("sAMAccountName", "TestUser"); objNewObject.Put("userPassword", "password"); objNewObject.Put("givenName", "John"); objNewObject.Put("sn", "Doe"); objNewObject.Put("displayName", "John Doe"); objNewObject.SetInfo(); WScript.Quit(0); Now how to enable user's mailbox. Two simple steps should be added: create user's e-mail address and allocate space for the mailbox. // Disclaimer: // // This sample code is provided AS IS WITHOUT WARRANTY // OF ANY KIND AND IS PROVIDED WITHOUT ANY IMPLIED WARRANTY // OF FITNESS FOR PURPOSES OF MERCHANTABILITY. Use this code // is to be undertaken entirely at your risk, and the // results that may be obtained from it are dependent on the user. // Please note to fully back up files and system(s) on a regular // basis. A failure to do so can result in loss of data or damage // to systems. var objRootDSE; var objContainer; var objNewObject; objRootDSE = GetObject("LDAP://DOMAIN/RootDSE"); objContainer = GetObject("LDAP://DOMAIN/" + "ou=Test Users," + objRootDSE.Get("defaultNamingContext")); objNewObject = objContainer.Create("user","cn=TestUser"); objNewObject.Put("sAMAccountName", "TestUser"); objNewObject.Put("userPassword", "password"); objNewObject.Put("givenName", "John"); objNewObject.Put("sn", "Doe"); objNewObject.Put("displayName", "John Doe"); objNewObject.SetInfo(); objNewObject.Put("targetAddress", "SMTP:john.doe@foo.vic.com.au"); objNewObject.Put("mailNickname", "John Doe"); // Make entry visible in Exchange address lists objNewObject.Put("msExchHideFromAddressLists", false); // Activate default mailbox storage limits objNewObject.Put("mDBUseDefaults", true); objNewObject.SetInfo(); WScript.Quit(0); Where to get more information? Object Attributes: use ADSI Edit snap-in, connect to Domain NC, pick up and object of the type you want to investigate, right click, go to Properties and check optional parameters. Container methods: all IADsContainer methods are applicable. AD object methods: all IADs methods are applicable.