Automating the creation of user accounts.
you learned how to create a user account in the Active Director y Users and
Com-
|
- Create users from user account Templates
- using active directory command line tools
- Import users with CSVDE
- Import users with LDIFDE
Create users from user account :
Users
in a domain often share many similar properties. For example, all sales
representatives
|
can
belong to the same security groups, log on to the network during similar
hours, and have
|
home
folders and roaming profiles stored on the same server. When you create a new
user, you
|
can
simply copy an existing user account rather than create a blank account and
populate each
|
property.
|
Since
the days of Microsoft Windows NT 4.0, Windows has supported the concept of
user
|
account
templates. A user account template is a generic user account prepopulated
with com-
|
mon
properties. For example, you can create a template account for sales
representatives that is
|
preconfigured
with group memberships, logon hours, a home folder, and roaming profile path.
|
Disable
template user accounts
|
NOTE :
|
The
template account should not be used to log on to the network, so be sure to
disable the account.
|
To
create a user based on the template, select Copy from the shortcut menu. The
Copy Object
|
–
User Wizard appears. You are prompted for the name, logon name, and password
settings of
|
the
new user. A number of properties of the template are copied to the new user
account. After
|
a
user account is created, you can view its properties, grouped by tab, in the
Properties dialog
|
box.
Some of the tabs and properties that appear are the following:
|
General :
|
No
properties are copied from the General tab
|
Address:
|
P.O.
box, city, state or province, zip or postal code, and country or region.
Note :
|
that
the street address itself is not copied
|
Account :
|
Logon
hours, logon workstations, account options, and account expiration
|
Profile :
|
Profile
path, logon script, home drive, and home folder path
|
Organization
|
Department,
company, and manager
|
Member
Of
|
Group
membership and primary group
|
NOTE :
|
User
accounts have additional properties that are not visible on the standard
tabs in the Active
|
Directory
Users and Computers snap-in. These hidden attributes include useful properties
such as
|
assistant,
division, employee type, and employee ID. To view these properties, click the
View menu
|
in
the Active Directory Users and Computers snap-in and select the Advanced
Features option.
|
Then
open the properties of a user account and click the Attribute Editor tab.
Several of these
|
attributes, including assistant, division, and employee
type, are also copied from a template to a
|
new
account.
|
Using Active Directory Command-Line Tools
|
Dsadd
|
Creates
an object in the directory.
|
Dsget
|
Returns
specified attributes of an object.
|
Dsmod
|
Modifies
specified attributes of an object.
|
Dsmove
|
Moves
an object to a new container or OU.
|
Dsrm
|
Removes
an object, all objects in the subtree beneath a container object, or both.
|
Dsquery
|
Performs
a query based on parameters provided at the command line and
|
returns
a list of matching objects. By default, the result set is presented as the
distinguished.
|
Use the Dsadd command to create objects in Active Directory.
The DSADD USER UserDN command
creates a user object and accepts parameters that specify properties of the user. The following
command shows the basic parameters required to create a user account:
dsadd user "User DN" Ðsamid pre-Windows 2000 logon name
-pwd {Password | *} Ðmustchpwd yes
The pwd parameter specifies the password. If it is set to an asterisk (*), you are prompted for
a user password. The mustchpwd parameter specifies that the user must change the password
at next logon.
Example :-
dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com" -pwd * -pwd passwordneverexpires yes
0 comments: