Create AD user

Prev: Passing uint8 and uint64 values with VBScript?
Next: [ann] demo of Office Web Components Pivot Table Control...

From: Rytis on 1 Feb 2007 14:52

---

I need to create an active directory user and set user attributes to
"password never expires" and "user can not change password". How to change
these attributes via vbs script?

Thanks.

From: Richard Mueller [MVP] on 1 Feb 2007 15:11

---

Rytis wrote:

> I need to create an active directory user and set user attributes to
> "password never expires" and "user can not change password". How to change
> these attributes via vbs script?

The "password never expires" setting is controlled by a bit of the
userAccountControl attribute of the user object. You set the bit by Or'ing
the appropriate bit mask with the value of this attribute. The "user cannot
change password" setting requires that two ACE's (Access Control Entries)
that deny permission to change the password be added to the DACL
(Discretionary Access Control List) of the user object.

VBScript code to create a user and set "password never expires" follows:
========
' Bit mask for "password never expires".
Const ADS_UF_DONT_EXPIRE_PASSWD = &H100000

' Bind to the container/OU the user object will reside in.
Set objOU = GetObject("LDAP://ou=Sales,dc=MyDomain,dc=com")

' Create user object with Common Name "TestUser"
Set objUser = objOU.Create("user", "cn=TestUser")

' Assign mandatory attribute, the "pre-Windows 2000 logon name".
objUser.sAMAccountName = "TUser"

' Save the new user object in AD.
objUser.SetInfo

' Retrieve value of userAccountControl.
lngFlags = objUser.userAccountControl

' Set password never expires bit.
lngFlags = lngFlags Or ADS_UF_DONT_EXPIRE_PASSWD

' Save new value.
objUser.userAccountControl = lngFlags
objUser.SetInfo
========
Setting "user cannot change password" is more involved. I have an example
VBScript program that does this linked here:

http://www.rlmueller.net/Cannot%20Change%20PW.htm

This code could be combined with the above, or run separately.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--

From: Rytis on 4 Feb 2007 10:39

---

Thanks Richard!

"Richard Mueller [MVP]" <rlmueller-NOSPAM(a)ameritech.NOSPAM.net> wrote in
message news:OJtHa1jRHHA.4448(a)TK2MSFTNGP04.phx.gbl...
> http://www.rlmueller.net/Cannot%20Change%20PW.htm
>
> This code could be combined with the above, or run separately.
>
> --

 | 
Pages: 1
Prev: Passing uint8 and uint64 values with VBScript?
Next: [ann] demo of Office Web Components Pivot Table Control...