-------------------------------------------------------------------- SearchWin2000.com's Active Directory Tip -------------------------------------------------------------------- TODAY'S AD TIP: Use VB to delegate user management ==================================================================== SPONSORED BY: NetIQ ==================================================================== FREE ACTIVE DIRECTORY TOOL Get essential, real-time diagnostics for Microsoft Active Directory with NetIQ's ADcheck - your powerful, free diagnostic tool. With ADcheck, you can quickly check domain controllers, domains and replication. After the first test, you'll wonder how you ever got along without it. Download your FREE copy now at http://www.netiq.com/sponsor/default.asp?251. ==================================================================== "Use VB to delegate user management" By Kevin R. Sharp Saving time is the name of the game, and in this tip, Kevin Sharp gives an idea on saving time big-time. -------------------------------------------------------------------- Consider a business that uses a lot of temp workers who may work for a few days or a few weeks and then leave. Temp warehouse workers may need access to shipping/receiving applications. Temps in the call center each need an account to access customer information. Temps in the employment office need access to confidential employee records, but need to be properly supervised in exactly what data they access. As a system administrator you could manually build an account for every new worker and then manually delete the account every time a temp left. You could, but then again, you might prefer to leave the office before midnight. Here's a simple VB Script application you can modify to automate a lot of the tedious work of account creation and destruction. Not only can it automate the tedium, it makes the process easy enough and foolproof enough that you can let the call center manager build new accounts without your direct involvement. Process: The process begins, of course, with a definition of the properties of each class of user account. The warehouse user account will differ substantially from the account for an office worker in the human relations department. You'll need to decide in which domain to place the user, and whether the user should be created at the root of the domain, within an organizational unit, or within a container. You'll also need to decide on the properties for each type of user, including password policies. Let's start with a basic VB snippet that creates a user account: ' Set up property values for the new user sUsername = InputBox("Specify the name of the user to create: (for example, Bob )") sFullName = "TestUser Test Account" sDescription = "A user account for testing ADSI" Set myComputer = GetObject("WinNT://UR_COMPUTERNAME") ' Create the new user account Set newUser = myComputer.Create("user", sUsername) ' Set properties in the new user account newUser.FullName = sFullName newUser.Description = sDescription newUser.SetInfo Note that this script does not set a password, and by default sets the property pwdLastSet to 0, requiring the user to change the password at the next logon. You could also generate a password for the user or allow the user to select one and then assign it to the user account with the command: newUser.SetPassword = sPassword Make sure this command is executed before newUser.SetInfo. If you want, you can set the account to automatically expire by setting the accountExpires property. For detail on the properties you can set for an account, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/creating_a_user.asp. For a detailed snippet that allows the user to specify the location as well as the name of the account (available in VB or C++) go to http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/example_code_for_creating_a_user.asp. Using your modifications of these snippets not only removes a lot of the tedium from account management, but the automation removes a lot of room for error. Depending on your organization, it may even remove enough room for error for you to delegate the account management to department heads. If you have a script already in place to create new accounts for the call center, why not let the call center manager fill in the blanks without getting you in the middle? -------------------------------------------------------------------- Kevin Sharp is a registered professional engineer, writer and yoga teacher living in Tucson, Arizona, and gains his expertise from a variety of professional activities. His writing interests have produced books and articles on the economic impact of technology on manufacturing and distribution organizations. * Let us know what you think! Rate this tip at http://www.searchWin2000.com/tip/1,289483,sid1_gci756874,00.html. -------------------------------------------------------------------- Learn more about managing your AD with these Active Directory Best Web Links: http://searchwindowsmanageability.techtarget.com/bestWebLinks/0,289521,sid33_tax287625,00.html. ==================================================================== BONUS TIP -------------------------------------------------------------------- Check out this user-submitted Active Directory tip and submit a tip of your own while you're there to become eligible for this month's tip contest prize -- a set of Klipsch ProMedia 2.1 THX Certified Multimedia Speakers! "Active Directory won't replicate to domain controllers" By Sam Trapane http://searchwin2000.techtarget.com/tip/1,289483,sid1_gci759321,00.html =================================================================== FEATURED BOOK ==================================================================== "1001 Visual Basic Programmer's Tips ,2/e" Author: Ted Coombs and Jon Campbell Publisher: Delmar Published: Dec. 2000 http://www.digitalguru.com/dgstore/product.asp?isbn=1884133932&ac_id=73 ==================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DID YOU LIKE THIS TIP? ==================================================================== Whether you loved it or hated it, why not let us know? Just email us at mailto:[EMAIL PROTECTED]. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==================================================================== If you would like to sponsor this or any techtarget newsletter, please contact Mike Kelly at [EMAIL PROTECTED] ==================================================================== If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchWin2000.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
