Consider a business that uses a lot of temp workers who may work for a few days or a few weeks and then leave. Temp warehouse workers may need access to shipping/receiving applications. Temps in the call center each need an account to access customer information. Temps in the employment office need access to confidential employee records but need to be properly supervised in exactly what data they access. As a system administrator you could manually build an account for every new worker and then manually delete the account every time a temp left. You could, but then again, you might prefer to leave the office before midnight. Here's a simple VB Script application you can modify to automate a lot of the tedious work of account creation and destruction. Not only can it automate the tedium, it makes the process easy enough and foolproof enough that you can let the call center manager build new accounts without your direct involvement.
The process begins, of course, with a definition of the properties of each class of user account. The warehouse user account will differ substantially from the account for an office worker in the human relations department. You'll need to decide in which domain to place the user, and whether the user should be created at the root of the domain, within an organization unit, or within a container. You'll also need to decide on the properties for each type of user, including password policies.
Let's start with a basic VB snippet that creates a user account:
' Set up property values for the new user sUsername = InputBox("Specify the name of the user to create: (for example, Bob )") sFullName = "TestUser Test Account" sDescription = "A user account for testing ADSI" Set myComputer = GetObject("WinNT://UR_COMPUTERNAME") ' Create the new user account Set newUser = myComputer.Create("user", sUsername) ' Set properties in the new user account newUser.FullName = sFullName newUser.Description = sDescription newUser.SetInfo
Note that this script does not set a password, and by default sets the property pwdLastSet to 0, requiring the user to change the password at the next logon. You could also generate a password for the user or allow the user to select one and then assign it to the user account with the command:
newUser.SetPassword = sPassword
Make sure this command is executed before newUser.SetInfo.
If you want, you can set the account to automatically expire by setting the accountExpires property. For detail on the properties you can set for an account, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/creating_a_user.asp
For a detailed snippet that allows the user to specify the location as well as the name of the account (available in VB or C++) go to: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/example_code_for_creating_a_user.asp
Using your modifications of these snippets not only removes a lot of the tedium from account management, the automation removes a lot of room for error. Depending on your organization, it may even remove enough room for error for you to delegate the account management to department heads. If you have a script already in place to create new accounts for the call center, why not let the call center manager fill in the blanks without getting you in the middle?
Kevin Sharp is a registered professional engineer, writer, and yoga teacher living in Tucson, Arizona, and gains his expertise from a variety of professional activities. His writing interests have produced books and articles on the economic impact of technology on manufacturing and distribution organizations.
Did you like this tip? Let us know. You can drop a line to sound off.
Visual Basic Programmer's Tips ,2/e
Author : Ted Coombs and Jon Campbell
Publisher : Delmar
Published : Dec 2000
This was first published in July 2001