none
hromadne vytovreni useru v AD

Odpovědi

  • csvde, dsadd, dsmod, mkdir, cacls ...

     

    ovsem roaming profil se pri spravnem nastaveni prav vytvori zcela automaticky pri pri/odhlaseni uzivatele - kde je problem?

     

    MP

    6. října 2011 5:57
    Moderátor
  • Normalni je uzivateli ZADAT (jednorazove) HESLO A ZAROVEN mu nastavit NUTNOST ZMENY TOHOTO HESLA PRI 1. prihlaseni.

     

    MP

    6. října 2011 18:51
    Moderátor
  • Nejjednodussi je pripravit davku pro zpracovani v Excelu. Snadno se namnozi stejne parametry ve slopcich a po ulozeni jako csv soubor otevru csv soubor v notepadu a misto stredniku dam vsude mezery (Replace all). Kolik budete mit zaku a ucitelu, tolik bude mit dokument radek. Jedna z techto radek bude vypadat ve vysledku takto:

    dsadd user CN=PepaC,CN=Users,DC=Trida,DC=skola,DC=local -pwd noveheslo -disabled no 

    Muzete samozrejme zadat vice parametru.(Vice informaci najdete na Technetu http://technet.microsoft.com/cs-cz/library/cc731279(WS.10).aspx)

     

    dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>] [-mi <Initial>]
     [-ln <LastName>] [-display <DisplayName>] [-empid <EmployeeID>] [-pwd {<Password> | *}]
     [-desc <Description>] [-memberof <Group> ...] [-office <Office>] [-tel <PhoneNumber>] 
    [-email <Email>] [-hometel <HomePhoneNumber>] [-pager <PagerNumber>] [-mobile <CellPhoneNumber>]
     [-fax <FaxNumber>] [-iptel <IPPhoneNumber>] [-webpg <WebPage>] [-title <Title>] [-dept <Department>] 
    [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDirectory>] [-hmdrv <DriveLetter>:]
    [-profile <ProfilePath>] [-loscr <ScriptPath>] [-mustchpwd {yes | no}] [-canchpwd {yes | no}]
     [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires <NumberOfDays>]
     [-disabled {yes | no}] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}]
     [-q] [{-uc | -uco | -uci}]

     


    6. října 2011 20:05
    Moderátor

Všechny reakce

  • Profily se vytvori samy na serveru pri prvnim praci uzivatelu, pokud nadefinujete uzivatele spravne. Vytvarim uzivatele pomoci skriptu vbs a pri tom definuji vlastnosti uzivatele, misto pro profily a domovske adresare.

    Pro inspiraci uvadim skript ktery jsem pouzival. Skript se spousti na serveru, na kterem jsou domovske adresare a profily uzivatelu. Muzete si jej upravit pro vase podminky:

    '****************************************************************

      OPTION EXPLICIT

    '****************************************************************

    '  Definice promennych

    '****************************************************************

    Dim strFileName, strNextLine

    Dim objFSO, objTextFile, objScriptExec, objShell

    Dim arrUserLine

    Dim strSamID,strFn,strLn,strPWD,strEmplID

    Dim strGrpID,strCategory,strComeIn,strAccExpir

    Dim strSuffix0,strSuffix, strDN, strFunction,strExProfile

    Dim objWMI,objUsers,strComputer,strCount,strCount1,strExpDate

    Dim strUsrGrp,strEndUser

    '*****************************************************************

    '  Definice konstant

    '*****************************************************************

    Const ForReading = 1                                   ' Pro cteni

    strFileName = "g:\in\vstupnidata.txt"             ' Umisteni datoveho souboru

    strSuffix0 = "dc=firma,dc=local"

    Const Sleep_a_bit = 35

    strComputer = "."

    strCount = 0

    strCount1 = 0

    strExpDate = "09/30/2015"

    strEndUser = "zzzzzzzz"

    '******************************************************************

    '  Definice objektu soubor

    '******************************************************************

    Set objFSO = CreateObject("Scripting.FileSystemObject")

    Set objTextFile = objFSO.OpenTextFile(strFileName ,ForReading)

    '******************************************************************

    '  Definice shellu

    '******************************************************************

    Set objShell = CreateObject("Wscript.Shell")

    '******************************************************************

    '  Smycka pro nacteni souboru

    '******************************************************************

    Do Until objTextFile.AtEndOfStream

       strNextLine = objTextFile.Readline

       arrUserLine = Split(strNextLine,",")

       strExProfile = 0

       strSamID = arrUserLine(0)          ' SamAccountName povinny udaj

       strLn = arrUserLine(1)             ' Prijmeni

       strFn = arrUserLine(2)             ' Krestni jmeno

       strPWD = arrUserLine(3)            ' Heslo

       strEmplID = arrUserLine(4)         ' User ID 4 UNIX

       strGrpID = arrUserLine(5)          ' Group ID 4 UNIX

       strCategory = arrUserLine(6)       ' Kategorie (roztrideni)

       strComeIn = arrUserLine(7)         ' Datum vstup

    '   strAccExpir = arrUserLine(8)       ' datum expirace uctu

       strAccExpir = strExpDate

    ' ******************************************************************

    ' DOTAZ NA KONCOVEHO UZIVATELE 98

    ' ******************************************************************

    If strSamID = strEndUser Then

    '        Wscript.Echo "KONEC"

            Exit Do

        End If

    '*******************************************************************

       strExProfile = 1

    '  strExProfile = 0 ' Neni vytvoreny profil na serveru

    '*******************************************************************

       SELECT CASE strCategory

              CASE "Empl" 

              strSuffix = "ou=employees,ou=people," & strSuffix0

              strUsrGrp = "cn=ggEmployees,ou=Groups," & strSuffix0

              CASE "Friends" 

              strSuffix = "ou=Friends,ou=people," & strSuffix0

              strUsrGrp = "cn=ggFriends,ou=Groups," & strSuffix0

              CASE "other" 

              strSuffix = "ou=other,ou=people," & strSuffix0

              strUsrGrp = "cn=ggOther,ou=Groups," & strSuffix0

              CASE "queen" 

              strSuffix = "ou=Queen,ou=people," & strSuffix0

              strUsrGrp = "cn=ggQueen,ou=Groups," & strSuffix0

              CASE "king" 

              strSuffix = "ou=king,ou=people," & strSuffix0

              strUsrGrp = "cn=ggKing,ou=Groups," & strSuffix0

              CASE ELSE

              strSuffix = "ou=misc,ou=people," & strSuffix0

              strUsrGrp = "cn=ggMisc,ou=Groups," & strSuffix0

       END SELECT

    ''******************************************************************************

    '  Testovani existence uctu 

    '******************************************************************************

    Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\directory\LDAP")

    Set objUsers = _

        objWMI.ExecQuery("SELECT * FROM ds_user where ds_sAMAccountName = '"& strSamID &"' ")

    if objUsers.Count = 0 then

       Wscript.Echo "No matching objects found"

       Call AddUser(strSamID,strSuffix,strFn,strLn,strPWD,strAccExpir,strExProfile)

       Call AddUsr2Grp(strSamID,strFn,strLn,strSuffix,strUsrGrp)

       strcount1 = strCount1 + 1

    else

        strcount = strCount + 1

    end if

    Set objWMI = Nothing

    Set objUsers = Nothing

         Wscript.Sleep Sleep_a_bit

    LOOP

    '*****************************************************************************

    ' Subroutina

    '*****************************************************************************

    Sub AddUser(strSamID,strSuffix,strFn,strLn,strPWD,strAccExpir,strExProfile)

    Const vbMinimizedNoFocus = 6

    '**********************************************************************

    ' Definice konstant pro subroutinu

    '**********************************************************************

    Const UF_SCRIPT = &H1

    Const UF_ACCOUNTDISABLE = &H2

    Const UF_HOMEDIR_REQUIRED = &H8

    Const UF_LOCKOUT = &H10

    Const UF_PASSWD_NOTREQD = &H20

    Const UF_PASSWORD_CANT_CHANGE = &H40

    Const UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80

    Const UF_DONT_EXPIRE_PASSWD = &H10000

    Const UF_MNS_LOGON_ACCOUNT = &H20000

    Const UF_SMARTCARD_REQUIRED = &H40000

    Const UF_TRUSTED_FOR_DELEGATION = &H80000

    Const UF_NOT_DELEGATED = &H100000

    Const ADS_PROPERTY_UPDATE = 2

    Dim objDomain, objUser, fso, intUserFlags, intNewUserFlags

    Dim fldUserHomedir, wshShell

    'Dim strSamID,strSuffix,strFn,strLn,strPWD,strAccExpir

    Set objDomain = GetObject("LDAP://" & strSuffix)

    Set objUser = objDomain.Create("user","cn=" & strSamID)

    objUser.Put "sAMAccountName", strSamID

    objUser.Put "userPrincipalName", strSamID & "@firma.local"

    '**********************************************************************

    '  Zapis dat z cache a otevreni

    '**********************************************************************

    objUser.SetInfo

    objUser.GetInfo

    '**********************************************************************200

    '  nastaveni promennych

    '**********************************************************************

    objUser.AccountDisabled = False

    objUser.AccountExpirationDate = strAccExpir

    'objUser.Description = "My description goes here!"

    objUser.IsAccountLocked = False

    'objUser.LoginScript = "login.vbs”

    IF CBool(strExProfile) THEN _

             objUser.Profile = "\\sa1.firma.local\profile$\"& strSamID

    'objUser.PasswordRequired = True

    objUser.FirstName = strFn

    objUser.LastName = strLn

    objUser.DisplayName = strLn & " " & strFN

    '**********************************************************************

    '  Nastaveni mapovani domovskeho adresare

    '**********************************************************************

    objUser.HomeDirectory = "\\sa1.firma.local\home\" & strSamID

    objUser.Put "homeDrive", "H:"

    '**********************************************************************

    '  Zapis vlastnosti

    '**********************************************************************

    objUser.SetInfo

    objUser.GetInfo

    '**********************************************************************

    '  Heslo nikdy nevyprsi

    '**********************************************************************

    intUserFlags = objUser.Get("userAccountControl")

    intNewUserFlags = intUserFlags Or UF_DONT_EXPIRE_PASSWD

    intNewUserFlags = intNewUserFlags Or UF_PASSWORD_CANT_CHANGE

    objUser.Put "userAccountControl", intNewUserFlags

    objUser.SetInfo

    '**********************************************************************

    'Create the home directory

    '**********************************************************************

    Set fso = CreateObject("Scripting.FileSystemObject")

    If Not fso.FolderExists("e:\home\" & strSamID ) Then

            Set fldUserHomedir = fso.CreateFolder("e:\home\" _

            & strSamID)

    End If

    '**********************************************************************

    '  Prava FULL v domovskem adresari

    '**********************************************************************

    Set wshShell = WScript.CreateObject("Wscript.Shell")

    wshShell.Run "cacls.exe e:\home\" & strSamID & " /E /T /G " _

               & strSamId & ":F", vbMinimizedNoFocus, True

    '**********************************************************************

    ' nastaveni hesla

    '**********************************************************************

    objUser.SetPassword strPWD

    End Sub

    '**********************************************************************

    '  Subroutina pro pridani uzivatele do skupiny

    '**********************************************************************

    Sub AddUsr2Grp(strSamID,strFn,strLn,strSuffix,strUsrGrp)

    Dim objGroup,strTest

    Const ADS_PROPERTY_APPEND = 3

    Set objGroup = GetObject("LDAP://" & strUsrGrp)

    objGroup.PutEx ADS_PROPERTY_APPEND, "member", _

                Array("CN=" & strSamID & "," & strSuffix)

    objGroup.SetInfo

    End Sub

    5. října 2011 19:54
    Moderátor
  • csvde, dsadd, dsmod, mkdir, cacls ...

     

    ovsem roaming profil se pri spravnem nastaveni prav vytvori zcela automaticky pri pri/odhlaseni uzivatele - kde je problem?

     

    MP

    6. října 2011 5:57
    Moderátor
  • dekuji za reakci,

    jsem "zacatecnik" proto se radeji informuji

    predtim jsem tu meli win server 2003, ktery byl nastaveny od nejake firmy, takze jsem to prebral a nic neresil

    ted jsem do toho vklouzl a snazim se s tim nejak poprat

    vbs zrovna neni moje silna stranka

    - Profily se vytvori samy na serveru pri prvnim praci uzivatelu, pokud nadefinujete uzivatele spravne.

    nadefinovani - to je ten Vas priklad ve vbs? spravne nastaveni prav - co vsechno musi byt nastavene, aby se autom. vytvorili?

    nelze to v nakem textaku?

    dekuji za reakci

    6. října 2011 13:50
  • Jeste jednou: co presne chces vytvaret?

    usery (subject dotazu) nebo profily (body dotazu)?

     

    Uzivatele vytvoris nejjednoduseji prikazem csvde (import z CSV), pripadne dsadd (vets. import textaku parsovaneho prikazem for). Pokud bude pri vytvareni uzivatele zadana cesta k (cestovnimu) profilu profil se vytvori automaticky: POZOR, DO SITOVEHO ADRESARE KDE SE BUDE PROFIL VYTVARET MUSI MIT UZIVATEL FULL CONTROL

     

    MP


    6. října 2011 14:08
    Moderátor
  • zacni CSVDE.exe, to je asi nejsnazsi

     

    MP

    6. října 2011 14:31
    Moderátor
  • ok diky za nakopnuti

    jeste jedna vec, kdyz zkousim vytvaret usery, tak jim musim zadat psw, zkousel jsem to vypnout v GPO, ale nereaguje

    potrebuju, aby si zadali sve po prvnim prihlaseni

    6. října 2011 18:15
  • Normalni je uzivateli ZADAT (jednorazove) HESLO A ZAROVEN mu nastavit NUTNOST ZMENY TOHOTO HESLA PRI 1. prihlaseni.

     

    MP

    6. října 2011 18:51
    Moderátor
  • Nejjednodussi je pripravit davku pro zpracovani v Excelu. Snadno se namnozi stejne parametry ve slopcich a po ulozeni jako csv soubor otevru csv soubor v notepadu a misto stredniku dam vsude mezery (Replace all). Kolik budete mit zaku a ucitelu, tolik bude mit dokument radek. Jedna z techto radek bude vypadat ve vysledku takto:

    dsadd user CN=PepaC,CN=Users,DC=Trida,DC=skola,DC=local -pwd noveheslo -disabled no 

    Muzete samozrejme zadat vice parametru.(Vice informaci najdete na Technetu http://technet.microsoft.com/cs-cz/library/cc731279(WS.10).aspx)

     

    dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>] [-mi <Initial>]
     [-ln <LastName>] [-display <DisplayName>] [-empid <EmployeeID>] [-pwd {<Password> | *}]
     [-desc <Description>] [-memberof <Group> ...] [-office <Office>] [-tel <PhoneNumber>] 
    [-email <Email>] [-hometel <HomePhoneNumber>] [-pager <PagerNumber>] [-mobile <CellPhoneNumber>]
     [-fax <FaxNumber>] [-iptel <IPPhoneNumber>] [-webpg <WebPage>] [-title <Title>] [-dept <Department>] 
    [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDirectory>] [-hmdrv <DriveLetter>:]
    [-profile <ProfilePath>] [-loscr <ScriptPath>] [-mustchpwd {yes | no}] [-canchpwd {yes | no}]
     [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}] [-acctexpires <NumberOfDays>]
     [-disabled {yes | no}] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}]
     [-q] [{-uc | -uco | -uci}]

     


    6. října 2011 20:05
    Moderátor