Well let's jump right into a real world example, creating user accounts. User account creation has long been a task of the Windows click monkeys. For some larger companies there are people whose sole job is to click through wizards to create and delete user accounts. I don't know about you but that would drive me insane!
Unix administrators have known for years how to be Lazy Administrators. Unix admins have scripts that can do just about everything but hit the power button to turn on the server, and I've known some Unix admins that probably have found a solution to do that as well. As Windows Administrators, we've gotten used to flexing our right-click muscles. Maybe that's why Windows Admins are in such better shape than Unix Admins. We burn up 100 times the calories per day by right-clicking on an item and then clicking Next through the countless wizards.
Well save some of those twinkies Unix guys we're going to learn how to give that mouse hand some much needed rest! Over the next few days I am going to cover several different ways to automate user account creation. I will start with a really basic example that just creates a simple account and work up to full blown automation including creation of home drives/My Documents folders, adding the user to groups, and many more items that if done manually day in and day out would drive even the most skilled click monkey mad.
So let's start with a basic example. In true Lazy Administrator fashion, I am going to start with an example that I copied from someone else. This script is pulled line by line from the Scripting Guys script repository on technet (
here).
So let's delve into the depths of this script:
--------------------------------------------------------------------------------
Set objOU = GetObject("LDAP://OU=management,dc=fabrikam,dc=com")
Set objUser = objOU.Create("User", "cn=MyerKen")
objUser.Put "sAMAccountName", "myerken"
objUser.SetInfo
--------------------------------------------------------------------------------
Well that's it! Case closed. Our user account creation process is solved! The 4 lines of code that could be heard around the world. Well don't send your right-click finger on vacation quite yet. These 4 lines will create a user account named myerken but that's about it.
Let's look to see what all this stuff means. For some of you it is probably just a bunch of gobbly gook with really bad punctuation.
The first two lines contain a very import key word, Set. Set in Vbscript means that we want to create an object reference and assign it to a variable. I know, I know that doesn't mean anything to some of you so I will clarify: Imagine you have been working really hard on your resume in Word because now that you know these 4 lines of code you can demand a much larger salary. Anyway you decide to apply for a management role and decide that your current resume is WAY too technical. So instead of overwriting your current resume, you create a copy of your resume and make changes to that copy all the while preserving your precious technical skills resume. This is basically how an object reference works in VBscript. There are many, many objects in Vbscript and some of them have extremely long names. So instead of modifying those objects directly, you create a copy of those objects and rename that copy to something that's easy to remember.
For example:
Set objOU = GetObject(LDAP://OU=management,dc=fabrikam,dc=com)
Creates an object reference to the Active Directory domain fabrikam.com in the Management OU; it then names that object reference objOU for easy access later in the script. Now that you have that reference you can access properties and methods of that object. A property is just some bit of information about that object. For example objOU could have a property of Description. A method is some action that can be performed. For example the next line of code uses a method to create a user account and then create an object reference to that account as objUser.
Set objUser = objOU.Create("User", "cn=MyerKen")
So now objUser is a reference to a User named MyerKen who is part of the Management OU inside of the fabrikam.com domain.
Now we can use methods and properties to assign information about MyerKen:
objUser.Put "sAMAccountName", "myerken"
objUser.SetInfo
These two lines of code use methods of objUser. The first assigns myerken to the SamAccountName. The second line objUser.Setinfo saves the information to the database.
As with everything in Windows, there are multiple ways of doing things. Check out the following lines of code:
objUser.sAMAccountName = "myerken"
objUser.GivenName = "Ken"
objUser.SN = "Myer"
objUser.AccountDisabled = FALSE
objUser.SetInfo
This also sets the SamAccountName to myerken as well as the GivenName(First Name), SN (Last Name), and Enables the account by accessing the Properties of the objUser.
Now you might notice that both Properties and Methods are accessed using “.” I'm not entirely sure why Microsoft chose that nomenclature but there is one easy way to tell if something is a Property versus a Method. A property is almost always a noun. For example a User has first name, and a User has a Phone Number. A method is almost always represented by a verb. For example, an OU can create a User.
Well you are probably saying, “That's really neat Lazy Administrator but unless I want to manually type a new script for every user, I'm not sure I'm not better off just clicking through the wizards.“
My next post will show you how you place all of your user information into a spreadsheet and create 1000's of users in a matter of seconds (Editor's note: if you're curious, you can find that post
here, but it's not necessary to know for the exam).
Thanks everyone for reading. Feel free to make comments or ask questions.
The Lazy Adminsitrator