Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Create new user in form child domain

Status
Not open for further replies.
rlee111

rlee111

Technical User
Sep 10, 2001
27
GB
Hi would it be possible to create a new user in a top level domain from a child domain with vbscript, I have the script to create new users in the child domain but would like to select the top level domain using named arguments and have the script provide authentication to enable me to do this here is my efforts on this, (obviously could be ver wrong)
I run the script like this from the command line: scriptname.vbs /domain:domainname /ou:eek:uname /user:usernames

'Create new users in OU or Users container using named arguments

On Error Resume Next

Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_ENCRYPTION = 2

Set colNamedArguments = Wscript.Arguments.Named

strOU = colNamedArguments.Item("OU")
strDomain = colNamedArguments.Item("Domain")

For Each user In Split(colNamedArguments.Item("User"),";")

strAdmin = "administrator@modnetwork"
strPassword = "password"
strUser = Trim(user)

If strOU = "users" And strDomain = "modnetwork" Then
strPath = "LDAP://cn=users,dc=modnetwork,dc=testnet,dc=biz"
Set objDSO = GetObject("LDAP:")
Set objOU = objDSO.OpenDSObject(strPath, _
strAdmin, strPassword, ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)
ElseIf strOU <> "users" and strDomain = "modnetwork" Then
Set objDSO = GetObject("LDAP:")
Set objOU = objDSO.OpenDSObject("LDAP://ou=" & strOU & ",dc=modnetwork,dc=testnet,dc=biz", _
strAdmin, strPassword, ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)
ElseIf strOU = "users" And strDomain = "rldom" Then
Set objOU = GetObject("LDAP://cn=users,dc=rldom,dc=modnetwork,dc=testnet,dc=biz")
ElseIf strOU <> "users" and strDomain = "rldom" Then
Set objOU = GetObject("LDAP://ou=" & strOU & ",dc=rldom,dc=modnetwork,dc=testnet,dc=biz")
End If

If Err Then
AdsiErr()
Else
Set objUser = objOU.Create("User", "cn=" & strUser)
objUser.Put "sAMAccountName", strUser
objUser.SetInfo
If Err Then
AdsiErr()
Else
Wscript.Echo "User " & strUser & " has been created in the OU or Container " & strOU
End If
End If

Next


Sub AdsiErr()

If Err.Number = &h80071392 Then
Wscript.Echo "Please check User Name " & strUser & " that object already exists"
Err.Clear
ElseIf Err.Number = &H80005000 Then
Wscript.Echo "Incorrect ADsPath, Path not found. Check ADsPath and try again"
Wscript.Quit
Else
e = Hex(Err.Number)
Wscript.Echo Err.Number & " " & e & " " & Err.Description
Wscript.Quit
End If

End Sub
 
Sort by date Sort by votes
How do you edit your own posts? Subject of this thread should have read 'can you create a new user in a forest root domain from a child domain?'
 
Upvote 0 Downvote
{1] You can create only once objDSO and use it all the time. You do not need to create it again after making use one time.
[2] The main thing is that you have the credential being a valid account at the forest root with the rights to create user, practically probably you need admin (enterprise or not) or account operator account.

The thing however is that if that is a dedicated forest root, you do not want to create more user up there than is necessary as it increases security risks.
 
Upvote 0 Downvote
Hi tsuji

The problem is I get the error 'This operation returned because the timeout period expired' at the line:

Set objOU = objDSO.OpenDSObject(strPath, _
strAdmin, strPassword, ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION)

 
Upvote 0 Downvote
I take back note [1] as you are not creating more than once, so it is okay there.

Your use of authentication flag is not correct.
>[tt]ADS_USE_ENCRYPTION AND ADS_SECURE_AUTHENTICATION[/tt]
Either you use or
[tt]ADS_USE_ENCRYPTION [red]OR[/red] ADS_SECURE_AUTHENTICATION[/tt]
or you use arithmetic plus.
[tt]ADS_USE_ENCRYPTION [red]+[/red] ADS_SECURE_AUTHENTICATION[/tt]
 
Upvote 0 Downvote
Thanks for your help once again tsuji,
I can use this script from the forest root to create users in the 2 child domains I have within the forest like this:

scriptname.vbs /domain:childdomain1 or 2 /ou:eek:uname /user:usernames

This works fine as I would expect but when using the script from a child domain to create users in the forest root
using correct credentials I get the timeout error as mentioned can I specify a timeout period within the script or am I missing something else?

Thanks
 
Upvote 0 Downvote
Are you running with the credential of enterprise admin? I would say any one of the parameters are suspicious. I don't see any strPath is at forest root? Also try simplified authentication flag &h1 to test out? Timeout probably means cannot find object? I cannot offer better opinion.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lunter
  • Locked
  • Question
How to create vbArray+vbByte (8209) in *.vbs stript
Replies
0
Views
439
lunter
lunter
bdwilcox
  • Locked
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
1K
SoftwareRT
SoftwareRT
skrall
  • Locked
  • Question
script to create shortcuts of several folders in another folder
Replies
1
Views
305
Don Child
Don Child
Nu2Java
  • Locked
  • Question
Copy Excel Columns to New Workbook
Replies
1
Views
422
SkipVought
S
TvdH1981
  • Locked
  • Question
vbs script to create folders + subfolders by input foldernames 1
2
Replies
32
Views
2K
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top