Tuesday, April 28, 2009

Add Unix user to Windows AD by Vbscript

Windows AD has become a popular choice for managing Unix accounts.Windows is known for its fantastic GUI, but it doesn’t mean it lacks scripting ability. This note shows how to add Unix user to Windows 2003 AD by vbscript.
NOTE: The unix attribute is msSFU30UidNumber ... in my Server, you can doublecheck your value by browsing ldap path:LDAP://CN=" & strUnixDomain  & ",CN=ypservers,CN=YPSERV30,CN=RpcServices,CN=System," &strDomain


#==Usage Example
D:\>cscript add-user.vbs John Smith
Created: John Smith Username=John.Smith Password=3a5RurD4

#==Script Content
'UPN format: firstname.lastname@yourdomain.com.au
'Create new user in  ou=Developers,dc=yourdomain,dc=com,dc=au
'Generate a random password and set it for the new user
'Set a free UnixUID based on msSFU30MaxUidNumber
'Set the pre-defined strUnixGid
'But no new Windows group membership assigned, it still belongs to domain users by default
'Author: http://honglus.blogspot.com 

' ------ SCRIPT CONFIGURATION ------

strUnixShell ="/bin/bash"
strUnixDomain="yourdomain"
strUnixGid="300"   

strDomain = "dc=yourdomain,dc=com,dc=au" 
strDomainUPN="@yourdomain.com.au"
strParentDN = "ou=Developers," & strDomain

' Taken from ADS_USER_FLAG_ENUM
Const ADS_UF_NORMAL_ACCOUNT = 512
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
' ------ END CONFIGURATION ---------


if  (WScript.Arguments.Count <> 2 ) then 
wscript.echo "*ERROR* Expected minimum input: 2,   Given:"&  WScript.Arguments.Count
wscript.echo "- USAGE: PROGRAM Firstname LastName"
wscript.echo "- EXAMPLE: PROGRAM John " &"""Enclose Space""" 
wscript.quit 
End if

strFirstName=WScript.Arguments.item(1)
strLastName=WScript.Arguments.item(2)
strLogin=WScript.Arguments.item(1) &"." & Script.Arguments.item(2)

strUnixuid=getMaxUid


strFullname = strFirstName & " " & strLastName
strUnixHome ="/home/"&strLogin
strUserpn = strLogin & strDomainUPN

set objParent = GetObject("LDAP://" & strParentDN)
Set objUser = objParent.Create("user", "cn=" & strFullname)
objUser.Put "sAMAccountName", strLogin
objUser.Put "UserPrincipalName", struserpn
objUser.Put "givenName", strFirstName
objUser.Put "sn", strLastName
objUser.Put "displayName", strFullName
objUser.Put "msSFU30NisDomain", strUnixDomain
objUser.Put "msSFU30UidNumber", strUnixUid
objUser.Put "msSFU30LoginShell", strUnixShell
objUser.Put "msSFU30HomeDirectory", strUnixHome
objUser.Put "msSFU30GidNumber", strUnixGid
objUser.SetInfo
strRndPass=RndPassword(8)
objUser.SetPassword(strRndPass)
objUser.AccountDisabled=FALSE
objUser.Put "userAccountControl", ADS_UF_DONT_EXPIRE_PASSWD
'   objUser.Put "userAccountControl", ADS_UF_NORMAL_ACCOUNT  
objUser.SetInfo
WScript.Echo "Created: " & strFirstName& " "  strLastName &" Username=" &strlogin & " Password="  & strrndPass
'objParent.close


'
' Generate random password 
'

Function RndPassword(vLength)

Randomize
' Always include a-z,A-Z,0-9
strPass3=strPass3& chr(Int((122 - 97 + 1) * Rnd + 97))   
strPass3=strPass3& chr(Int((90 - 65 + 1) * Rnd + 65))    
strPass3=strPass3& chr(Int((57 - 48 + 1) * Rnd + 48))   

'Skip the 3 char already created
For x=4 To vLength
Randomize

intIndex=Int((3 - 1 + 1) * Rnd + 1) '[1-3]

select case intIndex
case 1
strPass = chr(Int((122 - 97 + 1) * Rnd + 97))    '[A-Z]
case 2
strPass=chr(Int((90 - 65 + 1) * Rnd + 65))  '[a-z]
case 3
strPass=chr(Int((57 - 48 + 1) * Rnd + 48)) '[0-9]
case Else
strPass=chr(Int((57 - 48 + 1) * Rnd + 48)) '[0-9]
end select
RndPassword = RndPassword & strPass

Next
RndPassword = RndPassword &strPass3

End Function


function getMaxUid

strquery="LDAP://CN=" & strUnixDomain  & ",CN=ypservers,CN=YPSERV30,CN=RpcServices,CN=System," &strDomain
set ypdomain=getobject(StrQuery)
ypdomain.getinfo

uidmax=ypdomain.msSFU30MaxUidNumber

' wscript.echo "The current free Max UID=" &uidmax

getMaxUid=uidmax

'Increase Maxuid by 1

ypdomain.msSFU30MaxUidNumber=uidmax+1
ypdomain.setinfo

End function

No comments:

Post a Comment