RE: Adding Users to AD with OLE

Colin Eric Johnson Tue, 18 Feb 2003 10:01:30 -0800

Here's what I use to create users in AD (which doesn't use Put or
PutEx), courtesy of this very list. And in particular I just use
"$user->{'AccountDisabled'}  = 1;" to handle whether or not the
account is disabled (0 means the account is not disabled).


sub CreateUser {
    my $acc      = $_[0];    # login of the user to create
    my $UserOU   = $_[1];    # OU to creat the user in
    my $fullname = $_[2];    # full name of the user
    my $ADsPath = "LDAP://ou=$UserOU,$PrimaryOU,$Domain";; # users
ADsPath
    my $c       = Win32::OLE->GetObject($ADsPath);        # open
LDAP connection
    my $user    = $c->Create( "user", "cn=" . $acc );     #
create and return a
                                                          # User
object
    $user->{'samAccountName'} = $acc;    # Set Sam account->prior
to
                                         # win2k account
    $user->SetInfo();                    # we have to create the
user before we
                                         # modify it
    my $password = GeneratePassword(128);    # a long password
    $user->SetPassword($password);           # set password
    $user->{'profilePath'}   = $HomeDirBase . "\\" .
$UserProfileName;
    $user->{'HomeDirectory'} = $HomeDirBase;
    $user->{'HomeDrive'}     = 'Z:';
    $user->{'pwdLastSet'}  = '0';         # requires user to
change password at
                                          # next logon
    $user->{'displayName'} = $fullname;
    $user->{'Description'} = $fullname;
    $user->{'userPrincipalName'} =
      $acc . $PrincipalBase;              #set win2k account name
    $user->{'AccountDisabled'}  = 1;
    $user->{'PasswordRequired'} = 1;    #requires user password
to not be blank
    $user->{'mail'} = $acc . $EmailBase;    #set user email
account
    $user->SetInfo();                       #set info prior
changed
    $creations->row( 'Created', $acc, $UserOU, $fullname );    #
and log it.
}

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On
Behalf Of Steven Manross
Sent: Friday, February 14, 2003 6:03 PM
To: 'henry isham'; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: Adding Users to AD with OLE


It looks like your 'PutEx'es

Should change to 'Put's

http://aspn.activestate.com/ASPN/Mail/Message/1304804

<snip from URL>
        # If you don't Put 512 into userAccountControl, the new
account will
be disabled
        $NewUser->Put("userAccountControl",512); 
        #keep ->Putting attribute values as needed...
        #
        $NewUser->SetInfo; #Commit change
</snip from URL>

Steven

-----Original Message-----
From: henry isham [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 14, 2003 3:36 PM
To: Steven Manross; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Adding Users to AD with OLE


Steven/Roger,
 
Thanks for the advice. It looks like the 
$NewUser->PutEx("userAccountControl",512); 
line was the culprit. It was causing the error. I followed your
advice and
added a 
print "result ".Win32::OLE->LastError()."\n";
line to capture the output of each step, and it turned out to be
that line.
I read somewhere that line was needed so that the ID's don't get
created in
a "disabled" state, which is how it's working now. Is 512 the
right value?
Or should use another? 
 
Again, thanks for your advice.
 
-Henry

        -----Original Message----- 
        From: Steven Manross [mailto:[EMAIL PROTECTED]] 
        Sent: Fri 2/14/2003 4:26 PM 
        To: henry isham;
[EMAIL PROTECTED];
[EMAIL PROTECTED] 
        Cc: 
        Subject: RE: Adding Users to AD with OLE
        
The best way to start troubleshooting this is to put a SetInfo
after each
PutEx and an error check of.. 

If (Win32::OLE->LastError != 0) { 
  print "objuser (or whatever): ".Win32::OLE->LastError(); 
} 

After each SetInfo. 

As well, I think a simple Put (instead of PutEx) will work. 

Steven 

-----Original Message----- 
From: henry isham [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 14, 2003 2:12 PM 
To: [EMAIL PROTECTED];
[EMAIL PROTECTED] 
Subject: Adding Users to AD with OLE 


All, 
  
I'm trying to execute the script below but it's returning this
error: 
  
Win32::OLE operating in debugging mode: _Unique => 1 
Win32::OLE(0.1502) error 0x8007202f: "A constraint violation
occurred" 
    in METHOD/PROPERTYGET "SetInfo" 
  
The really bizzare thing here is that this script's VBSCRIPT
equivalent
works fine. So, I'm totally stumped! 
  
Begin Script 
------------ 
 use Win32::OLE; 
 my $Name = "Henry Isham"; 
 my $ID = "hisham"; 
  
 my $Container =
Win32::OLE->GetObject("LDAP://ou=sitename,dc=corp,dc=net";);

 my $NewUser = $Container->Create("user","cn=" .$Name);
$NewUser->PutEx("SamAccountName",$ID); 
 $NewUser->PutEx("objectClass","user"); 
 $NewUser->PutEx("scriptPath","sitename.vbs"); 
 $NewUser->PutEx("userAccountControl",512); 
 $NewUser->SetInfo; 
 print Win32::OLE->LastError(); 


_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

RE: Adding Users to AD with OLE

Reply via email to