Copying User Accounts
Microsoft® Windows® 2000 Scripting Guide
User account attributes are often similar from one account to the next. For example, organization policies might specify that all user accounts in the human resources department should be members of the HR global group, have HR Department listed in the department attribute, and have the same URL specified in the wWWHomePage attribute.
If you create user accounts that contain many configured attributes, and those attributes are similar from one user account to the next, you can copy selected attributes from an existing user account to a newly created one. To streamline this process further, consider creating a template user account that contains mandatory attributes and the optional attributes that are similar from one user account to the next. For example, create a user account named HRUser, configure optional attributes, and then use this template user account to create user accounts for employees of the human resources department. Keep the template user account disabled so that no one can log on with this user account.
The Active Directory Users and Computers console provides a copy user feature that you can access by right-clicking an existing user account. This feature copies a set of optional attributes by default. You cannot control which attributes are copied to the new user account. ADSI does not contain a method specifically designed to duplicate this capability by using the WinNT or LDAP providers. However, you can create a script that uses ADSI to copy selected attributes of existing user accounts after creating new user accounts.
To do this, the script reads selected attributes from the template account and then configures the new user account with those same values. For example, suppose the wWWHomePage attribute in the template account is configured as https://www.fabrikam.com. The script reads this value and then configures the wWWHomePage attribute for the new user account to also be https://www.fabrikam.com.
Scripting Steps
Listing 7.17 contains a script that creates a new user account and then copies selected attributes from a template user account to the new user account. To carry out this task, the script performs the following steps:
Bind to the target container, the HR OU, by using the GetObject function and the LDAP provider.
Create the new user account, and set the objects mandatory attributes in the local property cache.
Commit the new object to the Active Directory.
Bind to the template user account object by using the GetObject function and the LDAP provider.
Create an array that contains all of the optional attributes that will be applied to the new user account.
Use the GetInfoEx method of IADs to copy selected attributes to the local property cache.
It is not necessary to use GetInfoEx, because the Get method called later in the script will perform an implicit GetInfo call that copies all the attributes of the user account object into the local property cache. However, because an array is created in the script for writing selected attributes to the new user account, you can also use the array and the GetInfoEx method to selectively copy attributes to the local property cache.
Create a loop to get each value of the attributes defined in the array and to write that value to the new user account in the local property cache.
Commit the change to the user account object in the local property cache to Active Directory.
Listing 7.17 Copying the Attributes from One User Account to Another
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
|
Another way of completing the copy user account task is by using the schema attribute of IADs to determine which attributes of the user class are optional, then check the template user account to determine which of these attributes contain values. For those that do contain values, write those values to the new user account object. This approach does not require you to define the specific attributes you want assigned to the new user account.