User Account Overview

Microsoft® Windows® 2000 Scripting Guide

Managing user accounts is a fundamental task common to all enterprises that deploy the Active Directory® directory service. Although you can manage Active Directory user accounts by using graphical user interface (GUI) tools such as Active Directory Users and Computers, you might find this approach less than ideal in large, distributed environments. Active Directory user accounts consist of more than 250 attributes. Management of the many attributes exposed through the standard user account properties pages can be time-consuming and error-prone when performed manually.

Suppose user accounts are created manually for each user in an organization. A request is made to create a user account for a new user named Ken Myer. When the request is received, one administrator manually creates the user account and uses the "first name, first initial of the last name" notation to name the user account KenM. Another administrator sees the same request for user account creation and uses the "first name, dot, last name" notation to name the user account Ken.Myer. While both naming conventions are appropriate, they are inconsistent and, in this example, lead to the creation of two user accounts for the same user. Using a script, you can specifically define the naming policy for user accounts. If both administrators attempt to create the Ken Myer user account, only the first administrators effort will succeed (the second attempt will fail because the account already exists). A single, uniformly named user account is created for the user because the naming convention for all user accounts is the same.

Errors can be introduced in a number of ways, such as by not following naming conventions or by mistyping initial passwords. Creating Active Directory user accounts that follow naming and configuration guidelines is further complicated by the hundreds of user account attributes available in each Active Directory user account. Unofrtunately, to reduce the amount of time it takes to create user accounts, system administrators commonly take shortcuts by leaving out a number of useful attributes (such as phone number or office location) when creating user accounts.

The most significant challenges in creating Active Directory user accounts are complying with naming conventions and consistently configuring user account attributes properly for all users. Scripting user account creation is an ideal way to maintain consistency while making the account creation process rapid and relatively error free.

The scripting solutions presented in this chapter, which use ADSI and Microsoft® Visual Basic® Scripting Edition (VBScript), provide an alternative to the GUI-based approach to user account management and thus reduce the amount of time and potential for error generally associated with manual entry of user data. Furthermore, as you become comfortable using the techniques that follow, you can create a wide range of highly customized script-based tools that address your organizations specific needs.