AD Configuration

oB1

Hi All,

so basically, i want to set up AD in a way that it will auto fill in the username field with the information i provide in the first name / last name field, add in a particular sets of groups, creates a home folder in a certain location, adds in a script for that user, location of the users office, the users manager, when creating new accounts in particular OUs for example:

Accounts dept. will have to be added to certain folder groups, DLs, and permission sets, same as the IT dept. etc. - each OU will have a different list of groups to be added to, aswel as different scripts, manager, office location and so on.

i would like the username field to be populated the same way across the domain.

so basically, when i click on " create new user " and select the Accounts Dept. i want it to auto add the accounts staff manager, the groups that the accounts dept. needs access to, a home folder setup in the " accounting file share " etc. and then when i type the users first name and sir name in, i want it to populate the username filed as per the below naming convention:

Example of my naming convention:

Firstname: John

Sirname: Smith

Displayname: Smith, John

username: JSmith

when i start to type in the firstname and lastname field, i want it to take the first letter of the firstname and the entire lastname and fill that in the "Username"field.

is what im asking, doable?

i know i might be able to user ADSI, but ive never used it before really, only for small things, like i changed the way it saves the display name to sirname, firstname

Thanks in advance,

Robert Hopkins

qwertz

You probably would need to either us a scipt (preferrably Powershell) or use one of many 3rd party utilities that provide this function.

oB1

qwertz wrote: »

You probably would need to either us a scipt (preferrably Powershell) or use one of many 3rd party utilities that provide this function.

Thanks for the reply - Yeah have looked into doing some powershell, i know the general idea of what has to be done, and i can script no problem, just wondering if anyone here has done something like this before.

R

ressem

What windows server version are you using?

You can use "dsadd user" to script this, when you've loads of users.

An old batch file createusers.bat

for /F "eol=; tokens=1,2,3,4,5,6,* delims=," %%i in (users.txt) do dsadd user "cn=%%m,ou=ADOrgGroup,dc=ADDomainname,dc=local" -samid %%m -upn %%m@domainname.local -fn "%%k" -ln "%%j" -desc "%%n" -display "%%i" -pwd "%%l" -disabled no -memberof "CN=myUser Group,OU=User Groups,OU= Org Groups,DC=AdDomainname,DC=local"

where users.txt (in the same directory looks like)

Full Displayname, FirstName, Lastname, Password, Username, DescriptionText

Each user is added on it's own line. Fields map to...
%%i , %%j , %%k ,%%l , %%m, %%n
in that order.

But watch out for duplicate usernames that will silently drop the second add occurance.

You'll probably need
-hmdir <HomeDir> Set user home directory to <HomeDir>. If this is
UNC path, then a drive letter that will be mapped to
this path must also be specified through -hmdrv.
-hmdrv <DriveLtr:> Set user home drive letter to <DriveLtr:>

TheMasterPrawn

Is there a master system with HR data or another authorative data source ?
How many users do you have ?

There are automated rules based solutions as well if there are a lot of users moving on and out of the organisation.

CptSternn

Microsoft makes a product that does this and more.

http://www.microsoft.com/en-us/server-cloud/forefront/identity-manager.aspx

ressem

CptSternn wrote: »

Microsoft makes a product that does this and more.

http://www.microsoft.com/en-us/server-cloud/forefront/identity-manager.aspx

Thanks, hadn't noticed that. SC magazine describe it as costing $15,000 + $18 per user + a SQL Server license. Is that fairly accurate?