Tuesday, November 23, 2010

How to create multiple local account with all options and group add

A VBscript create today for technical support need. (Download it here)
For use it run
cscript createLocalUser.vbs /input:users.txt

Create a file users.txt with this format
user;password;fullname;description;options;groupstoadd

For options field, you can use these next options: (with | between each option if you need to add options)
ADS_UF_SCRIPT : The logon script is executed
ADS_UF_ACCOUNTDISABLE : The user account is disabled.
ADS_UF_HOMEDIR_REQUIRED : The home directory is required
ADS_UF_LOCKOUT : The account is currently locked out.
ADS_UF_PASSWD_NOTREQD : No password is required.
ADS_UF_PASSWD_CANT_CHANGE : The user cannot change the password
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED : The user can send an encrypted password.
ADS_UF_DONT_EXPIRE_PASSWD : When set, the password will not expire on this account
ADS_UF_SMARTCARD_REQUIRED : When set, this flag will force the user to log on using a smart card.
ADS_UF_PASSWORD_EXPIRED : The user password has expired.

USER_MUST_CHANGE_PWD :For this script only, for "User Must Change Password at Next Logon"

For group field, add | between each group if you need to add multiple groups

For example:

user;Passw0rd;fullname;description;USER_MUST_CHANGE_PWD;Administrators|Power Users
user2;Passw0rd;fullname;description;USER_MUST_CHANGE_PWD|ADS_UF_ACCOUNTDISABLE;groups



'
' Create Local User
'
' F.RICHARD
' 2010 November
'
'
Option Explicit

' OpenTextFile Const
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8


' Detect WScript or CScript
'
If InStr(LCase(WScript.FullName), "wscript")>0 Then ' ex: FullName = C:\WINNT\system32\wscript.exe
WScript.Echo "This script must be run under CScript."
WScript.Quit
End If


' Get Path
'
Dim strScriptFullName, strScriptPath, strScriptName
strScriptName = WScript.ScriptName
strScriptFullName = WScript.ScriptFullName ' ex: C:\Program Files\MyFolder\MyProg.exe
strScriptPath = Left(strScriptFullName, InStrRev(strScriptFullName, "\") - 1) ' ex: C:\Program Files\MyFolder


' Check for required arguments.
If (Wscript.Arguments.Count < 1 or WScript.Arguments.Named.Exists("?")) Then
Call Help(strScriptName)
End If

' input parameter
Dim objFSO
Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objInputFile, strInputFile
If WScript.Arguments.Named.Exists("input") Then
strInputFile = WScript.Arguments.Named("input")

If Not isFileExist(strInputFile) Then
If Not isFileExist(strScriptPath & "\" & strInputFile) Then
WScript.Echo strInputFile & " File Not Exist !"
WScript.Echo strScriptPath & "\" & strInputFile & " File Not Exist !"
WScript.Quit
End If
strInputFile = strScriptPath & "\" & strInputFile
End If
Set objInputFile = objFso.OpenTextFile(strInputFile, ForReading)
Else
WScript.Echo "You must defined an argument /input ex: /input:input.txt !"
WScript.Quit

End If

' List userFlag Values for a Local User Account
' http://gallery.technet.microsoft.com/ScriptCenter/en-us/ab4d85d6-ca38-44da-8fc2-984d70ea5f36?persist=True
Dim dicUAC
Set dicUAC = CreateObject("Scripting.Dictionary")
dicUAC.Add "ADS_UF_SCRIPT", &H0001 ' The logon script is executed
dicUAC.Add "ADS_UF_ACCOUNTDISABLE" , &H0002 ' The user account is disabled.
dicUAC.Add "ADS_UF_HOMEDIR_REQUIRED" , &H0008 ' The home directory is required
dicUAC.Add "ADS_UF_LOCKOUT" , &H0010 ' The account is currently locked out.
dicUAC.Add "ADS_UF_PASSWD_NOTREQD" , &H0020 ' No password is required.
dicUAC.Add "ADS_UF_PASSWD_CANT_CHANGE" , &H0040 ' The user cannot change the password
dicUAC.Add "ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED" , &H0080 ' The user can send an encrypted password.
dicUAC.Add "ADS_UF_DONT_EXPIRE_PASSWD" , &H10000 ' When set, the password will not expire on this account
dicUAC.Add "ADS_UF_SMARTCARD_REQUIRED" , &H40000 ' When set, this flag will force the user to log on using a smart card.
dicUAC.Add "ADS_UF_PASSWORD_EXPIRED" , &H800000 ' The user password has expired.

dicUAC.Add "USER_MUST_CHANGE_PWD" , &H0000 ' For this script only, for "User Must Change Password at Next Logon"


' Computer
Dim objWshNetwork, strComputername, objComputer
Set objWshNetwork = CreateObject("WScript.Network" )
strComputername = objWshNetwork.ComputerName
Set objComputer = GetObject("WinNT://" & strComputername)


Dim objWshShell
Set objWshShell = CreateObject("WScript.Shell")

Dim strCommandLine, strLine, arrLine, objFolder, colSubfolders, strFolderName, return
Dim strSource, objWMIServiceSrc, strComputerSrc, strPathSrc, strDestination, strLogFile
Do While objInputFile.AtEndOfStream <> True
strLine = Trim(objInputFile.Readline)
If (Len(strLine)>1) Then
return = CreateLocalUser(strLine, strComputername, objComputer, dicUAC)
End If
Loop

objInputFile.Close

'--------------------


' Help
'
' Help File
'

Sub Help(ByRef strScriptName)
WScript.Echo strScriptName & " Arguments" & vbCrLf _
& vbTab & "/input:""file name""" & vbCrLf _
& vbTab & "/? or nothing for this" & vbCrLf _
& vbCrLf & "Example:" & vbCrLf _
& "cscript " & strScriptName & " /input:""c:\input.txt"" " & vbCrLf
WScript.Quit(0)
End Sub


'--------------------

' isFileExist
'
' Test if File Exist
'
Function IsFileExist(ByRef strInputFile)
Dim iReturn
iReturn = False

Dim objFSO
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(strInputFile) Then
iReturn = True
End If
Set objFSO = Nothing
On Error Goto 0

IsFileExist = iReturn
End Function

'--------------------

' CreateLocalUser
'
' Create a local user
'
Function CreateLocalUser(ByRef strLine, ByRef strComputername, ByRef objComputer, ByRef dicUAC)
'line =
'Username;Password;FullName;Description;option1|option2|option3;group|group2
Dim arrLine, strUser, strPassword, strFullName, strDescription
Dim strGroupsToAdd, strOptions, strOption, arrOptions, funcReturn, UACFlags, errorMsg, return
funcReturn = False
arrLine = Split(strLine, ";")
If (UBound(arrLine) = 5) Then
strUser = arrLine(0) ' Username
strPassword = arrLine(1) ' Password
strFullName = arrLine(2) ' Full Name
strDescription = arrLine(3) ' Description
strOptions = arrLine(4) ' option1|option2|option3
strGroupsToAdd = arrLine(5) ' group|group2


' Create Local User
WScript.Echo "Create user:" & strUser
Dim objUser
Set objUser = objComputer.Create("user", strUser)

' Set Password
objUser.SetPassword strPassword

' Save user information
On Error Resume Next
objUser.Setinfo
If Err.Number = 0 Then ' password restrictions or any other problems
On Error Goto 0
' FullName / Description
objUser.Fullname = strFullName
objUser.Description = strDescription
objUser.Setinfo

' Get User Object
Dim strObjPath
strObjPath = "WinNT://" & strComputername & "/" & strUser
Set objUser = GetObject(strObjPath)
UACFlags = objUser.Get("UserFlags")

arrOptions = Split(strOptions, "|")
For Each strOption in arrOptions
' Enable "User Must Change Password at Next Logon"
If (UCase(Trim(strOption)) = "USER_MUST_CHANGE_PWD") Then
objUser.Put "PasswordExpired", 1
objUser.SetInfo
Else
If (dicUAC.Exists(UCase(Trim(strOption)))) Then
UACFlags = UACFlags OR dicUAC.Item(UCase(Trim(strOption)))
End If
End If
Next

objUser.Put "userFlags", UACFlags
objUser.SetInfo
funcReturn = True
Else
Select Case (Err.Number)
Case &H80070056
errorMsg = "The specified password for " & strUser & " is not correct."
Case &H800708C5
errorMsg = "The specified password does not meet policy requirements"
Case &H800708B0
errorMsg = "The user " & strUser & " already exists."
Case &H80070035
errorMsg = "Object path " & strObjPath & " not found"
Case Else
errorMsg = "Unexpected error"
End Select
WScript.Echo "ERROR creating user:" & strUser & " ERROR:" & errorMsg & " Error number:" & Err.Number & " (&H" & Hex(Err.Number) & ") Description:" & Err.Description & " Source:" & Err.Source
End If

Dim arrGroups, strGroup
arrGroups = Split(strGroupsToAdd, "|")
For Each strGroup in arrGroups
return = AddGroupToUser(strComputername, strUser, strGroup)
Next

Else
WScript.Echo "Error In line:" & strLine
End If

CreateLocalUser = funcReturn
End Function


'--------------------

' AddGroupToUser
'
' Add Group To User
'
Function AddGroupToUser(ByRef strComputername, ByRef strUser, ByRef strGroup)
' Get Group Object
Dim strObjGrpPath, objGroup, strObjUsrPath, objUser, funcReturn
Dim errorMsg
funcReturn = False

On Error Resume Next
strObjGrpPath = "WinNT://" & strComputername & "/" & strGroup & ",group"
Set objGroup = GetObject(strObjGrpPath)
If Err.Number = 0 Then ' group unknown or any other problems
strObjUsrPath = "WinNT://" & strComputername & "/" & strUser
Set objUser = GetObject(strObjUsrPath)
If Err.Number = 0 Then ' password restrictions or any other problems
objGroup.Add(objUser.ADsPath) ' Add group to user
If Err.Number = 0 Then
funcReturn = True
Else
Select Case (Err.Number)
Case &H80070562
errorMsg = "The specified account name " & strUser & " is already a member of the local group " & strGroup
Case Else
errorMsg = "Unexpected error"
End Select
WScript.Echo "ERROR (3) adding group to user:" & strUser & " ERROR:" & errorMsg & " Error number:" & Err.Number & " (&H" & Hex(Err.Number) & ") Description:" & Err.Description & " Source:" & Err.Source

End If
Else
Select Case (Err.Number)
Case Else
errorMsg = "Unexpected error"
End Select
WScript.Echo "ERROR (2) adding group to user:" & strUser & " ERROR:" & errorMsg & " Error number:" & Err.Number & " (&H" & Hex(Err.Number) & ") Description:" & Err.Description & " Source:" & Err.Source

End If

Else
Select Case (Err.Number)
Case &H800708AC
errorMsg = "The specified local group " & strGroup & " not found"
Case &H80070560
errorMsg = "The specified local group " & strGroup & " does not exist. "
Case Else
errorMsg = "Unexpected error"
End Select
WScript.Echo "ERROR (1) adding group to user:" & strUser & " ERROR:" & errorMsg & " Error number:" & Err.Number & " (&H" & Hex(Err.Number) & ") Description:" & Err.Description & " Source:" & Err.Source

End If

On Error Goto 0
AddGroupToUser = funcReturn
End Function

2 comments:

Anonymous said...

Excellent job Franck, it's exactly what I was looking for. Your script is well described and works perfectly.
I subscribe your blog and will be watching it betweenwhiles.
Regards
Adam

Anonymous said...

Franck,

This is truly brilliant. Excellent job, it solved a problem I've been bashing my head on for a long, long time. So thank you.