6.3. Creating an inetOrgPerson User
Problem
You want to create an
inetOrgPerson
object, which is the standard LDAP object class to represent users.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on “Active Directory Users and Computers” in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, browse to the parent container of the new user, right-click on it, and select New → InetOrgPerson.
Enter first name, last name, and user logon name fields as appropriate and click Next.
Enter and confirm the password, set any of the password flags, and click Next.
Click Finish.
Using a command-line interface
The dsadd
command does not support creating
inetOrgPerson
objects so we’ll
use ldifde
instead. First, we need to create an
LDIF file called create_inetorgperson.ldf with the following
contents:
dn:<UserDN>
changetype: add objectclass: inetorgperson sAMAccountName:<UserName>
userAccountControl: 512
Be sure to replace <UserDN>
with the
distinguished name of the user you want to add and
<UserName>
with the
user’s username. Then run the following command:
> ldifde -i -f create_inetorgperson.ldf
Using VBScript
' This code creates an inetOrgPerson object set objParent = GetObject("LDAP://<ParentDN
>") set objUser = objParent.Create("inetorgperson", "cn=<UserName
>") ' Taken from ADS_USER_FLAG_ENUM Const ADS_UF_NORMAL_ACCOUNT = 512 objUser.Put "sAMAccountName", "<UserName ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.