September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
6.3. Creating an inetOrgPerson User
Problem
You want to create an
inetOrgPerson
object, which is the standard LDAP object class to represent users.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on “Active Directory Users and Computers” in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, browse to the parent container of the new user, right-click on it, and select New → InetOrgPerson.
Enter first name, last name, and user logon name fields as appropriate and click Next.
Enter and confirm the password, set any of the password flags, and click Next.
Click Finish.
Using a command-line interface
The dsadd command does not support creating
inetOrgPerson objects so we’ll
use ldifde instead. First, we need to create an
LDIF file called create_inetorgperson.ldf with the following
contents:
dn:<UserDN>changetype: add objectclass: inetorgperson sAMAccountName:<UserName>userAccountControl: 512
Be sure to replace <UserDN> with the
distinguished name of the user you want to add and
<UserName> with the
user’s username. Then run the following command:
> ldifde -i -f create_inetorgperson.ldf
Using VBScript
' This code creates an inetOrgPerson object
set objParent = GetObject("LDAP://<ParentDN>")
set objUser = objParent.Create("inetorgperson", "cn=<UserName>")
' Taken from ADS_USER_FLAG_ENUM
Const ADS_UF_NORMAL_ACCOUNT = 512
objUser.Put "sAMAccountName", "<UserName ...