Active Directory How-To
Creating Multiple Active Directory User Accounts Using a VB Script
Let's take a look at creating multiple user accounts in Active Directory using a Virtual Basic Script (VBS).
- By Troy Thompson
- 04/02/2015
There are several ways to create user accounts in Active Directory. If you have a single account to create, you can input the user data manually because that will probably be the quickest way. You can also choose to copy from an existing account, which will save you some time by adding the newly created user to the same groups, maintaining the same login script, etc. If you run into a situation where you have to create dozens, hundreds or thousands of user accounts, you will want to consider automating the process a bit using a script. Initially, this process may seem a bit arduous, but once you get it set up and working, it will save you an enormous amount of time.
Setting Up the Spreadsheet
When I create a group of users, I usually download the information needed from a personnel database or I am given the users' information. It is important to vet the data to ensure it looks OK. I use an Excel macro to remove special characters in names that I do not want. You may have similar protocols in your organization about creating users. The file I download or am given is usually in .csv or .txt format. I simply open that file in Excel, vet the data and then copy/paste the information into a spreadsheet that is formatted according to the information below.
To automate the process, you will need Microsoft Excel. In order to make the .vbs script match the Excel format, setup the Excel spreadsheet cells with the following headings:
A1 – First Name
B1 – Initials
C1 – Last Name
D1 – Password
E1 – Display Name
F1 – Logon Name
G1 – Logon Name Email Style
H1 – Home Directory Path
I1 – Home Drive
J1 – Script
K1 – Description
L1 – Office
M1 – Group Membership
A2 – Input/Copy the First Name
B2 – Input/Copy the Initial
C2 – Input/Copy the Last Name
D2 – Input/Copy the Password
E2 – =LEFT(CONCATENATE(A2,+".",C2),20)
F2 – =+E2
G2 – =E2&"@domain.site.com"
H2 – ="\\servername\sharename\Users\"&F2
I2 – Input the drive letter you want for the users' Home Drive, such as H:
J2 – Your LoginScriptName
K2 – Input the Description of the user
L2 – Input Office information from the user
M2 – Enter Group Membership information, such as
CN=Management Group,OU=GROUPS,
ou=corporate,ou=users,ou=organization,ou=mycompany,dc=mybranch,dc=mydivision,dc=com(Keep in mind that your AD structure will differ from the examples and must be input correctly for the script to work properly.)
After you get the structure of the spreadsheet configured, name it according to how it is referenced in the script. In this case, that name would be c:\CreateUserAccounts\UserAccounts.xls. You will also want to check for duplicates before running the script. If the script runs into a duplicate, it stops and displays the duplicate record on the screen. It will resume only after you have acknowledged the error.
Creating the VB Script
To run the script, copy the code below and paste it into a notepad file. Give the file a name with a .vbs extension. Something like CreateUserAccounts.vbs will work for a name.
Option Explicit
Dim objExcel, strExcelPath, objSheet
Dim strLast, strFirst, strMiddle, strPW, intRow, intCol
Dim strGroupDN, objUser, objGroup, objContainer
Dim strCN, strNTName, strContainerDN, strDescription, strDisplName
Dim strOffice
Dim strHomeFolder, strHomeDrive, objFSO, objShell
Dim intRunError, strNetBIOSDomain, strDNSDomain
Dim objRootDSE, objTrans, strLogonScript, strUPN
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' Specify spreadsheet.
strExcelPath = "c:\CreateUserAccounts\UserAccounts.xls"
' Specify DN of container where users created.
strContainerDN = "ou=corporate,ou=users,ou=organization,ou=mycompany,dc=mybranch,dc=mydivision,dc=com"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Use the NameTranslate object to find the NetBIOS domain name
' from the DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSdomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
' Open spreadsheet.
Set objExcel = CreateObject("Excel.Application")
On Error Resume Next
objExcel.Workbooks.Open strExcelPath
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to open spreadsheet " & strExcelPath
Wscript.Quit
End If
On Error GoTo 0
Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)
' Bind to container where users to be created.
On Error Resume Next
Set objContainer = GetObject("LDAP://" & strContainerDN)
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to bind to container: " & strContainerDN
Wscript.Quit
End If
On Error GoTo 0
' Start with row 2 of spreadsheet.
' Assume first row has column headings.
intRow = 2
' Read each row of spreadsheet until a blank value
' encountered in column 5 (the column for cn).
' For each row, create user and set attribute values.
Do While objSheet.Cells(intRow, 5).Value <> ""
' Read values from spreadsheet for this user.
strFirst = Trim(objSheet.Cells(intRow, 1).Value)
strMiddle = Trim(objSheet.Cells(intRow, 2).Value)
strLast = Trim(objSheet.Cells(intRow, 3).Value)
strPW = Trim(objSheet.Cells(intRow, 4).Value)
strCN = Trim(objSheet.Cells(intRow, 5).Value)
strNTName = Trim(objSheet.Cells(intRow, 6).Value)
strUPN = Trim(objSheet.Cells(intRow, 7).Value)
strHomeFolder = Trim(objSheet.Cells(intRow, 8).Value)
strHomeDrive = Trim(objSheet.Cells(intRow, 9).Value)
strLogonScript = Trim(objSheet.Cells(intRow, 10).Value)
strDescription = Trim(objSheet.Cells(intRow, 11).Value)
strOffice = Trim(objSheet.Cells(intRow, 12).Value)
' Create user object.
On Error Resume Next
Set objUser = objContainer.Create("user", "cn=" & strCN)
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to create user with cn: " & strCN
Else
On Error GoTo 0
' Assign mandatory attributes and save user object.
If strNTName = "" Then
strNTName = strCN
End If
objUser.sAMAccountName = strNTName
On Error Resume Next
objUser.SetInfo
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to create user with NT name: " & strNTName
Else
' Set password for user.
objUser.SetPassword strPW
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to set password for user " & strNTName
End If
On Error GoTo 0
' Enable the user account.
objUser.AccountDisabled = False
If strFirst <> "" Then
objUser.givenName = strFirst
End If
' Assign values to remaining attributes.
If strMiddle <> "" Then
objUser.initials = strMiddle
End If
If strLast <> "" Then
objUser.sn = strLast
End If
If strUPN <> "" Then
objUser.userPrincipalName = strUPN
End If
If strHomeDrive <> "" Then
objUser.homeDrive = strHomeDrive
End If
If strHomeFolder <> "" Then
objUser.homeDirectory = strHomeFolder
End If
If strLogonScript <> "" Then
objUser.scriptPath = strLogonScript
End If
If strDescription <> "" Then
objUser.Description = strDescription
End If
If strDisplName = "" Then
objUser.displayName = strLast + ", " + strFirst + " " + strMiddle
End If
If strOffice <> "" Then
objUser.physicalDeliveryOfficeName = strOffice
End If
' Set password expired. Must be changed on next logon.
objUser.pwdLastSet = 0
' Save changes.
On Error Resume Next
objUser.SetInfo
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to set attributes for user with NT name: " _
& strNTName
End If
On Error GoTo 0
' Group DN's start in column 13.
intCol = 13
Do While objSheet.Cells(intRow, intCol).Value <> ""
strGroupDN = Trim(objSheet.Cells(intRow, intCol).Value)
On Error Resume Next
Set objGroup = GetObject("LDAP://" & strGroupDN)
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to bind to group " & strGroupDN
Else
objGroup.Add objUser.AdsPath
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Unable to add user " & strNTName _
& " to group " & strGroupDN
End If
End If
On Error GoTo 0
' Increment to next group DN.
intCol = intCol + 1
Loop
End If
End If
' Increment to next user.
intRow = intRow + 1
Loop
Wscript.Echo "Done"
' Clean up.
objExcel.ActiveWorkbook.Close
objExcel.Application.Quit
Set objUser = Nothing
Set objGroup = Nothing
Set objContainer = Nothing
Set objSheet = Nothing
Set objExcel = Nothing
Set objFSO = Nothing
Set objShell = Nothing
Set objTrans = Nothing
Set objRootDSE = Nothing
Once you have the spreadsheet created, add a couple of users and then run the script to test it. If the accounts are created properly, you can then populate the spreadsheet with any number of users you want to create. You can use the Dsadd command to create multiple users, which is what I use to do before using the .VBS script. This process will take you a short while to set up and test, but it is definitely a time saver.
About the Author
Troy Thompson has worked in network administration for over 25 years, serving as a network engineer and Microsoft Exchange administration in Department of Defense, writing technology articles, tutorials, and white papers and technical edits. Troy is a Cisco Certified Academy Instructor (CCAI), and has numerous other certifications including CCNA, MSCE+I, Network+, A+ and Security+. Troy has also traveled the world playing music as the guitarist for the band Bride. Contact information is [email protected].