Introduction
Bulk AD Users includes an array of features that make it one of the most useful tools for performing bulk updates to Active Directory user accounts. This functionality can also be extended through the use of VBS scripts, allowing you to add highly customized behaviour to the application. As an example, you might want to add an option that will create home folders for users and assign permissions to those folders.
How it Works
The first step is to create a scripts subfolder in the Bulk AD Users application directory. Any script files that you create in this folder with a *.VBS file extension will automatically be available to the application. Any scripts added will appear in the scripts menu in the application as shown below:
When you click to run a script, the script is run once for each user account in the grid. The application passes a couple of parameters to the script to enable your script to identify the user account that it needs to run for. To reference the parameters in your script, simply use the following code in your VBS script file: Dim strADsPath, strUserNamestrADsPath = wscript.arguments.named.item(“ADsPath”)
strUserName= wscript.arguments.named.item(“sAMAccountName”) The ADsPath parameter gives you access to the full path to the user object in Active Directory, which you can use to bind to the user object using the code below: SET objUser = GETOBJECT(strADsPath) The user object can then be used to read any other attribute of the user account and it can also be used to perform updates. If you only need access to the username you can get this from the “sAMAccountName” parameter without binding to the user account.
Example
This example will demonstrate how to create home folders for user accounts and modify NTFS file permissions to grant the user full access to the new folder. The example uses a command line tool called CACLS to modify the NTFS permissions. The default parameters in the script will preserve any existing permissions and also grant the user full control to the folder. If you would like to change this behaviour, please consult the CACLS documentation here.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
OPTION EXPLICIT DIM strADsPath,strUserName, strHomeFolder, strCommand DIM objUser,objFSO,objShell DIM intErrorStatus ' Get arguments passed to this script by Bulk AD User application strADsPath = wscript.arguments.named.item("ADsPath") strUserName= wscript.arguments.named.item("sAMAccountName") SET objFSO = CREATEOBJECT("Scripting.FileSystemObject") SET objShell = CREATEOBJECT("Wscript.Shell") ' Bind to the user object to get home folder SET objUser = GETOBJECT(strADsPath) strhomeFolder = objUser.GET("homeDirectory") SET objUser = NOTHING ' Create home folder (Note: script will fail at this point if holde folder already exists) objFSO.CreateFolder strHomeFolder ' Construct cacls command to modify permissions (grant user full control) strCommand = "%COMSPEC% /c Echo Y| cacls """ _ & strHomeFolder & """ /t /e /c /g " _ & strUserName & ":F " ' Run cacls command intErrorStatus = objShell.Run(strCommand, 2, TRUE) ' Check error status IF intErrorStatus <> 0 THEN wscript.echo "Error assigning permissions for user " _ & strUserName & " to home folder " & strHomeFolder ELSE wscript.echo "OK" END IF |
- Save the script above as “Create Home Folders.vbs” inside the “scripts” folder in the Bulk AD Users application directory.
- Run the Bulk AD Users application.
- Select the user accounts that you want to create home folders for.
- Ensure that the homeDirectory attribute is set for these user accounts – You might want to use one of the update features of the application (e.g. Bulk Modify) to specify a value for this attribute.
- Check that you are running as an account with sufficient permissions to create home folders and change ACL permissions. Both NTFS and share permissions will be required.
- Select the “Create Home Folders” option from the scripts menu.
Known Issues
- The Bulk Modify Results dialog will appear if you have performed a previous update using the application. Scripts run from Bulk AD Users do not produce a log file and the results that are shown are for the previous update. The results dialog should be ignored if it is shown.