In this post, I'm going to attempt to address an issue that I've seen cause several people problems with respect to the 70-290 exam relating to the outline topic: Create and modify user accounts by using automation. Essentially, I think that some people taking an exam to become an MCSE become intimidated with any code-related topics. I've even heard people claim that they were given the wrong exam because it contained a code sample. Administrative scripting may not be as common as using the GUI to create users, groups or OUs, but it can be an effective way to automate some tasks. Let's take a look at an example. I've included line numbers for reference purposes; the line numbers would not actually appear in the VBScript file.
The following script is an example script from the Windows Server 2003 Web site:
*********************************************
01 Set oRoot = GetObject("LDAP://rootDSE")
02 Set oDomain = GetObject("LDAP://" &
03 oRoot.Get("defaultNamingContext"))
04
05 Set oOU=oDomain.Create("organizationalUnit",
06 "ou=Demo OU")
07 oOU.Put "Description", "Demonstration OU"
08 oOU.SetInfo
09
10 Set oGroup = oOU.Create("Group", "cn=Demo
11 Group")
12
13 oGroup.Put "sAMAccountName", "DemoGroup"
14
15 oGroup.Put "Description", "Demonstration
16 Group"
17 oGroup.SetInfo
18
19 Set oUser = oOU.Create("User", "cn=Demo User")
20
21 oUser.Put "sAMAccountName", "DemoUser"
22
23 oUser.Put "Description", "Demonstration User"
24
25 oUser.SetInfo
26
27 oUser.SetPassword "qW5rty"
28
29 oUser.AccountDisabled = False
30 oUser.SetInfo
31
32 oGroup.Add oUser.ADSPath
*********************************************
Now, let's discuss the various portions of this script. In lines 01-03, we are getting the current Active Directory information for the domain. Then, in lines 05 and 06, we create an organizational unit (OU) named Demo OU. The OU is created by calling the code oDomain.Create, which creates an OU in the current domain. Line 07 adds a description for this OU. Lines 10 and 11 create a new group named Demo Group in Demo OU. This is accomplished by creating the group using the code oOU.Create("Group", "cn=Demo Group"). Line 13 creates a SAM Account Name for the group to support users who user earlier versions of Windows, such as Windows NT 4.0. Lines 15 and 16 add a description for the group in Active Directory. Line 17 applies the new group information. Line 19 creates a new user account name Demo User. Line 21 creates a SAM Account Name for Demo User. Line 23 adds a description for the user in Active Directory, and Line 25 applies the new user information to Active Directory. Line 27 creates a password of qW5rty for Demo User. Line 29 enables the new user account by setting the Account Disabled property of the user account to False. Line 30 applies the user account settings. Finally, line 32 adds the user account to the group that we created earlier.
So, when creating or examining an automation script, we can break it down into blocks. In one block, we need to create the OU information in which we want to place our new group. The code related to the OU will include the code oOU, which is the variable we are using to store our OU information. Likewise, the variables oGroup and oUser store information related to our new group and user, respectively.
Administrative scripting is not as difficult as it may first appear and can be used in some situations to effectively automate some administrative tasks.
Note: I've also covered this information in our exam simulation product ServerCert 2003, which can be used to prepare for the 70-290 exam, and in our AdministratorCert/Upgrade 2003 product, which can be used to prepare for the 70-292 exam..