Jump To: Support > KB > AD > Scripts

User management scripts

Walkthrough on adding a new user

As part of a supported AD network, we supply a number of scripts to create and manage users. The core scripts are:

• adduser.vbs - creates a single user. Prompts for username, password and real name.
• addusers.vbs - bulk creates users from a CSV file (CSV file in same format as used on NetManager). If user already exists, will update settings (but leave password unchanged).
• settsprofile.vbs - sets terminal services profile and logon script only based on a CSV file
• export.vbs - creates a CSV file for each group containing all the users within that group (must be run on DC).

The user creation scripts (addusers and adduser) do the following:

• Create user
• Create home area in specified location
• Set permissions on home area (with optional read-only or read-write access to given groups)
• Share home area (either hidden or not)
• Set home drive in AD
• Set home path in AD
• Set profile path
• Set terminal services profile path
• Set logon script
• Set UPN
• Set Email address (optional)
• Move user to selected OU (optional)

The exact behaviour of the scripts is controlled by a file called config.txt. An example file (which contains descriptive comments) is shown below:

; $Date: 2013/11/15 17:19:50 $
; server = fileserver for home areas
server=FILESERVER

; drive = drive for home areas
drive=U:

; profile = regular workstation profile
; %SERVER%, %GROUP% and %USERNAME% will be substituted
profile=\\FILESERVER\profiles$\workstation

; tsprofile = terminal services profile
; %SERVER% and %GROUP% will be substituted
tsprofile=\\FILESERVER\profiles$\termserv

; logon = logon script
logon=kix32 logon.kix

; homedir = template for home dirs in AD
; %SERVER%, %GROUP% and %USERNAME% will be substituted
; do not put a $ on the end (this is handled by the hidden option below)
homedir=\\%SERVER%\%USERNAME%

; ou = Organizational Unit to put users in
; %GROUP% will be substituted
; must be in LDAP-style format, e.g. OU=%GROUP%,OU=School
; Do not add DC= components at end
; leave empty for Users container (i.e. CN=Users)
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV
; N.B. If using a CSV field, OU elements must be separated by ; not ,
ou=

; email = Email address
; %USERNAME% will be substituted
email=

; ** Values that depend on CSV format
; regular format is:
; username,password,realname
; this requires:
;firstname=
;surname=
;realname=%3%
;
; For format:
; username,password,realname,firstname,surname
; use:
;firstname=%4%
;surname=%5%
;realname=%3%
;
; To auto-generate realname as Initial. Surname from format:
; username,password,firstname,surname
; use:
;firstname=%3%
;surname=%4%
;realname=%INITIAL%. %SURNAME%

; firstname = First name (given name)
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV
;firstname=%4%

; surname = Surname
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV
;surname=%5%

; realname = Realname
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV
; %FIRSTNAME% = firstname if given
; %INITIAL% = first letter of firstname
; %SURNAME% = surname if given
realname=%3%

; makehomedirs = (y/n) - make home directories on server?
makehomedirs=y

; groupsub = (y/n) - create home directories in a subdirectory named
; after the group
groupsub=y

; homepath = Path to create home directories in (see groupsub above)
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV
homepath=N:

; hidden = (y/n) - home directories are hidden shares?
hidden=y

; delshare = (y/n) - delete old shares to avoid clashes
delshare=y

; setprofileperms = (y/n) - whether to set permissions on profile too
; Only to be used with roaming profiles
setprofileperms=n

; pdc = domain controller to create users on (blank = server above)
pdc=

; readgroup = comma-separated list of groups who should have read access
; to the home areas
readgroup=

; writegroup = comma-separated list of groups who should have write access
; to the home areas (Administrators always has full control)
writegroup=

; group = force creation in this group
group=

; vetogroup = comma-separated list of groups we should not create
; use this when you have multiple configurations and you need to ensure
; you are using the right one
vetogroup=

The addusers/adduser scripts should be run on the fileserver (if home areas are to be held on a Windows server) or on a domain controller (if home areas are to be held on NetManager).

If you need multiple configurations (for example, if home areas are held in E:\Users\Students\groupname\username for students and E:\Users\Staff\username for staff) you can create multiple config files (called e.g. staffconfig.txt). You can then create a shortcut to the addusers.vbs script and specify the config filename on the end of the shortcut (e.g. so the shortcut path is \\netmanager\root\scripts\user\addusers.vbs staffconfig.txt).

In addition there are:

• changepass.vbs - prompts for username and password and resets password for that user
• delgroup.vbs - deletes all users from a given group (but does not delete home areas, etc.)
• listg.vbs - outputs all groups to a file called groups.txt
• listu.vbs - outputs all users to a file called users.txt
• mailexport.vbs - attempts to export all users' email addresses from AD/Exchange in a format suitable for Email Aliases
• sethome.vbs - sets home path and drive for a specified group (N.B. does not use config.txt)
• resetpass.vbs - resets password for a whole group (similar to resetpass on NetManager).

Finding orphaned user shares

To check for orphaned share definitions, check the paths as listed in the registry.