' CreateNTUser_W2000.vbs - Create a Windows 2000 Userid
' 1999-01-17 stephen.campbell@marchview.com

option explicit

dim sDomain       ' Domain
dim sOrg          ' Where in the hierarchy
dim sUserid       ' New NT4 Userid
dim sUserPrinc    ' Full login name
dim sServer       ' Server containing home directory

dim sFullName     ' Full name
dim sGiven        ' First name
dim sSurname      ' Last name
dim sPassword     ' Password
dim sDescription  ' Description field
dim aGroups       ' Groups this user is a member of

dim oDir          ' Windows 2000 Directory Service
dim oDomain       ' Domain where object is created
dim oOrg          ' Location in Tree
dim oUser         ' User object
dim oGroup
dim sGroup 

' We use this to create a user-friendly initial password
dim aWords        ' Random list of words
aWords=split("dog,cat,mouse,child,field,desk,pen,house,barn,shed," + _
    "glass,plate,fork,spoon,cup,fence,yard,bird,desk,tree",",")
Randomize

sOrg="ou=Atlanta,ou=NorthAmerica"
sUserid="tedsmith"
sServer="POWER2000"
sGiven="Ted"
sSurname="Smith"
sFullName=sGiven & " " & sSurname
sUserPrinc = sGiven & "." & sSurname & "@march2000.marchview.com"
sDescription="LAN Admin - Atlanta"
sPassword=makePassword()
aGroups=array("cn=Atlanta LAN Administrators,ou=NorthAmerica", _
  "cn=Domain Admins,cn=Users")  

'Get the domain and organizational unit
Set oDir = GetObject("LDAP://RootDSE")
Set oDomain = GetObject( "LDAP://" & oDir.Get("defaultNamingContext"))
set oOrg = oDomain.GetObject("organizationalUnit",sOrg)

set oUser = oOrg.Create("user","cn=" & sFullName)
oUser.samAccountName=sUserid        ' Allows NT4 connections
oUser.userPrincipalName=sUserPrinc  ' Windows 2000 login
oUser.description = sDescription
oUser.givenName=sGiven
oUser.sn=sSurname
oUser.displayName=sFullName
oUser.mail=sUserPrinc
oUser.homeDrive="H:"
oUser.homeDirectory = "\\" + sServer + "\" + sUserid + "$"
oUser.AccountDisabled=FALSE ' Use ADSI to enable the account
                            ' This actually changes bit 2 of userAccountControl
oUser.SetInfo  ' changes are not applied until we do setinfo

' Set the password
oUser.setPassword(sPassword)

' Set the group membership
for each sGroup in aGroups
  set oGroup = oDomain.GetObject("group",sGroup)
  WScript.echo "Adding to group " & oGroup.ADSPath
  oGroup.add(oUser.ADSPath)
next

WScript.echo "Created user " + sUserid + " in " + sOrg + _
  " with password " + sPassword
WScript.quit

function makePassword
dim iWords,sPass
iWords = UBound(aWords)
makePassword=aWords(INT(iWords*Rnd())) & "+" & int(2+(8.*rnd())) & "+" & aWords(INT(iWords*Rnd()))
end function