Create Windows 2000 Server user accounts with ADSI scripts

As an administrator you don't need to know all the secrets behind the Windows 2000 Server Active Directory Services Interface (ADSI), but you should know some basics because ADSI can be used for automating many administrative tasks.

Microsoft provides a special Active Directory Services Interface (ADSI) with Windows 2000 Server that allows administrators very easy interaction with Active Directory; with it, you can use simple scripts or complicated C programs to read from or write to the Directory Service. You can use ADSI to automate many administrative tasks.

Simple scripts can allow you to create a simple Web page that would include the necessary functions to remotely control your network. You may generate scripts to create user accounts or groups, change passwords, extend the schema, and perform many other administrative tasks.

Here is a sample script written in VBScript that creates one user account and one Global group and puts the user in this group. You have to save this script in a file with the .vbs extension and then run it.

' you will have to change this line and' modify the LDAP path for your domain

Set adsUserC = GetObject ("LDAP://cn=Users,dc=domena,dc=local")

' this will create a user account - John Smith

Set adsUser = adsUserC.Create("user", "cn=John Smith")

adsUser.Put "sAMAccountName", "johns"


' this will create Global group - Hresouces

Set adsGroup = adsUserC.Create("group","cn=HResources")

adsGroup.Put "sAMAccountName", "HResources"


' this will add the user to the group


WScript.Echo "Done"
Miss a Windows 2000 Server tip?

Check out the Windows 2000 Server archive, and catch up on previous Windows 2000 Server columns.

Want more Windows 2000 Server tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!