User management scripts
As part of a supported AD network, we supply a number of scripts to create and manage users. The core scripts are:
- adduser.vbs - creates a single user. Prompts for username, password and real name.
- addusers.vbs - bulk creates users from a CSV file (CSV file in same format as used on NetManager). If user already exists, will update settings (but leave password unchanged).
- settsprofile.vbs - sets terminal services profile and logon script only based on a CSV file
- export.vbs - creates a CSV file for each group containing all the users within that group (must be run on DC).
The user creation scripts (addusers and adduser) do the following:
- Create user
- Create home area in specified location
- Set permissions on home area (with optional read-only or read-write access to given groups)
- Share home area (either hidden or not)
- Set home drive in AD
- Set home path in AD
- Set profile path
- Set terminal services profile path
- Set logon script
- Set UPN
- Set Email address (optional)
- Move user to selected OU (optional)
The exact behaviour of the scripts is controlled by a file called config.txt. An example file (which contains descriptive comments) is shown below:
; $Date: 2013/11/15 17:19:50 $ ; server = fileserver for home areas server=FILESERVER ; drive = drive for home areas drive=U: ; profile = regular workstation profile ; %SERVER%, %GROUP% and %USERNAME% will be substituted profile=\\FILESERVER\profiles$\workstation ; tsprofile = terminal services profile ; %SERVER% and %GROUP% will be substituted tsprofile=\\FILESERVER\profiles$\termserv ; logon = logon script logon=kix32 logon.kix ; homedir = template for home dirs in AD ; %SERVER%, %GROUP% and %USERNAME% will be substituted ; do not put a $ on the end (this is handled by the hidden option below) homedir=\\%SERVER%\%USERNAME% ; ou = Organizational Unit to put users in ; %GROUP% will be substituted ; must be in LDAP-style format, e.g. OU=%GROUP%,OU=School ; Do not add DC= components at end ; leave empty for Users container (i.e. CN=Users) ; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV ; N.B. If using a CSV field, OU elements must be separated by ; not , ou= ; email = Email address ; %USERNAME% will be substituted email= ; ** Values that depend on CSV format ; regular format is: ; username,password,realname ; this requires: ;firstname= ;surname= ;realname=%3% ; ; For format: ; username,password,realname,firstname,surname ; use: ;firstname=%4% ;surname=%5% ;realname=%3% ; ; To auto-generate realname as Initial. Surname from format: ; username,password,firstname,surname ; use: ;firstname=%3% ;surname=%4% ;realname=%INITIAL%. %SURNAME% ; firstname = First name (given name) ; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV ;firstname=%4% ; surname = Surname ; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV ;surname=%5% ; realname = Realname ; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV ; %FIRSTNAME% = firstname if given ; %INITIAL% = first letter of firstname ; %SURNAME% = surname if given realname=%3% ; makehomedirs = (y/n) - make home directories on server? makehomedirs=y ; groupsub = (y/n) - create home directories in a subdirectory named ; after the group groupsub=y ; homepath = Path to create home directories in (see groupsub above) ; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV homepath=N: ; hidden = (y/n) - home directories are hidden shares? hidden=y ; delshare = (y/n) - delete old shares to avoid clashes delshare=y ; setprofileperms = (y/n) - whether to set permissions on profile too ; Only to be used with roaming profiles setprofileperms=n ; pdc = domain controller to create users on (blank = server above) pdc= ; readgroup = comma-separated list of groups who should have read access ; to the home areas readgroup= ; writegroup = comma-separated list of groups who should have write access ; to the home areas (Administrators always has full control) writegroup= ; group = force creation in this group group= ; vetogroup = comma-separated list of groups we should not create ; use this when you have multiple configurations and you need to ensure ; you are using the right one vetogroup=
The addusers/adduser scripts should be run on the fileserver (if home areas are to be held on a Windows server) or on a domain controller (if home areas are to be held on NetManager).
If you need multiple configurations (for example, if home areas are held in E:\Users\Students\groupname\username for students and E:\Users\Staff\username for staff) you can create multiple config files (called e.g. staffconfig.txt). You can then create a shortcut to the addusers.vbs script and specify the config filename on the end of the shortcut (e.g. so the shortcut path is
In addition there are:
- changepass.vbs - prompts for username and password and resets password for that user
- delgroup.vbs - deletes all users from a given group (but does not delete home areas, etc.)
- listg.vbs - outputs all groups to a file called groups.txt
- listu.vbs - outputs all users to a file called users.txt
- mailexport.vbs - attempts to export all users' email addresses from AD/Exchange in a format suitable for Email Aliases
- sethome.vbs - sets home path and drive for a specified group (N.B. does not use config.txt)
- resetpass.vbs - resets password for a whole group (similar to resetpass on NetManager).