Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
F: +44 (0)8456 446 899 / +44 (0)1223 359459

Jump To: Support > KB > AD > Scripts

User management scripts

Walkthrough on adding a new user

As part of a supported AD network, we supply a number of scripts to create and manage users. The core scripts are:

  • adduser.vbs - creates a single user. Prompts for username, password and real name.
  • addusers.vbs - bulk creates users from a CSV file (CSV file in same format as used on NetManager). If user already exists, will update settings (but leave password unchanged).
  • settsprofile.vbs - sets terminal services profile and logon script only based on a CSV file
  • export.vbs - creates a CSV file for each group containing all the users within that group (must be run on DC).

The user creation scripts (addusers and adduser) do the following:

  • Create user
  • Create home area in specified location
  • Set permissions on home area (with optional read-only or read-write access to given groups)
  • Share home area (either hidden or not)
  • Set home drive in AD
  • Set home path in AD
  • Set profile path
  • Set terminal services profile path
  • Set logon script
  • Set UPN
  • Set Email address (optional)
  • Move user to selected OU (optional)

The exact behaviour of the scripts is controlled by a file called config.txt. An example file (which contains descriptive comments) is shown below:

; $Date: 2013/11/15 17:19:50 $
; server = fileserver for home areas

; drive = drive for home areas

; profile = regular workstation profile
; %SERVER%, %GROUP% and %USERNAME% will be substituted

; tsprofile = terminal services profile
; %SERVER% and %GROUP% will be substituted

; logon = logon script
logon=kix32 logon.kix

; homedir = template for home dirs in AD
; %SERVER%, %GROUP% and %USERNAME% will be substituted
; do not put a $ on the end (this is handled by the hidden option below)

; ou = Organizational Unit to put users in
; %GROUP% will be substituted
; must be in LDAP-style format, e.g. OU=%GROUP%,OU=School
; Do not add DC= components at end
; leave empty for Users container (i.e. CN=Users)
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV
; N.B. If using a CSV field, OU elements must be separated by ; not ,

; email = Email address
; %USERNAME% will be substituted

; ** Values that depend on CSV format
; regular format is:
; username,password,realname
; this requires:
; For format:
; username,password,realname,firstname,surname
; use:
; To auto-generate realname as Initial. Surname from format:
; username,password,firstname,surname
; use:
;realname=%INITIAL%. %SURNAME%

; firstname = First name (given name)
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV

; surname = Surname
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV

; realname = Realname
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV
; %FIRSTNAME% = firstname if given
; %INITIAL% = first letter of firstname
; %SURNAME% = surname if given

; makehomedirs = (y/n) - make home directories on server?

; groupsub = (y/n) - create home directories in a subdirectory named
; after the group

; homepath = Path to create home directories in (see groupsub above)
; %3%, %4%, %5%, %6%, %7% will be replaced by respective field in CSV

; hidden = (y/n) - home directories are hidden shares?

; delshare = (y/n) - delete old shares to avoid clashes

; setprofileperms = (y/n) - whether to set permissions on profile too
; Only to be used with roaming profiles

; pdc = domain controller to create users on (blank = server above)

; readgroup = comma-separated list of groups who should have read access
; to the home areas

; writegroup = comma-separated list of groups who should have write access
; to the home areas (Administrators always has full control)

; group = force creation in this group

; vetogroup = comma-separated list of groups we should not create
; use this when you have multiple configurations and you need to ensure
; you are using the right one

The addusers/adduser scripts should be run on the fileserver (if home areas are to be held on a Windows server) or on a domain controller (if home areas are to be held on NetManager).

If you need multiple configurations (for example, if home areas are held in E:\Users\Students\groupname\username for students and E:\Users\Staff\username for staff) you can create multiple config files (called e.g. staffconfig.txt). You can then create a shortcut to the addusers.vbs script and specify the config filename on the end of the shortcut (e.g. so the shortcut path is \\netmanager\root\scripts\user\addusers.vbs staffconfig.txt).

In addition there are:

  • changepass.vbs - prompts for username and password and resets password for that user
  • delgroup.vbs - deletes all users from a given group (but does not delete home areas, etc.)
  • listg.vbs - outputs all groups to a file called groups.txt
  • listu.vbs - outputs all users to a file called users.txt
  • mailexport.vbs - attempts to export all users' email addresses from AD/Exchange in a format suitable for Email Aliases
  • sethome.vbs - sets home path and drive for a specified group (N.B. does not use config.txt)
  • resetpass.vbs - resets password for a whole group (similar to resetpass on NetManager).

Finding orphaned user shares

To check for orphaned share definitions, check the paths as listed in the registry.

$key = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares"
$shares = Get-Item $key

foreach ($name in $shares.GetValueNames())
    foreach ($prop in Get-ItemProperty $key -Name $name | Select -ExpandProperty $name)
        $param = $prop.Split("=", 2)
        if ($param.count -eq 2 -and $param[0] -eq "Path")
            if (!(Test-Path $param[1])) { Write-Host "net share /delete `"$name`"" }
@echo off
setlocal enabledelayedexpansion

set QUERY=HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares /t REG_MULTI_SZ /se /

for /f "tokens=*" %%i in ('reg query %QUERY%') do (
        set RESULT=%%i
        set RESULT=!RESULT:    REG_MULTI_SZ    =^

        set RESULT=!RESULT:/=^

        set SHARENAME=
        set SHAREPATH=

        for /f "usebackq tokens=*" %%j in ('!RESULT!') do (
                for /f "usebackq tokens=1,2 delims==" %%k in ('%%j') do (
                        if %%k==ShareName (set SHARENAME=%%l) else if %%k==Path (set SHAREPATH=%%l)

        if defined SHARENAME if defined SHAREPATH (
                if not exist "!SHAREPATH!" echo net share /delete "!SHARENAME!"

© Copyright Precedence Technologies 1999-2018
Page last modified on January 26, 2018, at 11:08 AM by mwillcock