Penso che a tutti i gestori di domini Active Directory sia capitato una volta nella vita di dover creare una moltitudine di utenti in un colpo solo con password varie ed eventuali.
Bene, di seguito vi fornisco un metodo infallibile per poter creare migliaia di utenze con password in un solo click.
L’unico strumento che ci serve è Excel per facilitarci il lavoro, tutto il resto è comrpeso in Windows 2003 Server.
Il comando che utilizzeremo è dsadd, di seguito le opzioni reperibili da dos
Description: This tool’s commands add specific types of objects to the
directory. The dsadd commands:
dsadd computer – adds a computer to the directory.
dsadd contact – adds a contact to the directory.
dsadd group – adds a group to the directory.
dsadd ou – adds an organizational unit to the directory.
dsadd user – adds a user to the directory.
dsadd quota – adds a quota specification to a directory partition.
For help on a specific command, type “dsadd <ObjectType> /?” where
<ObjectType> is one of the supported object types shown above.
For example, dsadd ou /?.
Remarks:
Commas that are not used as separators in distinguished names must be
escaped with the backslash (“\”) character
(for example, “CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com”).
Backslashes used in distinguished names must be escaped with a backslash
(for example,
“CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com”).
Directory Service command-line tools help:
dsadd /? – help for adding objects.
dsget /? – help for displaying objects.
dsmod /? – help for modifying objects.
dsmove /? – help for moving objects.
dsquery /? – help for finding objects matching search criteria.
dsrm /? – help for deleting objects.
La sintassi da utilizzare per la creazione di un utente è la seguente:
dsadd user CN=NOME,OU=Test,DC=dominio,DC=chiatto,DC=net -samID NOME SAM -fn NOME -ln COGNOME -pwd PASSWORD -disabled NO -display “NOME” -mustchpwd NO -canchpwd NO
CN= Inserire il CN della OU dove si intende salvare l’utente
samID= Inserire SAM Account Name
fn= Inserire il Nome dell’utente
ln= Inserire il Cognome dell’utente
pwd= Inserire la password
disabled= lasciare NO se si intende abilitare l’utenza da creare
display= Inserire il Nome dell’utente che verrà visulizzato
mustchpwd= Lasciare NO se non si DEVE far cambiare la password all’utenza da creare
canchpwd= InLasciare NO se non si vuol far cambiare la password all’utenza da creare
Di seguito il listato di tutte le del comando dsadd opzioni ottenbili da una qualsiasi finestra DOS con il comando dsadd user /?
Description: Adds a user to the directory.
Syntax: dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>]
[-mi <Initial>] [-ln <LastName>] [-display <DisplayName>]
[-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>]
[-memberof <Group …>] [-office <Office>] [-tel <Phone#>]
[-email <Email>] [-hometel <HomePhone#>] [-pager <Pager#>]
[-mobile <CellPhone#>] [-fax <Fax#>] [-iptel <IPPhone#>]
[-webpg <WebPage>] [-title <Title>] [-dept <Department>]
[-company <Company>] [-mgr <Manager>] [-hmdir <HomeDir>]
[-hmdrv <DriveLtr:>] [-profile <ProfilePath>] [-loscr <ScriptPath>]
[-mustchpwd {yes | no}] [-canchpwd {yes | no}]
[-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}]
[-acctexpires <NumDays>] [-disabled {yes | no}]
[{-s <Server> | -d <Domain>}] [-u <UserName>]
[-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]
Parameters:
Value Description
<UserDN> Required. Distinguished name (DN) of user to add.
If the target object is omitted, it will be taken
from standard input (stdin).
-samid <SAMName> Set the SAM account name of user to <SAMName>.
If not specified, dsadd will attempt
to create SAM account name using up to
the first 20 characters from the
common name (CN) value of <UserDN>.
-upn <UPN> Set the upn value to <UPN>.
-fn <FirstName> Set user first name to <FirstName>.
-mi <Initial> Set user middle initial to <Initial>.
-ln <LastName> Set user last name to <LastName>.
-display <DisplayName> Set user display name to <DisplayName>.
-empid <EmployeeID> Set user employee ID to <EmployeeID>.
-pwd {<Password> | *} Set user password to <Password>. If *, then you are
prompted for a password.
-desc <Description> Set user description to <Description>.
-memberof <Group …> Make user a member of one or more groups <Group …>
-office <Office> Set user office location to <Office>.
-tel <Phone#> Set user telephone# to <Phone#>.
-email <Email> Set user e-mail address to <Email>.
-hometel <HomePhone#> Set user home phone# to <HomePhone#>.
-pager <Pager#> Set user pager# to <Pager#>.
-mobile <CellPhone#> Set user mobile# to <CellPhone#>.
-fax <Fax#> Set user fax# to <Fax#>.
-iptel <IPPhone#> Set user IP phone# to <IPPhone#>.
-webpg <WebPage> Set user web page URL to <WebPage>.
-title <Title> Set user title to <Title>.
-dept <Department> Set user department to <Department>.
-company <Company> Set user company info to <Company>.
-mgr <Manager> Set user’s manager to <Manager> (format is DN).
-hmdir <HomeDir> Set user home directory to <HomeDir>. If this is
UNC path, then a drive letter that will be mapped to
this path must also be specified through -hmdrv.
-hmdrv <DriveLtr:> Set user home drive letter to <DriveLtr:>
-profile <ProfilePath> Set user’s profile path to <ProfilePath>.
-loscr <ScriptPath> Set user’s logon script path to <ScriptPath>.
-mustchpwd {yes | no} User must change password at next logon or not.
Default: no.
-canchpwd {yes | no} User can change password or not. This should be
“yes” if the -mustchpwd is “yes”. Default: yes.
-reversiblepwd {yes | no}
Store user password using reversible encryption or
not. Default: no.
-pwdneverexpires {yes | no}
User password never expires or not. Default: no.
-acctexpires <NumDays> Set user account to expire in <NumDays> days from
today. A value of 0 implies account expires
at the end of today; a positive value
implies the account expires in the future;
a negative value implies the account already expired
and sets an expiration date in the past;
the string value “never” implies that the
account never expires.
-disabled {yes | no} User account is disabled or not. Default: no.
{-s <Server> | -d <Domain>}
-s <Server> connects to the domain controller (DC)
with name <Server>.
-d <Domain> connects to a DC in domain <Domain>.
Default: a DC in the logon domain.
-u <UserName> Connect as <UserName>. Default: the logged in user.
User name can be: user name, domain\user name,
or user principal name (UPN).
-p {<Password> | *} Password for the user <UserName>. If * is entered,
then you are prompted for a password.
-q Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci} -uc Specifies that input from or output to pipe is
formatted in Unicode.
-uco Specifies that output to pipe or file is
formatted in Unicode.
-uci Specifies that input from pipe or file is
formatted in Unicode.
Remarks:
If you do not supply a target object at the command prompt, the target
object is obtained from standard input (stdin). Stdin data can be
accepted from the keyboard, a redirected file, or as piped output from
another command. To mark the end of stdin data from the keyboard or
in a redirected file, use Control+Z, for End of File (EOF).
If a value that you supply contains spaces, use quotation marks
around the text (for example, “CN=John Smith,CN=Users,DC=microsoft,DC=com”).
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).
The special token $username$ (case insensitive) may be used to place the SAM
account name in the value of a parameter. For example, if the target user DN
is CN=Jane Doe,CN=users,CN=microsoft,CN=com and the SAM account name
attribute is “janed,” the -hmdir parameter can have
the following substitution:
-hmdir \users\$username$\home
The value of the -hmdir parameter is modified to the following value:
– hmdir \users\janed\home
See also:
dsadd computer /? – help for adding a computer to the directory.
dsadd contact /? – help for adding a contact to the directory.
dsadd group /? – help for adding a group to the directory.
dsadd ou /? – help for adding an organizational unit to the directory.
dsadd user /? – help for adding a user to the directory.
dsadd quota /? – help for adding a quota to the directory.
Directory Service command-line tools help:
dsadd /? – help for adding objects.
dsget /? – help for displaying objects.
dsmod /? – help for modifying objects.
dsmove /? – help for moving objects.
dsquery /? – help for finding objects matching search criteria.
dsrm /? – help for deleting objects.
dsadd failed:The parameter is incorrect.
type dsadd /? for help.
Per poter creare tante utenze in modo massimo mi sono servito del potente strumento qual’è Excel.
Di seguito tutto ciò che ho fatto:
-
Ho creato un foglio Dati dove ho creato un template dove bisogna insierire i dati in modo massivo
-
Ho creato un foglio Stringa dove grazie alla formula CONCATENA mi crea la stringa che andrò a lanciare dall, finestra di DOS dell’Active Directory
Una volta inseriti tutti i dati (Nome,Congome,LogonID,Password, ecc…) all’interno del foglio Dati basterà andare nel foglio Stringa e copiare tutte le righe che magicamente sono state create, quindi incollarle all’interno di un finestra DOS sul Controller di Dominio ed attendere la creazione.
In allegato il foglio Excel con il template creato:
Sono Raffaele Chiatto, un appassionato di informatica a 360°…
Mi sono avvicinato al mondo dell’informatica nel lontano 1996 con Windows 95 e da allora non ho più smesso di dedicarmi allo studio ed approfondimento di questo settore.
Laureato in Ingegneria Informatica nel 2009, lavoro nel campo dell’IT dal lontano 2001.
0 commenti