Learning ADSI - Part 1: Adding Users To W2K

Introduction

As the desire and need for the Internet grew, Microsoft created new products and modified its old ones. Windows OS required features that gave developers and administrators the option to perform tasks remotely. Microsoft responded in part with Active Directory Services Interface (ADSI). ADSI provides a single set of directory interfaces for accessing and managing network resources. So for instance, an administrator could change user permissions or add a user to a network, independent of network environment, using a Web interface or a VB program.

Caveat

As the desire and need for the Internet grew, Microsoft created new products and modified its old ones. Windows OS required features that gave developers and administrators the option to perform tasks remotely. Microsoft responded in part with Active Directory Services Interface (ADSI). ADSI provides a single set of directory interfaces for accessing and managing network resources. So for instance, an administrator could change user permissions or add a user to a network, independent of network environment, using a Web interface or a VB program.

Caveat

As the desire and need for the Internet grew, Microsoft created new products and modified its old ones. Windows OS required features that gave developers and administrators the option to perform tasks remotely. Microsoft responded in part with Active Directory Services Interface (ADSI). ADSI provides a single set of directory interfaces for accessing and managing network resources. So for instance, an administrator could change user permissions or add a user to a network, independent of network environment, using a Web interface or a VB program.

Caveat

Please keep in mind that you are going to modify the basics of the Windows NT security model. You should be very alert when dealing with ADSI. Keep in mind that a simple mistype could mean reformatting and reinstalling your system. Don't do it on a operational machine! Please know that I have tried to make the following code as accurate as possible. Yet I can't guarantee their outcome. So please don't just copy and paste. I know it is very attractive, but it could cause you to spend the next couple of hours looking at a very appealing Windows installation screen.

Please keep in mind that you are going to modify the basics of the Windows NT security model. You should be very alert when dealing with ADSI. Keep in mind that a simple mistype could mean reformatting and reinstalling your system. Don't do it on a operational machine! Please know that I have tried to make the following code as accurate as possible. Yet I can't guarantee their outcome. So please don't just copy and paste. I know it is very attractive, but it could cause you to spend the next couple of hours looking at a very appealing Windows installation screen.

Please keep in mind that you are going to modify the basics of the Windows NT security model. You should be very alert when dealing with ADSI. Keep in mind that a simple mistype could mean reformatting and reinstalling your system. Don't do it on a operational machine! Please know that I have tried to make the following code as accurate as possible. Yet I can't guarantee their outcome. So please don't just copy and paste. I know it is very attractive, but it could cause you to spend the next couple of hours looking at a very appealing Windows installation screen.

Windows Security Account Manager

The Security Account Manager (SAM) is the portion of Windows which registers and holds all user information and knows all the default configuration settings. Our first meeting with SAM entails the process of creating a user. This applies to Windows 2000 as well as Windows NT 4.0.

NOTE: In order for the following code to work, administrator rights are required.

The Security Account Manager (SAM) is the portion of Windows which registers and holds all user information and knows all the default configuration settings. Our first meeting with SAM entails the process of creating a user. This applies to Windows 2000 as well as Windows NT 4.0.

NOTE: In order for the following code to work, administrator rights are required.

The Security Account Manager (SAM) is the portion of Windows which registers and holds all user information and knows all the default configuration settings. Our first meeting with SAM entails the process of creating a user. This applies to Windows 2000 as well as Windows NT 4.0.

NOTE: In order for the following code to work, administrator rights are required.

Adding A User to The SAM


This code can be activated by calling it anywhere in the ASP page (line 1). Also, make sure to spell winnt like the example given in line 7. ADSI is very case sensitive and will refuse to work if you spell it differently. As you can see there are no attributes given; this user is created without a password. Let's do something about that.


As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].


As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

This code can be activated by calling it anywhere in the ASP page (line 1). Also, make sure to spell winnt like the example given in line 7. ADSI is very case sensitive and will refuse to work if you spell it differently. As you can see there are no attributes given; this user is created without a password. Let's do something about that.

As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

Next stop is the userflags. These control options such as "Password Never Expires" and "Account Disabled".


In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

So now we have a new user with all the default settings. Maybe this is enough for your home situation, but many companies want to set more boundaries for their users. Also, a lot of companies have the personal settings of their users stored on a separate network drive. ADSI allows you to make sure your new users have the same configuration as every other employee.


Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Look out for little mistakes and adjust the code so it applies to your situation. Just in case: I cannot be held responsible for any damage that could occur before, during or after implementing and using this code.


This code can be activated by calling it anywhere in the ASP page (line 1). Also, make sure to spell winnt like the example given in line 7. ADSI is very case sensitive and will refuse to work if you spell it differently. As you can see there are no attributes given; this user is created without a password. Let's do something about that.


As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

This code can be activated by calling it anywhere in the ASP page (line 1). Also, make sure to spell winnt like the example given in line 7. ADSI is very case sensitive and will refuse to work if you spell it differently. As you can see there are no attributes given; this user is created without a password. Let's do something about that.

As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

Next stop is the userflags. These control options such as "Password Never Expires" and "Account Disabled".


In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

So now we have a new user with all the default settings. Maybe this is enough for your home situation, but many companies want to set more boundaries for their users. Also, a lot of companies have the personal settings of their users stored on a separate network drive. ADSI allows you to make sure your new users have the same configuration as every other employee.


Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Look out for little mistakes and adjust the code so it applies to your situation. Just in case: I cannot be held responsible for any damage that could occur before, during or after implementing and using this code.


This code can be activated by calling it anywhere in the ASP page (line 1). Also, make sure to spell winnt like the example given in line 7. ADSI is very case sensitive and will refuse to work if you spell it differently. As you can see there are no attributes given; this user is created without a password. Let's do something about that.


As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a policy about that. Please be advised that the above code is for adding a new user. I will cover modifying an existing user in a future article. The problem about ADSI is that you can't guess the code. It's not as easy as only punching up user.[attribute_name].

Next stop is the userflags. These control options such as "Password Never Expires" and "Account Disabled".


In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

In the example above I gave my new user some restrictions. The outcome of this subroutine is that my new user will have a valid password (password isn't expired because it's set on 0. If you change it to 1, the password isn't valid anymore. If the password is expired, the user will be forced to change it at the next login). He will be unable to change his own password; his password will never expire; and his account is disabled and locked. In order to change, this you should modify the subroutine call.

So now we have a new user with all the default settings. Maybe this is enough for your home situation, but many companies want to set more boundaries for their users. Also, a lot of companies have the personal settings of their users stored on a separate network drive. ADSI allows you to make sure your new users have the same configuration as every other employee.


Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Now we have all the information we need to make a new user. I'm not going to explain these options because if you don't know them, you don't need to use them. The three subroutines we created can be used perfectly in combination with each other (see below). Remember, please test on a non-operational system first!

Look out for little mistakes and adjust the code so it applies to your situation. Just in case: I cannot be held responsible for any damage that could occur before, during or after implementing and using this code.


About the Author

Remie Bolte is a student at communicatiesystemen in the Netherlands. He has experience with VB, ASP, VBScript and SQL. His goal in life is to clean up the Internet and show people how it can benefit their needs. Remie can be reached at r.bolte@vinrem.nl.

Remie Bolte is a student at communicatiesystemen in the Netherlands. He has experience with VB, ASP, VBScript and SQL. His goal in life is to clean up the Internet and show people how it can benefit their needs. Remie can be reached at r.bolte@vinrem.nl.

Remie Bolte is a student at communicatiesystemen in the Netherlands. He has experience with VB, ASP, VBScript and SQL. His goal in life is to clean up the Internet and show people how it can benefit their needs. Remie can be reached at r.bolte@vinrem.nl.

阅读更多
个人分类: ASP
下一篇Learning ADSI - Part 2: Editing Users and Administering Groups
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭