Manage accounts when AD container is unknown
Top  Previous  Next


Sometimes the common name, samAccountName, full name (display name) or UserPrincipalName is known but not the active directory container (AD path). How to solve this problem depends on how many accounts that are to be managed and if the [Data] section can be overwritten or not.

When can the [Data] section be overwritten?

When a property is to be set to the same value for all accounts in the same job (example: AccountExpires, LoginScript, Profile), the value can be specified in the actual command; example:

AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,PWMustChange,No

Summary: value specified in command - [Data] section not used for values - [Data] section can be overwritten.

When can the [Data] section not be overwritten?

When a property is to be set to different values for different accounts (example: TelephoneNumber, EmailAddress, HomePage), data must be specified in the [Data] section, example:

AD.Account.SetProperty dc=com/dc=acme/dc=D09/cn=users/cn=%col2%, StreetAddress, %col5%

Summary: value specified in [Data] section - [Data] section can not be overwritten.

Solutions

1) Extract all accounts and AD paths in domain to [Data] section, use multicompare to search for accounts, delete non-matching [Data] rows

Conditions:  
 
·Limited number of accounts to manage in the job  
·[Data] section not used for properties - can be overwritten by SetupBatcher  

2) Use ADvalue to lookup AD path from full name (display name), samAccountName or UserPrincipalName

Conditions:  
 
·Large number of accounts and / or  
·[Data] section used for properties - can not be overwritten by SetupBatcher  
·Common name is same as at least one of full name, samAccountName or UserPrincipalName  

3) Extract AD paths for all accounts to [Data] section, store in temp file, load work data from external file, use FileValueFind to find common name in temp file

Conditions:  
 
·Large number of accounts and / or  
·[Data] section used for properties - can not be overwritten by SetupBatcher  
·Common name is different from both full name, samAccountName and UserPrincipalName  

4) Use ADpathFind to lookup AD path from any unique Active Directory property

Conditions:  
 
·Large number of accounts and / or  
·[Data] section used for properties - can not be overwritten by SetupBatcher  
·Common name is different from both full name, samAccountName and UserPrincipalName