|
SamAccount commands vs. AD commands
|
|
|
|
Account.Create
|
Account.Edit
|
AD.Account.
Create |
AD.Account.
SetProperty |
|
Description
|
create new account + set ALL initial properties
|
edit one or many properties
|
create new account, sets CN, SamAccountName and Password + some default properties, all other properties must be set with AD.Account.
SetProperty |
set/modify/delete single property, all properties that Account.Create and Account.Edit manages and many more
|
|
Runs on
|
NT3.51, NT4, 2000 server and workstation, XP workstation, 2003 server
|
NT3.51, NT4, 2000 server and workstation, XP workstation, 2003 server
|
2000 and 2003 server only
|
2000 and 2003 server only
|
|
Target server (workstation)
|
from [Machines] section
|
from [Machines] section
|
resolved from active directory domain path which is specified as command parameter, usually the first part of a user defined "SET" variable (same as below)
|
resolved from active directory domain path which is specified as command parameter, usually the first part of a user defined "SET" variable (same as below)
|
|
Account specified by
|
SamAccountName,
usually a user defined "SET" variable that points to a column in the [Data] section |
SamAccountName,
usually a user defined "SET" variable that points to a column in the [Data] section |
full active directory path, usually a user defined "SET" variable with the last part pointing to the [Data] section
|
full active directory path, usually a user defined "SET" variable with the last part pointing to the [Data] section
|
|
Property
|
checks for defined properties in [Settings]
|
checks for defined properties in [Settings]
|
all except default properties must be set with AD.Account.
SetProperty |
specified by command parameter
|
| · | Account.Create creates accounts and sets initial properties on both NT4 and 2000 server and workstation, XP workstation and 2003 server.
|
| · | Account.Edit edits accounts on both NT4 and Windows 2000 server and workstation, XP workstation and 2003 server.
|
| · | Account.Create and Account.Edit uses old style SAM calls to mange accounts - refers to account by SamAccountName and reads server name from the [Machines] section.
|
| · | Account.Create and Account.Edit has predefined settings in the [Setting] section, example "Account.Description=...", "Account.Disabled=..." etc.
|
| · | One Account.Create or Account.Edit command sets all settings defined in [Settings].
|
| · | AD.Account.Create creates accounts on Windows 2000 and 2003 server only.
|
| · | AD.Account.SetProperty sets and edits account and active directory properties on already existing accounts on Windows 2000 and 2003 server only.
|
| · | AD.Account.Create and AD.Account.SetProperty refers to accounts by full Active Directory path
|
| · | Example: the full path to "myaccount" in the "users" container in domain "d09.acme.com" is "dc=com/dc=acme/dc=D09/cn=users/cn=myaccount".
|
| · | AD.Account.SetProperty manages both default AD properties and user defined (extended schema) AD properties.
|
| · | One AD.Account.SetProperty command sets one property - to set three properties you need three commands.
|
| · | In this example, the "Account.Create" command sets -
|
| · | account name - read from column two in [Data]
|
| · | full name - read from column one in [Data]
|
| · | password - read from column three in [Data]
|
| · | account expiration date - never
|
| · | script name - "teachers.bat"
|
| · | "username" is a user defined variable, you can rename it to what you like, but remember to change the name in both the [settings] and the [batch] sections.
|
| · | Three commands sets the three properties "FirstName", "Initials" and "LastName".
|
| · | Notice that "ADDomainPath", "ADOUName" and "ADOUPath" are user defined variables, all variables after the text "SET" are. You can rename them to what you like. And you can delete them and specify everything within the commands if you think that is a good idea. (It is not.)
|