XP / 2000 clients - folder redirect, password + user name generator
Top  Previous  Next


Task

·Create short & unique AD user names from first two letters in first name + initials + first two letters in last name. Compare new names with existing common names.  
·Generate 8 character pronounceable passwords  
·Create accounts, set first name, last name etc.  
·Creates home directories  
·Use a policy to redirect "my documents" to user home directory to a shared directory above the home directory - only one shared directory. Notice that this method only works for XP/2000 clients, read more here About home directories for different Windows clients.  

1) Create the home directory root on the server and share it

·Use explorer to create and share "%HomeRoot%", in this case "e:\users". Important: the file system on the drive you choose MUST be NTFS.  

2) Use this SetupBatcher script file

[Settings_Begin]
BatchSettings.Delimiter=TAB

Generator.Password.DestCol=5
Generator.Password.Special.Vowels=aeiouy
Generator.Password.Special.Consonants=bcdfghjklmnpqrstvwxz
Generator.Password.Special.Numbers=012398742265
Generator.Password.Special.Special=%
Generator.Password.Special.Format=bnaBbabr

SET FirstName=%col1%
SET Initials=%col2%
SET LastName=%col3%
SET FullName=%col1% %col2% %col3%   // create full name from col 1+2+3
SET AccountName=%col4%    // %AccountName% instead of %col4% below = easier to change column
SET Password=%col5%
SET Description=%col6%
BatchSettings.MarkerCol=7
SET AccountExpires=2005-11-13

BatchSettings.AddToValidCharSet=äöåÄÖÅéÉü // Allow Swedish characters in user and group names

SET ADDomainPath=dc=com/dc=acme/dc=D2
SET ADOU=Students
SET ADOUPath=%ADDomainPath%/ou=%ADOU%

SET DupeCheckFQDN=edu8.d2.acme.com

SET HomeRoot=e:\users
SET HomePermissions=%AccountName%:F administrators:F System:F

SET IDGroup=Students
SET IDGroupDesc=Students
[Settings_End]

[Machines_Begin]
\\EDU8      NT PDC    
[Machines_End]

[Init_Batch_Begin]
// Create short account names in col 4 from col 1, 2 & 3
Data.Loop   
 Data.Write 4,lowercase(Copy(%col1%,1,2)%col2%Copy(%col3%,1,2))   
Data.Endloop   
// Compare account names with existing common names, add number if same
Data.Column.DupeCheck 4,CN,%DupeCheckFQDN%/%ADDomainPath%,AddNumber
Data.Passwords.Generate Special   
AD.OU.Create %ADDomainPath%,%ADOU%   
$i AD.Group.Create Global,%ADOUPath%,%IDGroup%,%IDGroupDesc%   
[Init_Batch_End]

[Batch_Begin]
Data.Loop   
 AD.Account.Create %ADOUPath%,%AccountName%,%AccountName%,%Password%   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,UserPrincipalName,%AccountName%@mydomain.com   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,Description,%Description%   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,FirstName,%FirstName%   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,Initials,%Initials%   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,LastName,%LastName%   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,FullName,%FullName%   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,AccountExpires,%AccountExpires%   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,AccountDisabled,No   
 AD.Account.SetProperty %ADOUPath%/cn=%AccountName%,PWMustChange,No   
 AD.Group.AddObject %ADOUPath%/cn=%IDGroup%,%ADOUPath%/cn=%AccountName%   
 DOS md %HomeRoot%\%AccountName%   
 DOS echo y| cacls %HomeRoot%\%AccountName% /G %HomePermissions%   
Data.Endloop   
[Batch_End]

[Undo_Batch_Begin]
Data.Loop   
 AD.Account.Delete %ADOUPath%,%AccountName%   
 DOS echo y| rd %HomeRoot%\%AccountName%\ /s   
 // The /s switch causes rd to remove all directories and files in the specified directory   
Data.Endloop   
[Undo_Batch_End]

[Data_Begin]
Roger   J   Smith
Cynthia   L   Barnes
[Data_End]

About the script

·DNS domain name = "D2.acme.com" -> "SET ADDomainPath=dc=com/dc=acme/dc=D2".  
·NetBIOS server name = "\\EDU8" -> listed in the [Machines] section.  
·FQDN server name = "edu8.d2.acme.com" -> "SET DupeCheckFQDN=edu8.d2.acme.com".  
·Use the "ADOU" variable to specify destination OU.  

3) Create a policy that redirects "my documents" to each users home directory on the server

Policies are used to specify what a group of users can and cannot do. Policies can also be used to map folders, manage system settings etc. In order to use policies for an account it must belong to an Organizational Unit.

·Right-click the OU "students" and select "properties" from the pop-up menu (the OU "students" is created in the script above)  
·Click "Group Policy"  
·Click the "New" button  
·Click the "Edit" button  



·In the management console, click "User Configuration" / "Windows Settings" / "Folder redirection"  
·Right-click "My documents", choose "properties"  
·Choose setting "Basic - Redirect everyone's folder to the same location"  
·Enter target folder location. Example: "\\x5012b\users\%username%"  




·Settings page: Uncheck "Grant the user exclusive rights to the folder" - if you leave this option checked Windows 2000 will change the access rights setting from the CACLS command in SetupBatcher.