CerroTorre LogoLogoEnglish translationLink zur SitemapLink zum Impressum
Link zu SelfADSI Home Link zur Linkliste Link zu FAQs
SelfADSI Home

SelfADSI - The LDAP / ADSI Scripting Tutorial
Creating Directory Objects

 Vorheriges Kapitel   SelfADSI Home   Nächstes Kapitel

In order to create different objects you may just connect to the directory container in which the new objects shall be. There, you use the container operation create(). You have to pass the object class for the new object and its relative distinguished name (RDN). In addition, depending on the specific object class, mandatory attributes have to be set, otherwise the object can not be created appropriately or even cannot be created at all.

 

Examles for ADS and Exchange (for Exchange 2000 or later):

 

Creating Organizational Units    
     
Creating Users Creating Mail Users
Creating Contacts Creating Local Groups
Creating Global Groups Creating Universal Groups

 

Examples for Novell eDirectory (NDS):

 

TopOfPage Creating Organizational Units TopOfPage Creating ZEN Application Objects
       
TopOfPage Creating Users TopOfPage Creating Groups

 

TopOfPage Creating Organizational Units

 

In order to create an ADS Organizational Unit, you have to connect to the directory container in which it shall be created. This can be either a domain object or another OU.

 

Set parent = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set ou = parent.Create("organizationalUnit", "ou=Department1")
ou.SetInfo


< back to top

TopOfPage Creating Users

 

In order to create an ADS user, you have to utilize the object class 'user' and after that you have to set at least the attribute 'sAMAccountName' (Windows NT logon name):

 

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set user = ou.Create("user", "cn=Philipp")
user.sAMAccountName = "philipp"
user.SetInfo

 

By the way, the user is created as a deactivated user without password. Possible existing password standards (minimum password length or complexity reuqirements) are not considered. For activating the account at the same time, the following code can be used:

 

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set user = ou.Create("user", "cn=Philipp")
user.sAMAccountName = "philipp"
user.pwdLastSet = -1

user.SetInfo

user.AccountDisabled = FALSE
user.SetInfo

 

Attention: In this case, it is inevitable to run the SetInfo routine twice. More information about the relevant LDAP attributes or about the configuration of additional object properties can be found in 'Attributes for ADS User' here in the SelfADSI Tutorial.


< back to top

TopOfPage Creating Mail Users

 

In order to create a mail-enabled user within an Exchange organisation (Exchange 2000 upwards) the object class 'user' has to be used and then at least the attributes 'sAMAccountName' (Windows NT logon name), 'mailNickName' (Exchange alias), 'displayName' and 'homeMDB' (information store of the mailbox) have to be set:

 

The exact distinguished name of the information store has to be used which consists of the organisations' name of the Exchange server, the name of the storage group and the database.

 

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set mailuser = ou.Create("user", "cn=Philipp")
mailuser.sAMAccountName = "philipp"
mailuser.homeMDB = "CN=Name of the Priv Database," &
    "CN=Name of the StorageGroup,CN=InformationStore,CN=Name of the Exchange server,"& _
    "CN=Servers,CN=Name of the administrative group," & _
    "CN=Administrative Groups,CN=Name of the Exchange organisation,CN=Microsoft Exchange," & _
    "CN=Services,CN=Configuration,DC=cerrotorre,DC=de"
mailuser.mailNickName = "philipp"
mailuser.displayName = "Foeckeler, Philipp"
mailuser.SetInfo

 

The mailbox of this user will not be displayed in the Exchange System Manager (ESM) as long as the first mail is delivered. By the way, the user is created as deactivated user without password. Possible existing password standards (minimum password length or complexity reuqirements) are not considered. For activating the account at the same time, the following code has be used:

 

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set mailuser = ou.Create("user", "cn=Philipp")
mailuser.sAMAccountName = "philipp"
mailuser.homeMDB = "CN=Name of the Priv Database," &
    "CN=Name of the StorageGroup,CN=InformationStore,CN=Name of the Exchange server,"& _
    "CN=Servers,CN=Name of the administrative group," & _
    "CN=Administrative Groups,CN=Name of the Exchange organisation,CN=Microsoft Exchange," & _
    "CN=Services,CN=Configuration,DC=cerrotorre,DC=de"
mailuser.mailNickName = "philipp"
mailuser.displayName = "Foeckeler, Philipp"
mailuser.SetInfo

mailuser.AccountDisabled = FALSE
mailuser.SetInfo

 

Attention: In this case, it is inevitable to run the SetInfo routine twice. More information about the relevant LDAP attributes or about the configuration of additional object properties can be found in 'Attributes for ADS User' here in the SelfADSI Tutorial.


< back to top

TopOfPage Creating Contacts

 

If you want to create a mail-enabled contact within an Exchange Organisation (Exchange 2000 upward), the object class 'contact'will have to to be used and then at least the attributes 'mailNickName' (Exchange alias), ' displayName' and 'targetAddress' (external mail adress) have to be set (this is the Windows NT logon name):

 

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set mailcontact = ou.Create("contact", "cn=Mail-Contact")
mailContact.mailNickName = "pfoeckeler-extern"
mailContact.displayName = "Föckeler, Philipp (Extern)"
mailContact.targetAddress = "philipp.foeckeler@cerrotorre.de"
mailcontact.SetInfo

 

More information about the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.


< back to top

TopOfPage Creating Local Groups

 

If you want to create a local ADS group, the object class 'group' needs to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name) and 'groupType' (group area) have to be set:

 

ADS_GROUP_TYPE_LOCAL_GROUP      = &H00000004
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set localgroup = ou.Create("group", "cn=SAPUsers")
localgroup.sAMAccountName = "SAPUsers"
localgroup.groupType = ADS_GROUP_TYPE_LOCAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
localgroup.SetInfo

 

In order to create a local distribution group within an Exchange organisation (Exchange 2000 upwards), the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (Windows NT logon name), 'mailNickName' (Exchange alias), 'displayName' and 'groupType' have to be set:

 

 

ADS_GROUP_TYPE_LOCAL_GROUP      = &H00000004
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set local-dl = ou.Create("group", "cn=All-SAP-Users")
local-dl.sAMAccountName = "All-SAP-Users"
local-dl.mailNickName = "All-SAP-Users"
local-dl.displayName = "All SAP Users"
local-dl.groupType = ADS_GROUP_TYPE_LOCAL_GROUP
local-dl.SetInfo

 

If you want the group becoming a security group that is able to get permissions as well as to receive mail, then the group type has to be set like this:

 

...
local-dl.groupType = ADS_GROUP_TYPE_LOCAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
...

 

If you need further information concerning the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.

 


< back to top

TopOfPage Creating Global Groups

 

If wanting to create a local ADS group, the object class 'group' needs to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name) and 'groupType' (group area) have to be set:

 

ADS_GROUP_TYPE_GLOBAL_GROUP     = &H00000002
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set globalgroup = ou.Create("group", "cn=Development")
globalgroup.sAMAccountName = "Entwicklung"
globalgroup.groupType = ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
globalgroup.SetInfo

 

In order to create a global distribution group within an Exchange Organisation (Exchange 2000 upwards) ,the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name), 'mailNickName' (Exchange alias), 'displayName' and 'groupType' have to be set:

 

ADS_GROUP_TYPE_GLOBAL_GROUP     = &H00000002
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set global-dl = ou.Create("group", "cn=All-Department-Managers")
global-dl.sAMAccountName = "All-Department-Managers"
global-dl.mailNickName = "All-Department-Managers"
global-dl.displayName = "All Department Managers"
global-dl.groupType = ADS_GROUP_TYPE_GLOBAL_GROUP
global-dl.SetInfo

 

If you want the group becoming a security group that is able to get permissions as well as to receive mail, then the group type has to be set like this:

 

...
local-dl.groupType = ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
...

 

More information about the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.


< back to top

TopOfPage Creating Universal Groups

 

If you want to create a universal ADS group, the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name) and 'groupType' (group area) have to be set:

 

 

ADS_GROUP_TYPE_UNIVERSAL_GROUP  = &H00000008
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set globalgroup = ou.Create("group", "cn=Support")
globalgroup.sAMAccountName = "Support"
globalgroup.groupType = ADS_GROUP_TYPE_UNIVERSAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
globalgroup.SetInfo

 

In order to create a universal distribution group within an Exchange Organisation (Exchange 2000 upwards), the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name), 'mailNickName' (Exchange alias), 'displayName' and 'groupType' have to be set:

 

ADS_GROUP_TYPE_UNIVERSAL_GROUP  = &H00000002
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")

Set global-dl = ou.Create("group", "cn=All-Support-Engineers")
global-dl.sAMAccountName = "All-Support-Engineers"
global-dl.mailNickName = "All-Support-Engineers"
global-dl.displayName = "All Support Engineers"
global-dl.groupType = ADS_GROUP_TYPE_UNIVERSAL_GROUP
global-dl.SetInfo

 

If you want the group to become a security group that is able to get permissions as well as to receive mail, then the group type has to be set like this:

 

...
local-dl.groupType = ADS_GROUP_TYPE_UNIVERSAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
...

 

More information about the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.


< back to top

TopOfPage Creating Organizational Units in the eDirectory

 

If you need to create an Organizational Unit within the eDirectory, you connect to the directory container in which the new objects shall be created in at first. This can be either an object of an organisation, another OU, a locality object or a domain. No mandatory attributes need to be set.

 

Set parent = GetObject("LDAP://ou=DE,o=CERROTORRE")

Set user = parent.Create("organizationalUnit", "cn=Karlsruhe")
user.SetInfo


< back to top

TopOfPage Creating User in the eDirectory

 

In order to create an eDirectory user, you have to use the object class 'inetOrgPerson' and then you have to set at least the attribute 'sn' (surname):

 

set ou = GetObject("LDAP://ou=Accounts,ou=DE,o=CERROTORRE")

set user = ou.Create("inetOrgPerson", "cn=Philipp")
user.sn = "Foeckeler"
user.SetInfo


< back to top

TopOfPage Creating Groups in the eDirectory

 

For creating an eDirectory group, the object class 'group', 'groupOfNames' or as well 'groupOfUniqueNames' may be used. These are equal synonyms of the same object class. No mandatory attributes need to be set.

 

Set ou = GetObject("LDAP://ou=Groups,ou=DE,o=CERROTORRE")

Set group = ou.Create("groupOfNames", "cn=CerroAdmins")
group.SetInfo


< back to top

TopOfPage Creating ZEN Application Objects in the eDirectory

 

For creating a ZEN Application Object the object class 'appApplication' has to be used and at least the attributes 'appCaption' and 'appPath' have to be set. This is the description of the applications and the call path of the respective program:

 

set ou = GetObject("LDAP://ou=Apps,ou=DE,o=CERROTORRE")

set app = ou.Create("appApplication", "cn=AppControl")
app.Put "appCaption", "AppControl 1.0"
app.Put "appPath", "47 NULL"
app.SetInfo

 

Please note that we have to use the entirely official put method here and can not simply set the attributes as object properties. Thus, the call app.appCaption = 'AppControl 1.0' would have caused a runtime error. The reason for this is that the attributes appCaption and appPath feature a type that is specifc to providers and are no standard strings.

 

In our example I have set the path to the executable data file empty - for that purpose the string '47 NULL' has to be set as value.


< back to top


back to SelfADSI home

Sprich Freund, und tritt ein...