'              New User setup script by Alex ' This script will create the user, create their home folder, create their mailbox, ' set their home directory to their home folder, point them to the appropriate login ' script and point their profile to the right place. It will also add them to the ' security group and distribution group of their primary location as well as the ' Staff Personnell distribution group.  It also sets correct permissions to the user's ' newly created home folder and disables Outlook Web Access (if selected) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Const ADS_PROPERTY_APPEND = 3

'// First we prompt for the main variables //'

sFirstName = trim(inputBox("Enter the FIRST NAME of the new user")) sLastName = trim(inputBox("Enter the LAST NAME of the new user"))

sUsername = lcase(left(replace(sLastname, " ", ""), 6) & left(sFirstName, 1)) sBranch = trim(InputBox("In which BRANCH will they be located?" ,"Branch login prompt")) sPhone = trim(InputBox("What is their PHONE extension?")) sDescription = InputBox("Enter a description for the user - Hillcrest Teller, MSR, etc.") iOWA = msgbox("Should this person have Outlook Web Access enabled?", 4, "Outlook Web Access") iExternalEmail = msgbox("Will this person have an external email address?", 4, "External Email") folderPath = "\\servername\usersDIR\" & sUsername sLoginScript = lcase(replace(sBranch, " ", "")) & ".bat"

if lcase(sBranch) = "****branch1 name****" Then   sBrSecGrp = "****Your branch1 security group name****" elseif lcase(sBranch) = "****branch2 name****" Then   sBrSecGrp = "****Your branch2 security group name****" elseif lcase(sBranch) = "****branch3 name****" Then   sBrSecGrp = "****Your branch3 security group name****" elseif lcase(sBranch) = "****branch4 name****" Then   sBrSecGrp = "****Your branch4 security group name****"

''' you can repeat this loop for as many branches as you have ''' else   Wscript.echo "You entered an invalid branch name.  Please start over"   Wscript.quit end if

sFloater = msgbox("Is this user a FLOATER?", 4, "Floater Question") if sFloater = 6 Then   sBrSecGrp = "Floater" end if

iCheckName = msgbox("You have entered the following information" & vbcrlf & _                     "First Name: " & sFirstName & vbcrlf & _                     "Last Name: " & sLastName & vbcrlf & _                     "The username will be: " & sUsername & vbcrlf & _                     "Their primary branch is: " & sBranch & vbcrlf & _                     "Their phone extension is: " & sPhone & vbcrlf & _                     "The login script will be: " & sLoginScript & vbcrlf & _                     "Their description is: " & sDescription & vbcrlf & vbcrlf & _                     "Do you wish to continue using this information?", 4, "New User Setup Script by Jonathan Harris") if iCheckName = 7 Then   Wscript.echo "You chose NO.  Program is terminated."   Wscript.quit end if

'wscript.echo "quitting anyway" 'wscript.quit

 

'// Getting domain info //'

set oRoot = GetObject("LDAP://****Your Domain Controller Name****/RootDSE") sAcctDomain = oRoot.Get("DefaultNamingContext") 'sRootDomain = oRoot.Get("RootDomainNamingContext") 'wscript.echo sAcctDomain &vbcrlf& sRootDomain set oRoot = nothing

'// Testing if user already exists //'

on error resume next sTestPath = "LDAP://****Your Domain Controller Name****/CN=" &sUsername& ",CN=Users," & sAcctDomain set oTest = GetObject(sTestPath) If Err.number = 0 Then   Wscript.echo "    Username:   " & sUsername & "    already exists." &vbcrlf& _           "Please choose a new username before running this script."  set oTest = nothing  Wscript.quit else  Err.Clear ' Wscript.echo " I would have done something" ' Wscript.quit end if

'// Creating the user //'

sUserPath = "LDAP://****Your Domain Controller Name****/CN=Users," & sAcctDomain set oUserContainer = GetObject(sUserPath) set oUser = oUserContainer.create("user","CN=" & sUsername) ' Actual Creation of new user is done here oUser.Put "sAMAccountName" , sUsername oUser.Put "displayName", sFirstName & " " & sLastName oUser.Put "givenName", sFirstName oUser.Put "sn", sLastname oUser.Put "telephoneNumber", sPhone oUser.Put "ipPhone", sPhone oUser.Put "description", sDescription oUser.Put "physicalDeliveryOfficeName", sBranch oUser.Put "homeDrive", "U:" oUser.Put "homeDirectory", folderPath oUser.Put "profilePath", "\\DOMAIN SHARE\profiles$\" & sUsername oUser.Put "scriptPath", sLoginScript oUser.SetInfo if Err.number <> 0 Then  Wscript.echo Err.number & ": " & Err.Description &" : " & Err.Source  Wscript.echo "Username - " & sUsername & " - already exists." &vbcrlf& _      "Please select a different username."  Wscript.quit end if oUser.SetPassword "Abcd1234"

'// Enable account question //'

iEnable = msgbox("The account has been created but is disabled." &vbcrlf& _    "Would you like to enable this account now?", vbYesNo, "Enable Account Question") if iEnable = 6 Then  oUser.AccountDisabled = False end if oUser.SetInfo

'\\ Create the folder for the U: Drive and give correct permissions \\'

set shell = CreateObject("Wscript.shell") set fso = CreateObject("scripting.FileSystemObject") if fso.folderExists(folderPath) Then   iFolder = msgbox("The folder -  " & folderPath & "  - already exists." &vbcrlf& _    "Would you like to give this user permissions to the existing folder?", vbYesNo, "Drive mapping prompt")   if iFolder = 6 Then     shell.Run "cacls " & folderPath & " /t /g " & sUsername & ":c ""Domain Admins"":f system:f"     wscript.sleep 1000     shell.SendKeys = "y~"   end if else   fso.CreateFolder(folderPath)     if Err.number <> 0 Then       wscript.echo "Error creating folder"   Err.clear     end if   shell.Run "cacls " & folderPath & " /t /g " & sUsername & ":c ""Domain Admins"":f system:f"   wscript.sleep 1000   shell.SendKeys = "y~"     if Err.number <> 0 Then       wscript.echo "Error changing permissions on home folder"   Err.clear     end if end if

 

'\\ Creating the Exchange Mailbox \\'

sMBXStoreDN = "CN=Mailbox Database,CN=First Storage Group," & _    "CN=InformationStore,CN=****Your Exchange Server Name****,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT)," & _    "CN=Administrative Groups,CN=****Your Domain Name**** Financial,CN=Microsoft Exchange," & _    "CN=Services,CN=Configuration,DC=****Your Domain Name****"

oUser.CreateMailbox sMBXStoreDN oUser.SetInfo

sTrustee = "****Your Domain Name****\" & sUsername

'************************************************************************* '* The below function and related code was pulled directly from Microsoft '* at the following address:  http://support.microsoft.com/kb/304935/ '* I recommend reading this web page to understand what is happening. '*************************************************************************

' Template: AddAce(TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType) ' Setting the Access Mask to 131075 enables "full mailbox access" and ' "read" priviledges AddAce dacl, sTrustee, 131075, ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE, 0, 0, 0

' Add the modified DACL back onto the Security Descriptor oSecurityDescriptor.DiscretionaryAcl = dacl

' Save New SD onto the user oUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor

' Commit changes from the property cache to the information store oUser.SetInfo

'MsgBox "Done viewing and modifying the copy of the Mailbox Security Descriptor"

'****************************************************************************** '* '* Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, '*            gAceFlags, gFlags, gObjectType, gInheritedObjectType) '* '* Purpose: Adds an ACE to a DACL '* Input:       dacl            Object's Discretionary Access Control List '*              TrusteeName     SID or Name of the trustee user account '*              gAccessMask     Access Permissions '*              gAceType        ACE Types '*              gAceFlags       Inherit ACEs from the owner of the ACL '*              gFlags          ACE has an object type or inherited object type '*              gObjectType     Used for Extended Rights '*              gInheritedObjectType '* '* Output:  Object - New DACL with the ACE added '* '****************************************************************************

Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)     Dim Ace1     ' Create a new ACE object     Set Ace1 = CreateObject("AccessControlEntry")     Ace1.AccessMask = gAccessMask     Ace1.AceType = gAceType     Ace1.AceFlags = gAceFlags     Ace1.Flags = gFlags     Ace1.Trustee = TrusteeName     'Check to see if ObjectType needs to be set     If CStr(gObjectType) <> "0" Then        Ace1.ObjectType = gObjectType     End If

    'Check to see if InheritedObjectType needs to be set     If CStr(gInheritedObjectType) <> "0" Then         Ace1.InheritedObjectType = gInheritedObjectType     End If     dacl.AddAce Ace1

    ' Destroy objects     Set Ace1 = Nothing End Function

if Err.number <> 0 Then   wscript.echo "Error after creating mailbox but before adding group membership"   Err.clear end if

'\\ Adding to Groups \\'

sGroupPath1 = "LDAP://****Your Domain Controller Name****/CN=Staff Personnel,OU=Distribution Groups," & sAcctDomain sGroupPath2 = "LDAP://****Your Domain Controller Name****/CN=" & sBranch & " Branch,OU=Distribution Groups," & sAcctDomain sGroupPath3 = "LDAP://****Your Domain Controller Name****/CN=" & sBrSecGrp & ",CN=Users," & sAcctDomain sGroupPath4 = "LDAP://****Your Domain Controller Name****/CN=MailRestrict,CN=Users,DC=****Your Domain Name****"

set oGroup = GetObject(sGroupPath1) oGroup.Add oUser.AdsPath if Err.number <> 0 Then   Wscript.echo "Unable to add user to " & sGroupPath1   Err.clear end if set oGroup = GetObject(sGroupPath2) oGroup.Add oUser.AdsPath if Err.number <> 0 Then   Wscript.echo "Unable to add user to " & sGroupPath2   Err.clear end if set oGroup = GetObject(sGroupPath3) oGroup.Add oUser.AdsPath if Err.number <> 0 Then   Wscript.echo "Unable to add user to " & sGroupPath3   Err.clear end if if iExternalEmail = 7 Then   set oGroup = GetObject(sGroupPath4)   oGroup.Add oUser.AdsPath   if Err.number <> 0 Then     Wscript.echo "Error adding " & sUsername & " to MailRestrict group"     Err.clear   end if end if

'\\ Adding additional SMTP address if required \\' if iExternalEmail = 6 Then   sExtEmail = lcase(left(sFirstname, 1)) & lcase(replace(sLastName, " ", "")) & "@****Your Domain Name****"   oUser.PutEx ADS_PROPERTY_APPEND, "proxyAddresses", Array(sExtEmail)   oUser.Put "mail", sExtEmail   oUser.setInfo end if

'\\ Disabling Outlook Web Access \\' if iOWA = 7 Then   oUser.Put "protocolSettings" , "HTTP§0§1§§§§§§"

end if

set oGroup = nothing set oUser = nothing set oUserContainer = nothing set fso = nothing set shell = nothing