![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \nHey, CB. Interesting question. We\u2019re assuming that you\u2019ve delegated control of Active Directory. User A, for example, has the right to create users in the Finance OU, but only<\/I> the Finance OU. User B, meanwhile, can also create user accounts, but only in the Headquarters OU. If you\u2019re like other people we know in this situation you\u2019ve done one of two things: either you\u2019ve created a generic script that prompts the user to enter the OU each time they create a user account, or you\u2019ve created separate scripts for each user who has been authorized to create accounts.<\/P>\n
Unfortunately, neither of these approaches is optimal. The first one requires the user to type the Active Directory path each and every time they create a user account; the second one requires you to maintain, distribute, update, and otherwise take care of multiple scripts, all of which ultimately carry out the same exact task (they create user accounts). You\u2019re looking for a single script that can say, \u201cOh, you\u2019re User A, huh? Well, I know that you\u2019re in Finance OU, so I\u2019ll automatically create this new user account in that same OU.\u201d<\/P>\n
And good news: we just happened to have a script that will do this very thing. In fact, here it is:<\/P>
On Error Resume Next<\/p>\nSet objSysInfo = CreateObject(“ADSystemInfo”)<\/p>\n
arrDirectoryLocation = Split(objSysInfo.UserName, “,”)<\/p>\n
For i = 1 to Ubound(arrDirectoryLocation)\n If i = 1 Then\n strLocation = arrDirectoryLocation(i)\n Else\n strLocation = strLocation & “,” & arrDirectoryLocation(i)\n End If\nNext<\/p>\n
strOU = “LDAP:\/\/” & strLocation<\/p>\n
Set objOU = GetObject(strOU) \nSet objUser = objOU.Create(“User”, “cn=Myer Ken”) \nobjUser.sAMAccountName = “myerken” \nobjUser.GivenName = “Ken” \nobjUser.SN = “Myer” \nobjUser.AccountDisabled = FALSE \nobjUser.SetInfo\n<\/PRE>\n
Admittedly, it might not be immediately obvious what\u2019s going on here. So let\u2019s take a minute or two to walk you through the process.<\/P>\n
The script starts by creating an instance of the ADSystemInfo object; this object can return basic Active Directory information for the logged on user and his or her computer, including the user\u2019s Distinguished Name (the UserName property). In other words, we can get back something that looks like this:<\/P>
CN=”Jonathan Haas”, OU=”Finance”,DC=”fabrikam”,DC=”com”\n<\/PRE>\nAs you can see, this is close<\/I> to the information we need; if we can get rid of the CN=\u201dJonathan Hass\u201d we\u2019ll have a path to the desired OU. And before you ask, no, we can\u2019t just ask for the value of the user\u2019s OU; for some reason, Active Directory doesn\u2019t store that information directly. Because of that, we\u2019ll have to figure out the OU path on our own. But trust us, that\u2019s easy.<\/P>\n
We begin the process with this line of code:<\/P>
arrDirectoryLocation = Split(objSysInfo.UserName, “,”)\n<\/PRE>\nThis code takes the user\u2019s Distinguished Name and – thanks to the magic of the Split function – creates an array out of that name. Our new array (which divvies up the items using the comma as a delimiter) looks like this:<\/P>
CN=”Jonathan Haas”\nOU=”Finance”\nDC=”fabrikam”\nDC=”com”\n<\/PRE>\nWhat did that gain us? Well, now we have an array with four elements. If we get rid of the first element (Jonathan Haas, item 0) we can then construct the OU path using the remaining elements. To do that, we\u2019re simply going to loop through array beginning with the second<\/I> element (also known as item 1; remember the first element in an array is item 0, making the second element item 1). That\u2019s what this code does: it bypasses the first element (CN=\u201cJonathan Haas\u201d) and then grabs each of the remaining elements until there\u2019s nothing left to grab (Ubound represents the last item in an array):<\/P>For i = 1 to Ubound(arrDirectoryLocation)\n<\/PRE>\nInside the loop we reconstruct the OU path, jamming all the names back together and separating them with commas. You might notice that, when dealing with item 1, we don\u2019t add a comma before tacking on the element value. If we did, we\u2019d end up with a string that looked like this:<\/P>
, OU=”Finance”,DC=”fabrikam”,DC=”com”\n<\/PRE>Not what we want. By omitting the comma for the first item, we end up with this path:\n<\/PRE>OU=”Finance”,DC=”fabrikam”,DC=”com”\n<\/PRE>\nBelieve it or not, we\u2019re home free now. To construct the ADsPath to the OU, we just need to tack on the provider name. By adding LDAP:\/\/ to the beginning of our string, we end up with a path that looks just like this:<\/P>
LDAP:\/\/OU=”Finance”,DC=”fabrikam”,DC=”com”\n<\/PRE>\nAnd guess what? By remarkable coincidence, this is exact information we need to bind to the OU and create the new user account. In other words:<\/P>
Set objOU = GetObject(strOU)\n<\/PRE>\nThe rest of the script simply creates the new user account, sets a few property values, and then uses SetInfo to save the new account to Active Directory. We had to go through a few gyrations to get there, but you now have a generic script that will create new user accounts in the same OU as the user running the script.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! We use a script to create user accounts. How can I modify this script so that it will place the new user in the same OU as the person running the script?— CB Hey, CB. Interesting question. We\u2019re assuming that you\u2019ve delegated control of Active Directory. User A, for example, has the […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,9,3,4,20,5],"class_list":["post-70963","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-adsi","tag-scripting-guy","tag-scripting-techniques","tag-user-accounts","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! We use a script to create user accounts. How can I modify this script so that it will place the new user in the same OU as the person running the script?— CB Hey, CB. Interesting question. We\u2019re assuming that you\u2019ve delegated control of Active Directory. User A, for example, has the […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70963","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=70963"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70963\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=70963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=70963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=70963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")