User Management Resource Administrator

Online Manual: "User Management Resource Adminstrator"
Go to: User Management Resource Administrator homepage

Script Action: Create User (no AD)

Function

Create an user account on a NT4 domain or on a local computer. This action is intended to create user accounts on NT4 domains. Alternatively it can be used to create user accounts on local computers. In addition to just creating the account itself it also will also configure several attributes of the account, such as for example the password and the description of the account.

Some attributes of the user account may specify the usage by the account of other resources in the network. These resources themselves will not be created by this action. If these resources need to be created, this can be done by separate actions that follow this action in the User Management Resource Administrator script. An example of such a property is the Home Directory. When specified in this Create User action, the Home Directory attribute of the user account will be set. The directory itself however is not created. In order to create the directory itself, the action File system, Create Directory should be performed.

The action may also be used to create user accounts in the default Users container of Active Directory domains. When this action is used to create domain accounts on Active Directory domains, it will correctly create the account in the Active Directory, but many of the Active Directory properties will have default values. To create Accounts in Active Directory with other than default settings, use the action Script Action: Create User (AD) instead.

Deployment

This action is typically used as core part of a script designed to create users on NT4 domains or local (non domain controller) computers, in order to create the account itself. In such a script this is usually the first major action invoked. After creating the account, the script usually continues by invoking actions to create home directories, home shares, group memberships, etc.

Properties

Property Name	Description	Typical setting	Remarks
Domain	The Domain in which to create the user domain account.	%Domain%	Often the domain name is used in many different actions, and is determined and stored in a variable previous to the action ( e.g. %Domain%). Alternatively the domain name can be specified directly here. Use the NETBIOS (NT4-style) domain name and not the DNS name of the domain This is usually the same as the first part of the DNS domain name.
Computer	The computer on which the local user account is created		If specified, the domain property is ignored, and the account created is a local account on the specified computer, and not a domain account.
Name generation algorithm	Specifies the name of the algorithm used to generate user names		The main purpose of the Name Generation algorithm is to create unique names that adhere to your company's syntax requirements. A common implementation of the algorithm will take as input the three variables %FirstName%, %MiddleName% and %LastName%, and generate from these the variables %FullName% and %UserName%. Here %FullName% contains the complete name of the user formatted for display purposes, and %UserName% the name formatted for use as NT Account. These resulting variables can then be used as input for the other properties of this action. For a thorough discussion, please see Name Generation Algorithms
Username	The name of the user account	%UserName%	A user name cannot be identical to any other user or group name on the computer being administered. It can contain up to 20 uppercase or lowercase characters, except for the following: " / \ [ ] : ; \| = , + * < > A user name cannot consist solely of periods (.) or spaces. Typically the name contained in %UserName% is generated by the name generation algorithm.
Full name	The full name of the user	%FullName%	Typically the name contained in %FullName% is generated by the name generation algorithm.
Password generator	The specification how to generate passwords for the user account		Specifies the method used to generate a password for the user account. These methods vary from simple (easy to remember) passwords to strong passwords. There are several predefined settings available. The resulting password will be stored in a variable. By default it is stored in the variable %Password%. This variable is used as the value for the Password property.
Password	The password for the created account	%Password%	Typically the name contained in the variable %Password% is generated by the Password generator. To create the same password for all users you can specify the password here directly. For example "test1234". You can also read the password from the input file.
Description	A text string, that will be shown in the Description field of the user account in windows. The sting can have any length
Home directory	The home directory of the user as specified in the "Home folder" setting of the user account	\\%HomeServer%\ users\ %UserName%	The value can be specified either in the form \\<server name>\<share name>\<rest of path>, or as an local path e.g. G:\UserData\<user name>. Note, This specification does create the home directory itself if it does not exist. In order to create the home directory, specify the action "Create Directory" in the User Management Resource Administrator script after this action. Typically the name contained in %UserName% is generated by the name generation algorithm, and the name contained in \\%HomeServer% is specified previously in the script, or in the import file.
Home directory Drive	The drive letter to which the home directory is connected. Specify only the drive letter itself without colon and or backslash		If the drive letter is specified, the Home directory must be specified in the form \\<server name>\<share name>\<rest of path>, and not as a local path.
User profile	The profile path of the user account.	\\%HomeServer%\ profiles\ %UserName%	The value must have he form \\<server name>\<share name>\<rest of path>.
Logon script	Full or relative path to the script file that is executed by Windows when the user logs on	\\%HomeServer%\ scripts\ %UserName%.bat or %UserName%.bat	If a relative path is specified, this is relative to the default Script directory of Windows.
User must change password at next logon	Specifies whether the user must change the password at the next logon	Yes	Valid specifications are YES and NO. The default value is NO. When set to YES, the "User cannot change password " property must by set to NO.
User cannot change password	Specifies whether the user is disallowed change the assigned password.	No	Valid specifications are YES and NO. The default value is NO. This setting has no effect on members of the administrators group. When set to YES, the "User must change password at next logon" property must by set to NO.
Password never expires	Specifies whether the password will never expire		Valid specifications are YES and NO. The default value is NO. This setting overrides the "Maximum Password Age" setting in the password policy for the domain/computer.
No password required	Specifies whether it is allowed to specify an empty Password value for the user account.	No	Valid specifications are YES and NO. The default value is NO. Setting this value to YES allows empty passwords to be specified. For security reasons it is strongly advised to set this property to NO. If not specified, the password is required.
Computer account	This is a computer account for a MS Windows NT Workstation/Windows 2000 Professional or Windows NT Server/Windows 2000 Server that is a member of this domain. Default value: 'No'.	No	Specify Yes is the account represents a computer - workstation account.
Account disabled	Specifies whether the account should be create in the disabled state.		Valid specifications are YES and NO. The default value is NO.
Account expiration	Specifies the date after which the account is expired		If not specified, the account will never expire.
Logon hours	The hours the user account can log on to the domain. By default, domain logon is allowed 24 hours a day, 7 days a week.		The value is specified as a text of 42 hexadecimal characters, representing all the hours of a week. The hours of each day are represented by 6 characters.
Workstations	A list of workstation names, separated by ",", on which the user is allowed to logon.		If specified, the user is only allowed to logon when seated at one of the computers (workstation or server) listed. A maximum of 8 computer (workstation or server) names can be specified. If not specified, such an explicit restriction does not apply.
Special user comment	A text string containing additional comments		This property of an user account is not exposed in the User Manager for Domains on a NT 4 machine, or the local accounts snap-in on windows 2000,XP and 2003 computers, but may be shown for informational purposes in other applications.

Output Properties

When the action is run, the actual value of the properties are determined at run time, and the action is executed using these values. Generally these values are not stored for later usage. However, it may be that the actual value of a specific property is required for an successive action in the User Management Resource Administrator script. To facilitate this need, any property can be explicitly configured to be saved in a variable when the action has been performed.

For example, when the password of a user is created with the password generator, the resulting password value may be stored in a variable, so it can be exported to a file by an other action in the script.

By default the following properties are saved in a variable for usage in other scripts. Properties that are exported are shown with a blue arrow in the properties list.