CParticle
10/27/2006 3:37:00 PM
OK After much pain and heartache I managed to finally get an account
added to the domain after first figuring my earlier searching issues.
I'm posting mostly cause in trying to research this I found little in
the way of example where someone actually Added / Created a new account
onto MS AD (Microsoft Active Directory). Hopefully my experience will
make someone else's life easier. The two pieces of code below are very
different ways of doing some similar tasks on AD. I'm certain each
code snippet can be written in the method of the other but I didn't
manage to get it working successfully and I'm not likely to try at this
point. My code can probably be written in more of a RubyWay but I've
got it working and that good enough for me. Disclaimer the name of the
network below have been modified to protect the privacy of my company
but the rest is the unchanged.
Just want to say thank you Francis Cianfrocca for pointing me to Ruby's
Net:ldap library and his pointers that helped me write my probably ugly
search code below.
---search code---------------------------------------------
require 'rubygems'
require 'net/ldap'
ldap = Net::LDAP.new
ldap.host = "192.168.1.1" # your DC's IP address
ldap.port = 389
user = "adminacct@company.com" # your admin account at your domain
pass = "password" # password to match the above account
ldap.auth user, pass # my domain requires authentication to get the
info I need
if ldap.bind # code to verify authentication
puts 'authentication succeeded'
else
puts 'authentication failed'
end
nuser = "cparti" + "*" # the star is to wildcard the end of the
username and this can be
#made a single string I have it separated because I used a variable for
the first part
filter = Net::LDAP::Filter.eq("samaccountname",nuser) &
~(Net::LDAP::Filter.eq("objectclass","computer"))
# the above filter should be in one line and searches for
# samaccount user name matching my criteris
# and computer absent form objectclass
treebase = "dc=company,dc=com"
attrs = ["mail", "cn", "sn", "samaccountname"]
acctNameArray = Array.new
#the code below search the entire domain for all accounts
#matching my nuser string then prints the samaccountname
#only and puts it into an array for later use
ldap.search( :base => treebase, :filter => filter, :attributes => attrs
) do |entry|
puts "DN: " + entry.dn
entry.each do |attribute, values|
if attribute.to_s.downcase == "samaccountname" then
print " #{attribute}:"
values.each do |value|
puts " #{value}"
acctNameArray << value.to_s.downcase
end
end
end
end
puts acctNameArray.sort
------------------------------------------------------------------
--------create account code-----------------------------------
require 'win32ole'
rootDSE = WIN32OLE.connect("LDAP://RootDSE")
domainDN = rootDSE.Get("DefaultNamingContext")
userContainer = WIN32OLE.connect("LDAP://ou=developers,ou=users," +
domainDN)
sAMAccountName = "rubt01"
userPrincipalName = "rubyt01@csg.csgsystems.com"
mynewuser = userContainer.Create("user","cn=Rubyldap Test")
mynewuser.Put("sAMAccountName",sAMAccountName)
mynewuser.Put("userPrincipalName",userPrincipalName)
mynewuser.SetInfo
--------------------------------------------------------------------------
A few things to note about actually creating an account. The above
items that I have is less than what I want is considerable less than
was I want, but I had to cut it down to this to get it to work. I
found mentioned elsewhere that AD wont add certain data before the
account is created things like the mailbox address. Well it seems that
AD (at least mine) is pickier than just that. My code would run execute
either with no errors or tell me that SetInfo was a missing method. I
won't claim to know the ins and outs of AD or Ruby I only know what I
found. Soon as cut the fields down to what's above my account was
created. My goal from here is to use the update the account after its
been created with all my specific values after the account is created.
My hope is that now that I've figured out how to get this working I'll
be able to start changing vbscript example from the active directory
cookbook into Ruby. For the record I'm not using the vbscipt because I
want to work and learn in a language that I can use on other platforms
as well.
Sorry to have board you all.
C.Particle