User management for Windows machines can be complicated and convoluted sometimes. Because pretty much everything I do is to make life easier for me, I decided to write some basic functions that can reliably add, delete, change passwords and simply check to see if a particular user exists.
I had a couple of requirements when writing these functions. All of these functions should have at least some error checking to ensure that the user we create or delete is actually created or deleted and if we encounter an error we don’t want to return a success code. So I coded all that into these functions too so that if everything went as planned when you called the function, the function returns “True”. If you encountered an error the function returns “False”.
I thought about creating another function that would edit all of the available flags for each user but couldn’t think of a way to make it easy and pack it into a simple function. I may dream something up and add it to this list of functions in the near future but if anyone reads this and has something please feel free to submit it!
The collective list of functions is:
CreateUser – Creates a local user.
DeleteUser – Deletes a local user.
ChangePassword – Changes the password to the one specified.
RndPassword – Creates a random strong password of variable length.
UserExists – Checks to see if the local user exists.
CreateGroup – Creates a local group.
DeleteGroup – Deletes a local group.
GroupExists – Checks to see if the local group exists.
AddUserToGroup – Adds a local user to the local group specified.
RemoveUserFromGroup – Removes a local user from the local group specified.
' You can roll these constants into the functions if you want to pack everything ' into one function or set of functions. Or you can delete the constant statements ' and simply pass the values instead. CONST ADS_UF_SCRIPT = &H0001 ' Logon script will be executed CONST ADS_UF_ACCOUNTDISABLE = &H0002 ' Account is disabled CONST ADS_UF_HOMEDIR_REQUIRED = &H0008 ' Account requires a home directory CONST ADS_UF_LOCKOUT = &H0010 ' Account is locked out CONST ADS_UF_PASSWD_NOTREQD = &H0020 ' Account does not require a password CONST ADS_UF_PASSWD_CANT_CHANGE = &H0040 ' User cannot change password CONST ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H0080 ' Encrypted text password ' allowed CONST ADS_UF_DONT_EXPIRE_PASSWD = &H10000 ' Account password never expires CONST ADS_UF_SMARTCARD_REQUIRED = &H40000 ' Smartcard required for logon CONST ADS_UF_PASSWORD_EXPIRED = &H800000 ' Password has expired Function CreateUser(sUserName, sPassword, sDescription) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com If UserExists(sUserName) Then CreateUser = False Exit Function End If On Error Resume Next Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oContainer = GetObject("WinNT://" & sComputerName) set oNewUser = oContainer.Create("user", sUserName) oNewUser.SetPassword(sPassword) ' Set additional flags. oNewUser.put "UserFlags", ADS_UF_DONT_EXPIRE_PASSWD OR ADS_UF_PASSWD_CANT_CHANGE oNewUser.Description = sDescription oNewUser.SetInfo If Err.Number = 0 then If UserExists(sUserName) Then CreateUser = True Else CreateUser = False End If Else CreateUser = False End If On Error Goto 0 End Function Function DeleteUser(sUserName) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com If Not UserExists(sUserName) Then DeleteUser = False Exit Function End If On Error Resume Next Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oContainer = GetObject("WinNT://" & sComputerName) oContainer.Delete "user", sUserName If Err.Number = 0 then If UserExists(sUserName) Then DeleteUser = False Else DeleteUser = True End IF Else DeleteUser = False End If On Error Goto 0 End Function Function UserExists(sUserName) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com 'Returns True or False based on if the local user 'exists. Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oContainer = GetObject("WinNT://" & sComputerName) oContainer.Filter = Array("user") bUserExists = False For Each oUser in oContainer If lcase(trim(oUser.Name)) = lcase(trim(sUserName)) Then bUserExists = True Exit For End If Next UserExists = bUserExists End Function Function ChangePassword(sUserName, sPassword) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com If UserExists(sUserName) Then Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oUser = GetObject("WinNT://" & sComputerName & "/" & sUserName & ", user") oUser.SetPassword sPassword On Error Resume Next oUser.SetInfo If Err.Number = 0 Then ChangePassword = True Else ChangePassword = False End If On Error Goto 0 Else ChangePassword = False End If End Function Function CreateGroup(sGroupName, sDescription) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com If GroupExists(sGroupName) Then CreateGroup = False Exit Function End If Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oContainer = GetObject("WinNT://" & sComputerName) Set oGroup = oContainer.Create("group", sGroupName) oGroup.SetInfo Set oGroup = Nothing Set oContainer = Nothing Set oGroup = GetObject("WinNT://" & sComputerName & "/" & sGroupName & ",group") oGroup.Description = sDescription oGroup.SetInfo Set oGroup = Nothing Set oNetwork = Nothing End Function Function DeleteGroup(sGroupName) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com If Not GroupExists(sGroupName) Then DeleteGroup = False Exit Function End If On Error Resume Next Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oContainer = GetObject("WinNT://" & sComputerName) oContainer.Delete "group", sGroupName If Err.Number = 0 then If UserExists(sGroupName) Then DeleteGroup = False Else DeleteGroup = True End IF Else DeleteGroup = False End If On Error Goto 0 End Function Function GroupExists(sGroupName) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com 'Returns True or False based on if the local group 'exists. Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oContainer = GetObject("WinNT://" & sComputerName) oContainer.Filter = Array("group") bGroupExists = False For Each oGroup in oContainer If lcase(trim(oGroup.Name)) = lcase(trim(sGroupName)) Then bGroupExists = True Exit For End If Next GroupExists = bGroupExists End Function Function AddUserToGroup(sUserName, sGroup) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com On Error Resume Next Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oGroup = GetObject("WinNT://" & sComputerName & "/" & sGroup & ",group") Set oUser = GetObject("WinNT://" & sComputerName & "/" & sUserName & ",user") If Not oGroup.IsMember(oUser.AdsPath) Then oGroup.Add(oUser.AdsPath) End If If Err.Number = 0 Then AddUserToGroup = True Else AddUserToGroup = False End If Set oNetwork = Nothing Set oGroup = Nothing Set oUser = Nothing On Error Goto 0 End Function Function RemoveUserFromGroup(sUserName, sGroup) 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com On Error Resume Next Set oNetwork = CreateObject("WScript.Network") sComputerName = oNetwork.Computername Set oGroup = GetObject("WinNT://" & sComputerName & "/" & sGroup & ",group") Set oUser = GetObject("WinNT://" & sComputerName & "/" & sUserName & ",user") If oGroup.IsMember(oUser.AdsPath) Then oGroup.Remove(oUser.AdsPath) End If If Err.Number = 0 Then RemoveUserFromGroup = True Else RemoveUserFromGroup = False End If Set oNetwork = Nothing Set oGroup = Nothing Set oUser = Nothing On Error Goto 0 End Function Function RndPassword(vLength) 'This function will generate a random strong password of variable 'length. 'This script is provided under the Creative Commons license located 'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not 'be used for commercial purposes with out the expressed written consent 'of NateRice.com For x=1 To vLength Randomize vChar = Int(89*Rnd) + 33 If vChar = 34 Then 'this is quote character, replace it with a single quote vChar = 39 End if RndPassword = RndPassword & Chr(vChar) Next End Function
1 thought on “Local User and Group Management with VBScript and ADSI”