Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Automated User Folder Creation using AD – Site Server Management

Created: 14 May 2012
Language Translations
JimChud's picture
0 0 Votes
Login to vote

This is something I’ve been meaning to write for a while and finally got around to recently.

We like a lot of people currently use the site servers as more than use a Package and Task Server.  We use these to keep our network team happy, print services, backup repositories, AV, etc.

With the backup solution we use we have a folder on the site they are based on and they backup to that when they are locally on site.  Creation and maintenance of these things when users move around the business without always being informed by relevant department means this can be a pain and a manual task.

To get around this I created a little script that works by gathering all active users from AD and then works out their location, department, etc. and then creates the relevant folders and permissions as required.  This same search could be used for clean up with a simple function change and be tailored to other functions based on the LDAP Searches you run.

This task while processing logs the changes – new folders, processed folders and unable to create (because they don’t fall in to the case structure).

I set this up to run as a domain account that has access to search through our AD and run it locally on our DS / NS Server.  

You could get clever and get it to mail relevant users and get it to have timestamps in the logs but this is basically what I run scheduled to keep these folders in sync for our backups.

Hope this helps someone.

The script is attached below.

'***********************************************************************************
'*
'* File:   BackupFolderAutomation.vbs
'* Created By:  Jim Pobgee
'* Created:   04/05/2012
'* Last Modified: 
'* Version:   1.0
'*
'* Main Function:   Collect all User information from Active Directory and
'*     create backup folders on local site servers.
'*
'***********************************************************************************

On Error Resume Next
' ===================================================
' Setup LDAP Query Properties
' ===================================================
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
Set objShell = CreateObject("WScript.Shell")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
objCommand.Properties("Size Limit") = 75000

' ================================================
' CONFIGURE THE BELOW
' Setup Domain, Log Files and Location variable
' ================================================
strDomainDC = "dc=test,dc=co,dc=uk"
StrDomainNetBios = "test-uk"
strLogFileLocation = "C:\Logs"
strLogFile1 = strLogFileLocation & "\BackupFolders-UnableToCreate.txt"
strLogFile1Header = "Accounts without a site backup server"
strLogFile2 = strLogFileLocation & "\BackupFolders-NewFolders.txt"
strLogFile2Header = "New Account Backup Folders Setup"
strLogFile3 = strLogFileLocation & "\BackupFolders-Processed.txt"
strLogFile3Header = "Processed Records"

' ======================================
' Create Log File Headers
' ======================================
Sub CreateLogFileHeader(strLogFileLocation,strLogFile,strLogFileHeader)
 ' Create a Log file and file header
 objShell.run "cmd /C if not exist " & strLogFileLocation & " md "& strLogFileLocation,0
 WScript.Sleep 100
 objShell.run "cmd /C echo ========================================= > " & strLogFile,0
 WScript.Sleep 100
 objShell.run "cmd /C echo = " & strLogFileHeader & " >>  " & strLogFile,0
 WScript.Sleep 100
 objShell.run "cmd /C echo ========================================= >> " & strLogFile,0
 WScript.Sleep 100
End Sub

' =====================================================
' Check and Create Backup Folders on each site server
' =====================================================
Sub CreateBackupFolder(Altiris_Depot,sAMAccountName)
 Set FSO = WScript.CreateObject("Scripting.FileSystemObject")
  ' Wscript.Echo "\\" & Altiris_Depot & "\Backup"
 If FSO.FolderExists("\\" & Altiris_Depot & "\Backup") Then
  ' Reset Folder Permissions and remove User Access to Primary Folder
  'objShell.run "cmd /C icacls \\" & Altiris_Depot & "\Backup /inheritance:d /Q",0
  'WScript.Sleep 1000
  'objShell.run "cmd /C icacls \\" & Altiris_Depot & "\Backup /grant:r """ & StrDomainNetBios & "\Domain Users"":(CI)RX ""Administrators"":(OI)(CI)F /Q",0
  'WScript.Sleep 1000
  'objShell.run "cmd /C icacls \\" & Altiris_Depot & "\Backup /remove ""Users"" /Q",0
  'WScript.Sleep 1000
  ' Wscript.Echo "\\" & Altiris_Depot & "\Backup\" & sAMAccountName
  If Not FSO.FolderExists("\\" & Altiris_Depot & "\Backup\" & sAMAccountName) Then
   newfolder = FSO.CreateFolder ("\\" & Altiris_Depot & "\Backup\" & sAMAccountName)
   objShell.run "cmd /C icacls \\" & Altiris_Depot & "\Backup\" & sAMAccountName & " /grant:r """ & StrDomainNetBios & "\" & sAMAccountName & """:(OI)(CI)M /Q",0
   WScript.Sleep 500
   objShell.run "cmd /C echo """ & objRecordSet.Fields("sAMAccountname").Value & """,""" & objRecordSet.Fields("distinguishedname") & """ >> " & strLogFile2,0
   WScript.Sleep 500
  End If
 Else
  objShell.run "cmd /C echo """ & objRecordSet.Fields("sAMAccountname").Value & """,""" & objRecordSet.Fields("distinguishedname") & """,""UNABLE TO FIND SHARE"" >> " & strLogFile1,0
 End If
End Sub

' ==========================================
' Setup Log Files and Headers
' ==========================================
CreateLogFileHeader strLogFileLocation,strLogFile1,strLogFile1Header
CreateLogFileHeader strLogFileLocation,strLogFile2,strLogFile2Header
CreateLogFileHeader strLogFileLocation,strLogFile3,strLogFile3Header

' ===================================================
' Enter LDAP Query that you want to use:
' Current Search: All People who are not disabled and do not have a description of "Mail Services Account*" or "Driver"
' ===================================================
objCommand.CommandText = _
    "<LDAP://" & strDomainDC & ">;(&(objectCategory=CN=Person,CN=Schema,CN=Configuration," & strDomainDC & ")(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!objectClass=contact)(!description=Mail Service Account*)(!description=Driver)(!description=Driver LGV*));sAMAccountname,distinguishedname,Name;Subtree"
Set objRecordSet = objCommand.Execute

strRecordID = 0
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
 ' Add record in to processing file
 strRecordID = strRecordID + 1
 objShell.run "cmd /C echo """ & strRecordID & """,""" & objRecordSet.Fields("sAMAccountname").Value & """,""" & objRecordSet.Fields("distinguishedname") & """ >> " & strLogFile3,0
 WScript.Sleep 500
 ' ===========================================================
 ' Change Following strDN() variables to fit your AD Layout.
 ' E.g. "CN=Test.User,OU=Sales,OU=SITE1,DC=test,DC=co,DC=uk"
 ' strDN(0)="CN=Test.User", strDN(1)="OU=Sales", strDN(2)="OU=SITE1", strDN(3)="DC=test", strDN(4)="DC=co",strDN(5)="DC=uk"
 ' ===========================================================
 strDN = split(objRecordSet.Fields("distinguishedname"), ",")
 strSAMAccountName = objRecordSet.Fields("sAMAccountname").Value
 If strDN(3) = "DC=test" Then ' CHECK THEY ARE FROM A COMPANY SITE ON 10 NETWORK
  Select Case strDN(2)
  case "OU=SITE1" ' SITE1
   Altiris_Depot = "SITE-SRV-1"
   CreateBackupFolder Altiris_Depot,strSAMAccountName
  case "OU=SITE2" ' SITE2
   Altiris_Depot = "SITE-SRV-2"
   CreateBackupFolder Altiris_Depot,strSAMAccountName
  case "OU=SITE3" ' SITE3
   Altiris_Depot = "SITE-SRV-3"
   CreateBackupFolder Altiris_Depot,strSAMAccountName
  case "OU=SITE4" ' SITE4
   Altiris_Depot = "SITE-SRV-4"
   CreateBackupFolder Altiris_Depot,strSAMAccountName
  Case Else ' ALL OTHERS Write a log entry
   objShell.run "cmd /C echo """ & objRecordSet.Fields("sAMAccountname").Value & """,""" & objRecordSet.Fields("distinguishedname") & """ >> " & strLogFile1,0
   WScript.Sleep 500
  End Select
 Else  ' ALL OTHERS Write a log entry
  objShell.run "cmd /C echo """ & objRecordSet.Fields("sAMAccountname").Value & """,""" & objRecordSet.Fields("distinguishedname") & """ >> " & strLogFile1,0
  WScript.Sleep 500
 End if
    objRecordSet.MoveNext
Loop

WScript.Quit