how to create lots of users in Windows 2003
July 14, 2008 8:17 PM Subscribe
How do I create and manage a few hundred user accounts on Windows a Windows box without hiring an intern to point and click all day? Difficulty: can't buy expensive third party tools.
Sigh. I am a unix guy living in a windows workplace. I need to create a few hundred user accounts on a windows 2003 box, put them in a Remote Users group so they can all use remote desktop to connect to the server and run an app, and then set them up so the app they need starts immediately upon them logging on. I can do all this "by hand" through the windows gui, one user at a time. I am at a loss for how to do it via scripts. On a unix box, all I need to do is generate some text files, copy them to the right places, and call a adduser program in a loop. Does Windows by itself not offer any way of automating what to me seems like a basic task? Can I stick some stuff in the registry? The net command lets me create users but doesn't let me set half of the things that consist of a user account that can be set via the GUI. I'm comfortable programming in a myriad of languages but I can't find an API that will let me do this. What is the "windows way" of setting up lots of accounts at once?
Sigh. I am a unix guy living in a windows workplace. I need to create a few hundred user accounts on a windows 2003 box, put them in a Remote Users group so they can all use remote desktop to connect to the server and run an app, and then set them up so the app they need starts immediately upon them logging on. I can do all this "by hand" through the windows gui, one user at a time. I am at a loss for how to do it via scripts. On a unix box, all I need to do is generate some text files, copy them to the right places, and call a adduser program in a loop. Does Windows by itself not offer any way of automating what to me seems like a basic task? Can I stick some stuff in the registry? The net command lets me create users but doesn't let me set half of the things that consist of a user account that can be set via the GUI. I'm comfortable programming in a myriad of languages but I can't find an API that will let me do this. What is the "windows way" of setting up lots of accounts at once?
Somebody may know a way to do this, but here's my zero-knowledge solution:
Everything you want to do is in the registry. So:
Run regedit, and menu Registry/Export the whole registry to before.reg
Add one user by hand.
Export the whole registry again, to after.reg
Then do diff before.reg after.reg
You should then see the keys & values you need to create.
Create your own monster .reg file and import it.
(The stuff you need should all be HKEY_LOCAL_MACHINE, so you might substitute that for 'whole registry' above.
posted by hexatron at 8:37 PM on July 14, 2008
Everything you want to do is in the registry. So:
Run regedit, and menu Registry/Export the whole registry to before.reg
Add one user by hand.
Export the whole registry again, to after.reg
Then do diff before.reg after.reg
You should then see the keys & values you need to create.
Create your own monster .reg file and import it.
(The stuff you need should all be HKEY_LOCAL_MACHINE, so you might substitute that for 'whole registry' above.
posted by hexatron at 8:37 PM on July 14, 2008
You can add 'Domain Users' to the RD group, let everyone in in one fell swoop (assuming on domain)
http://www.microsoft.com/technet/scriptcenter/resources/qanda/may06/hey0516.mspx
There's a VBScript to create accounts like bob01, bob02, easy enough to modify to read a text file of names.
posted by mattdini at 8:38 PM on July 14, 2008
http://www.microsoft.com/technet/scriptcenter/resources/qanda/may06/hey0516.mspx
There's a VBScript to create accounts like bob01, bob02, easy enough to modify to read a text file of names.
posted by mattdini at 8:38 PM on July 14, 2008
A text file, and a batch file using a FOR loop and NET USER type statements can create accounts on a domain controller and modify groups from a Windows machine with a domain administrator's account.
posted by rhizome at 8:47 PM on July 14, 2008
posted by rhizome at 8:47 PM on July 14, 2008
For doing all those things that NET USER won't let you do, you need to find out about DSQUERY and DSMOD USER.
posted by flabdablet at 8:56 PM on July 14, 2008
posted by flabdablet at 8:56 PM on July 14, 2008
Seconding the text file and batch file with some looping. You can set any property in an AD Users and Computers property page. I've created 1500 users in 5 minutes with a properly prepared CSV.
posted by mysterious1der at 9:08 PM on July 14, 2008
posted by mysterious1der at 9:08 PM on July 14, 2008
The correct way is to learn VBScript -- on that subject, if anyone knows of a good book for sysadmins to use VBScript, I would be interested in hearing about it.
The quick and dirty way when I first needed to do such a thing, I used Directory Service Command Line tools (link to my own blog).
posted by fief at 9:13 PM on July 14, 2008
The quick and dirty way when I first needed to do such a thing, I used Directory Service Command Line tools (link to my own blog).
posted by fief at 9:13 PM on July 14, 2008
2nding Burhanistan. If they're already domain accounts, you just need to stick them in a group and add that group to the Remote Desktop users group.
Otherwise, you might try this for creating users from an Excel sheet. Disclaimer - found via Google search, haven't tested myself. As other folks have pointed out, scripts are available to add accounts from a .CSV, etc. if you don't have or won't use Excel.
MSTerminalServices.org has scripting and other resources that might be helpful for setting Terminal Services attributes.
posted by cnc at 11:23 PM on July 14, 2008
Otherwise, you might try this for creating users from an Excel sheet. Disclaimer - found via Google search, haven't tested myself. As other folks have pointed out, scripts are available to add accounts from a .CSV, etc. if you don't have or won't use Excel.
MSTerminalServices.org has scripting and other resources that might be helpful for setting Terminal Services attributes.
posted by cnc at 11:23 PM on July 14, 2008
Response by poster: Thanks for the info so far. These are local accounts on one server. We don't have any preexisting domain infrastructure to work with. I guess part of my confusion is that everything seems to talk about Active Directory, not local accounts. Are local accounts managed through Active Directory, or are they entirely separate?
posted by mrgoldenbrown at 7:55 AM on July 15, 2008
posted by mrgoldenbrown at 7:55 AM on July 15, 2008
I think the default number of RD connections is 2 (well 3 if you count console) so if 2 people are RD'd into the server, the 3rd will get a a "too many connections error". Something to think about.
posted by mattdini at 1:11 PM on July 15, 2008
posted by mattdini at 1:11 PM on July 15, 2008
You say you've been able to do what you need to with pointery and clickery - is the thing you're pointing and clicking in called "Active Directory Users and Computers"? If so, you're managing your local accounts through Active Directory.
If I recall correctly, this is indeed the default way to do things on Windows Server 2003; you will probably find, unless you've changed it deliberately, that each W2k3 box defines its own little domain - the existence of a W2k3 box on you local network is your domain infrastructure.
posted by flabdablet at 3:38 AM on July 16, 2008
If I recall correctly, this is indeed the default way to do things on Windows Server 2003; you will probably find, unless you've changed it deliberately, that each W2k3 box defines its own little domain - the existence of a W2k3 box on you local network is your domain infrastructure.
posted by flabdablet at 3:38 AM on July 16, 2008
This thread is closed to new comments.
posted by saraswati at 8:35 PM on July 14, 2008