@ECHO OFF :: Clear screen CLS :: Check Windows version: Windows 2000 or later required IF NOT "%OS%"=="Windows_NT" GOTO Syntax VER | FIND.EXE "Windows NT" >NUL IF NOT ERRORLEVEL 1 GOTO Syntax :: Keep variables local SETLOCAL :: Reset variables FOR %%A IN (CC DC Domain Download FN HomeDrv HomeDir LN Profile samid TemplateHmDir TsCmdAvailable TsProfile) DO (SET %%A=) :: Check if The DS Tools are available DSQUERY.EXE /? >NUL 2>&1 IF ERRORLEVEL 1 ( ECHO. ECHO This batch files uses Windows Server 2003's native Directory Services Tools ECHO to modify user objects in Active Directory. Please make sure that DSQUERY.EXE, ECHO DSGET.EXE, DSMOD.EXE and DSMOVE.EXE are available on your computer. GOTO Syntax ) :: Check if TSCMD is available TSCMD.EXE 2>NUL | FIND.EXE /I "www.systemtools.com" >NUL IF ERRORLEVEL 1 ( SET TsCmdAvailable=No ECHO This batch file requires SystemTools.com's TSCMD utility. SET /P Download=Do you want to download it now? [y/N] ) :: Start download if confirmed IF /I "%Download%"=="Y" ( START "TsCmd" "http://www.systemtools.com/free_frame.htm" ECHO. ECHO Install the downloaded file and make sure TSCMD.EXE is in the PATH. ECHO Then try again. ) :: Abort if TSCMD.EXE is not available yet IF "%TsCmdAvailable%"=="No" GOTO:EOF :: Check command line FOR %%A IN (%*) DO (CALL :Arguments %%A) :: Abort on missing info IF NOT DEFINED samid GOTO Syntax IF NOT DEFINED FN GOTO Syntax IF NOT DEFINED LN GOTO Syntax IF NOT DEFINED CC GOTO Syntax :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: The following path settings should be modified for your own domain :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: Set homedir and profiles path SET HomeDrv=H: SET HomeDir=\\MyServer\Users\%samid% SET Profile=\\MyServer\Profile$\%samid% SET TsProfile=\\MyServer\TsProfile$\%samid% SET TemplateHmDir=\\MyServer\Users\Template :: Abort if this computer is not a domain member IF /I "%UserDomain%"=="%ComputerName%" GOTO Syntax :: Retrieve domain controller name FOR /F "tokens=2 delims==," %%A IN ('DSQUERY.EXE Server') DO SET DC=%%A IF NOT DEFINED DC GOTO Syntax :: Check if middle initials is specified IF DEFINED MI ( SET MIParm=-mi %MI% SET MI= %MI% ) :: Create user account on domain ECHO Creating new domain user account for %samid% . . . NET.EXE USER %samid% password /FULLNAME:"%FN%%MI% %LN%" /DOMAIN /ADD ECHO. :: Store parent OU and UserDNs for both accounts in variables FOR /F "tokens=*" %%A IN ('DSQUERY.EXE User -samid %samid% 2^>NUL') DO SET UserDN=%%A FOR /F "tokens=*" %%A IN ('DSQUERY.EXE User -samid %CC% 2^>NUL') DO SET UserDNCC=%%A FOR /F "tokens=1* delims=," %%A IN ('ECHO.%UserDNCC%') DO SET OU="%%~B :: Define roaming profile for new account only if account to be cloned has a roaming profile DSGET.EXE User %UserDN% -profile 2>NUL | FIND.EXE /I "\\" >NUL IF ERRORLEVEL 1 (SET ProfileParm=) ELSE (SET ProfileParm=-profile %Profile%) :: Clone login script setting FOR /F %%A IN ('DSGET.EXE User %UserDN% -loscr 2^>NUL ^| FIND.EXE "."') DO SET LoginScr=%%A IF DEFINED LoginScr (SET LoginParm=-loscr %LoginScr%) ELSE (SET LoginParm=) :: Set first name, middle initials and last name, homedir and must-change-password for the new account ECHO Modifying profile and account settings . . . DSMOD.EXE User %UserDN% -fn "%FN%" %MIParm% -ln "%LN%" -hmdrv %HomeDrv% -hmdir %HomeDir% -mustchpwd yes -canchpwd yes %ProfileParm% %LoginParm% ECHO. :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: The following settings may need to be modified depending on your homedir server :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: Create homedir if necessary, and set permissions ECHO Setting permissions on homedir . . . IF NOT EXIST %HomeDir% MD %HomeDir% CACLS.EXE %HomeDir% /E /P %UserDomain%\%samid%:C CACLS.EXE %HomeDir% /E /R BUILTIN\Users CACLS.EXE %HomeDir% /E /R "CREATOR OWNER" CACLS.EXE %HomeDir% /E /R "NT AUTHORITY\SYSTEM" ECHO. :: Set TsHomedir and TsProfile ECHO Setting Terminal Services profile . . . TSCMD.EXE %DC% %samid% AllowLogonTerminalServer 1 TSCMD.EXE %DC% %samid% TerminalServerProfilePath %TsProfile% TSCMD.EXE %DC% %samid% TerminalServerHomeDir %HomeDir% TSCMD.EXE %DC% %samid% TerminalServerHomeDirDrive %HomeDrv% ECHO. :: Clone group memberships: :: list group memberships for samid2 / filter out Domain Users to prevent DSMOD error message / add new account to group members ECHO Cloning %CC%'s group memberships . . . DSGET.EXE User %UserDNCC% -memberof | FIND.EXE /V /I "=Domain Users" | DSMOD.EXE Group -addmbr %UserDN% ECHO. :: Move new user object to samid2's parent OU, and change UserDN variable accordingly ECHO Moving new user object to parent OU . . . DSMOVE.EXE %UserDN% -newparent %OU% FOR /F "tokens=*" %%A IN ('DSQUERY.EXE User -samid %samid% 2^>NUL') DO SET UserDN=%%A ECHO. :: Copy template homedir IF DEFINED TemplateHmDir ( ECHO Copying template homedir . . . XCOPY.EXE %TemplateHmDir%\*.* %HomeDir%.\*.* /D /H /R /S /Y >NUL ECHO. ) :: Display summary of results ECHO Summary for new user account: DSGET User %UserDN% -dn DSGET User %UserDN% -samid -display DSGET User %UserDN% -profile -hmdir CACLS.EXE %HomeDir% ECHO. ENDLOCAL GOTO:EOF :Arguments SET Argument=%~1 ECHO.%~1 | FIND.EXE "/" >NUL || (SET samid=%~1) IF /I "%Argument:~0,3%"=="/CC" FOR /F "tokens=2 delims=:" %%B IN ('ECHO.%1') DO (SET CC=%%~B) IF /I "%Argument:~0,3%"=="/FN" FOR /F "tokens=2 delims=:" %%B IN ('ECHO.%1') DO (SET FN=%%~B) IF /I "%Argument:~0,3%"=="/LN" FOR /F "tokens=2 delims=:" %%B IN ('ECHO.%1') DO (SET LN=%%~B) IF /I "%Argument:~0,3%"=="/MI" FOR /F "tokens=2 delims=:" %%B IN ('ECHO.%1') DO (SET MI=%%~B) GOTO:EOF :Syntax ECHO. ECHO CloneUsr.bat, Version 1.11 ECHO Create a new domain user ID by cloning an existing one ECHO. ECHO Usage: CLONEUSR samid /FN:firstname [/MI:middleinitial] /LN:lastname /CC:samid2 ECHO. ECHO Where: samid = new user ID ECHO samid2 = user ID to be cloned ECHO. ECHO Notes: You MUST modify the hard coded domain name and homedir and profile paths ECHO in this batch file before using it; read the comments in the code. ECHO This batch file uses Windows Server 2003's DS Tools ^& SystemTools.com's ECHO TSCMD; if the latter isn't available, you will be prompted for download. ECHO Only a limited selection of attributes for user objects is cloned by ECHO this batch file; use the DS Tools' help to modify this batch file and ECHO clone more attributes ^(www.robvanderwoude.com/adshelp/adshelp.html^) ECHO. ECHO Written by Rob van der Woude ECHO http://www.robvanderwoude.com IF "%OS%"=="Windows_NT" ENDLOCAL