Command-line tools can help you manage user accounts more effectively
User-account management is one duty all administrators share. Microsoft encourages the use of User Manager (or User Manager for Domains) to add, modify, or delete an account. The more often you need to manage accounts, however, the more you realize how time-consuming User Manager is. For example, the tool requires at least eight clicks to disable or rename an account. To create a new account with a few group memberships, a home directory, and a profile path, you might need to click more than 20 times—that's too many clicks.
Command-line methods are much easier and faster than User Manager. You can find such utilities—including Addusers, Xcacls, Nltest, Sleep, Rmtshare, and Cusrmgr—in the Microsoft Windows 2000 Server Resource Kit and the Microsoft Windows NT Server 4.0 Resource Kit. When you understand how these management utilities can work together, you'll be in a better position to simplify account management and your environment.
New User Accounts
The most basic component of user-account management is creating new user accounts. As part of this process, you probably also need to create the accounts' home-directory and profile paths, set permissions on the home and profile directories, and set shares on the home directory.
Command-line tools can speed up the creation process, but manually running each tool to create each user account would detract from the utilities' timesaving benefits. To easily avoid this problem, you can write a simple batch file, called newu.bat, that incorporates the code for each tool and each step in the account-creation process.
To show you how this batch file works, let's create an account for a new user named Jennifer Hansen. Her username is jhansen, and her account description is management. Her home directory settings point to the H drive on a local file server named servera, and she has a roaming profile on servera. Her home and profile folders are both in her name. Her password is temppwd. Her account runs logonscr.bat as a logon script. (Figure 1 shows the newu.bat file in its entirety.)
Create the account. Your first task is to actually create the new user account. The resource kits' Addusers tool is ideal for this purpose, especially if you map drive letters for home directories. (If you'd rather not use a resource kit tool, you can use the Net User command to complete this step, although Net User doesn't work when you connect with Uniform Naming Convention—UNC—paths for home directories. For information about using Net User, see the sidebar "A Simple Command.") Addusers is useful for creating single user accounts but is also a great tool for creating multiple accounts simultaneously.
The tool involves a two-part process: First, you must create an import text file to use with addusers.exe; second, you must run addusers.exe. The text file must follow a standardized format:
username,first_name last_name,
password,account_description,
home_drive_letter:,home_drive_
path,profiles_path,logon_script_name
You can give this file a simple name, such as username.txt, where username is the name of the user for whom you're creating the account. For Jennifer, create the following file named hansen.txt:
[User]
hansen,Jennifer Hansen,temppwd,
management,H:,\\servera\hansen$,
\\servera\profiles$\hansen,logonscr.bat
To create hansen.txt on the fly, begin the newu.bat script with the following code, which reads in parameters from the command line:
echo [User] > \\adminhostscripts\newusers\%1.txt
echo %1,%2 %3,%4,%5,H:,
\\servera\%1$,\\servera
\profiles$\%1,logonscr.bat >> \\adminhost\scripts\newusers\%1.txt
After you create the text file, run Addusers to create the new user account. You can use Addusers to create user accounts on a local accounts database or on the domain SAM. When you use Addusers to create accounts on a domain, be sure to specify the PDC. To create a nondomain account, specify the remote computer instead. To create Jennifer's account on a domain with the PDC pdcserver, add the following line to newu.bat:
addusers \\pdcserver /c \\adminhost\scripts$\newusers
\%1.txt
The /c switch signals Addusers to create a new account. (You can also use Addusers to delete accounts. For more information about Addusers, see Mark Minasi, This Old Resource Kit, "AddUsers," May 1998.)