You want to create an object.
In each solution below, an example of adding a user object is shown. Modify the examples as needed to include whatever class and attributes you need to create.
Open ADSI Edit.
If an entry for the naming context you want to browse is not already displayed, do the following:
Right-click on ADSI Edit in the right pane and click Connect to . . .
Fill in the information for the naming context, container, or OU you want to add an object to. Click on the Advanced button if you need to enter alternate credentials.
In the left pane, browse to the container or OU you want to add the object to. Once you've found the parent container, right-click on it and select New Object.
Under Select a Class, select user.
For the cn, enter jsmith and click Next.
For sAMAccountName, enter jsmith and click Next.
Click the More Attributes button to enter additional attributes.
Create an LDIF file called create_object.ldf with the following contents:
dn: cn=jsmith,cn=users,dc=rallencorp,dc=com changetype: add objectClass: user samaccountname: jsmith
then run the following command:
> ldifde -v -i -f create_object.ldf
It is also worth noting that you can add a limited number of object types with the dsadd command. Run dsadd /? from a command line for more details.
set objUsersCont = GetObject(LDAP://cn=users,dc=rallencorp,dc=com") set objUser = objUsersCont.Create("user", "CN=jsmith") objUser.Put "sAMAccountName", "jsmith" ' mandatory attribute objUser.SetInfo
To create an object in Active Directory, you have to specify the objectClass, relative distinguished name (RDN) value, and any other mandatory attributes that are not automatically set by Active Directory. Some of the automatically generated attributes include objectGUID, instanceType, and objectCategory.
In the jsmith example, the objectclass was user, the RDN value was jsmith, and the only other mandatory attribute that had to be set was sAMAccountName. Admittedly, this user object is unusable in its current state because it will be disabled by default and no password was set, but it should give you an idea of how to create an object.
Other tools, such as AD Users and Computers, could be used to do the same thing, but ADSI Edit is useful as a generic object editor.
One attribute that you will not be able to set via ADSI Edit is the password (unicodePwd attribute). It is stored in binary form and cannot be edited directly. If you want to set the password for a user through a GUI, you can do it with the AD Users and Computers snap-in.
For more on ldifde, see Recipe 4.25.
With dsadd, you can set numerous attributes when creating an object. The downside is that as of the publication of this book, you can create only these object types: computer, contact, group, ou, quota, and user.
The first step to create an object is to call GetObject on the parent container. Then call the Create method on that object and specify the objectClass and RDN for the new object. The sAMAccountName attribute is then set by using the Put method. Finally, SetInfo commits the change. If SetInfo is not called, the creation will not get committed to the domain controller.
Recipe 4.25 for importing objects using LDIF, MSDN: IADsContainer::GetObject, MSDN: IADsContainer::Create, MSDN: IADs::Put, and MSDN: IADs::SetInfo