Recipe 6.7 Copying a User

6.7.1 Problem

You want to copy an existing user account, which may be serving as a template, in order to create a new account.

6.7.2 Solution Using a graphical user interface
  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, browse to the parent container of the template user object.

  3. In the right pane, right-click on the user and select Copy.

  4. Enter the name information for the new user and click Next.

  5. Enter a password, check any options you want enabled, and click Next.

  6. Click Finish. Using VBScript
' This code copies the attributes in the Attrs array from an 
' existing object to a new one.
arrAttrs        = Array("department","co","title","l", "c", "st")
strParentDN     = "<ParentContainer>"   ' e.g. cn=Users,dc=rallencorp,dc=com
strTemplateUser = "<TemplateUserName>"  ' e.g. template-user-sales
strNewUser      = "<NewUserName>"       ' e.g. jdoe
strPassword     = "<Password>"
' ------ END CONFIGURATION ---------


Set objTemplate = GetObject("LDAP://cn=" & strTemplateUser & _
                            "," & strParentDN)
Set objParent   = GetObject("LDAP://" & strParentDN)
Set objUser     = objParent.Create("user", "cn=" & strNewUser)

objUser.Put "sAMAccountName", strNewUser
objUser.Put "userAccountControl", ADS_UF_NORMAL_ACCOUNT

for each strAttr in arrAttrs
   objUser.Put strAttr, objTemplate.Get(strAttr)

objUser.AccountDisabled = FALSE
WScript.Echo "Successfully created user"

6.7.3 Discussion

Copying a user consists of copying the attributes that are common among a certain user base, which can include department, address, and perhaps even organizational information. ADUC actually uses attributes that are marked in the schema as "Copied when duplicating a user" to determine which attributes to copy. The VBScript solution just used a hardcoded set of attributes. If you are interested in finding the attributes that are configured in the schema to get copied, see Recipe 10.12. Using a graphical user interface

In order to copy a user in ADUC, you have to browse to the user object. If you locate the user by using Find instead, the Copy option is not available when right-clicking a user in the search results window. Using VBScript

ADSI has a CopyHere method, but it is available only for the NDS provider. It was not implemented for the LDAP provider and so copying a user via a single method is not supported.

6.7.4 See Also

Recipe 10.12 for finding the attributes that should be copied when duplicating a user

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List