Script Action: Edit user (no AD) - HELP DOCUMENTATION UMRA REFERENCE GUIDE

Function

Edits an existing user account. All main properties and attributes of the account, including password, full name, home directory settings etc. can be modified with this action.

Deployment

 Windows NT 4 domain account

 Local workstation or member server account

 Active Directory account. For an Active Directory account, you can also use Script Action: Edit user (AD) on page Fout!

Bladwijzer niet gedefinieerd. to edit the account.

To execute this action you need to specify the properties that identify the user account: Username and Domain or Computer. To edit a user account on an Active Directory workstation, you need to specify the name of the workstation for the Computer property. By default, all properties that effect the user account are not specified, e.g. nothing is changed for the user account. By specifying one or more properties, changes are made.

Properties

Property Name Description Remarks

Domain The name of the domain of the user account. The domain can be specified using with a DNS or NETBIOS name. If the Computer property is specified, this property is ignored.

To specify the user account, specify properties Username and Domain or Computer.

Computer The name of the computer that maintains the user account. This computer can be specified with a DNS or NETBIOS name. The computer can be a domain controller of a Windows

NT4/2000/2003 domain, a member server of a domain or a workstation. If this property is specified, the 'Domain' property is ignored.

To specify the user account, specify properties Username and Domain or Computer.

Username The name of the user account. The name equals

the SAM account name of the user account. To specify the user account, specify properties Username and Domain or Computer.

Full name The full name of the user account. When

specified, the current name of the user account is changed into the name specified.

Password generator A password can be generated automatically. The 'Password generator' specifies how the password is generated, e.g. password length, password complexity requirements, password output variable etc. When this property is specified the password is generated automatically. The password output variable (default:

%Password%) should correspond with the variable generated by the password generator.

Password The password of the user account.

Description A description associated with the user account. The field can contain a text of any length.

Home directory The path of the home directory of the user account. Note that this specification does not create the home directory. Instead, it specifies the home directory in the SAM user account database. You can create the home directory, by adding the action 'Create Directory' to the script.

Home directory

drive The drive letter assigned to the user's home directory for logon purposes. User profile A path to the user's profile. Note that this

specification does not create the profile directory. Instead, it specifies the profile's path in the SAM user account database.

Logon script The path for the user's logon script file. The script file can be a .CMD file, an .EXE file, or a .BAT file.

User must change password at next logon

The password is expired. Use this property to force the user to change the password at the next logon. Note that the user can logon using the current password.

User cannot change

password The user cannot change password. When the user cannot change the password, only the administrator can change the password.

Password never

expires The password should never expire on the account. No password

required No password is required for the user account. Account disabled The user's account is disabled. If an user account

is disabled, the account does exist but cannot be used to logon to the network.

Account expiration The time and date when the account expires. The value can be 'Never' or a time and date. Logon hours The hours the user account can log on to the

domain. By default, domain logon is allowed 24 hours a day, 7 days a week.

The value is specified as a text of 42 hexadecimal characters, representing all the hours of a week. The hours of each day are represented by 6 characters.

Workstations Optional: the names of the workstations from which the user can log on (8 maximum), separated by commas.

Special user

1.14. Script Action: Edit user logon

Function

Edits the logon settings of an existing user account . The account is identified by a variable containing the User Object. Use the

Script Action: Get user (AD) on page 16 to find the user first. For the user account, all regular attributes can be changed and/or reset.

Deployment

This action is typically used as one of the main action to manage existing user accounts in Active Directory. You can use this action for a single change, for instance resetting the password of an account or multiple changes like home directory, profile directory and

Active Directory attributes. To change the common name (full name) of a user account, you cannot use this action. Use the Script

Action: Move - rename user (AD) on page Fout! Bladwijzer niet gedefinieerd. instead to do this.

For this action, the user account is identified by a variable (default: %UserObject%). To execute this action successfully, the

variable must have a valid value. The variable is an output variable of the action Script Action: Get user (AD) on page 16. The Get

User action supports several ways to find the user and fill the variable.

The Edit user logon action contains a large number of properties. As described above, the User Object property is used to identify the user account. Other properties are initially not specified. This means that the corresponding Active Directory attributes of the user account are not changed when the action is executed. Only when a property is specified, the attribute is updated in Active Directory.

Properties

Property Name Description Typical setting Remarks

User Object An data structure representing the user account. Use the action Get user (AD) on page 16 to find the user account in Active Directory and setup the variable that contains the 'User Object'.

%UserObject% See Deployment section.

Username The SAM account name of the user for which you want to edit the logon settings.

You should only use this option when you are not using the %UserObject% variable. Instead of the %userObject variable an user account can also be identified by the user name and the domain name or the domain controller.

Domain The domain in which the

user account, for which you want to edit the logon settings, is located.

You should only use this option when you want to identify the user account by username and domain name.

Domain controller The domain controller of the domain in which the user account, for which you want to edit the logon settings, is located.

You should only use this option when you want to identify the user account by username and domain controller.

Password

generator The specification how to generate passwords for the user account

Specifies the method used to generate a password for the user account. These methods vary from simple (easy to remember) passwords to strong passwords. There are several

predefined settings available.

The resulting password will be stored in a variable. By default it is stored in the variable %Password%. This variable must be specified as the value for the Password property.

Password The password of the user

account. Typically the name contained in the variable %Password% is generated by the Password generator. To create the same password for all users you can specify the password here directly. For example "test1234". You can also read the password from the input file.

User must change password at next logon

The password is expired. Use this property to force the user to change the password at the next logon. Note that the user can logon using the current password.

When set to Yes the User cannot change password property must by set to No.

User cannot

change password The user cannot change password. When the user cannot change the password, only the administrator can change the password.

Valid specifications are Yes and No. This setting has no effect on members of the administrators group. When set to Yes, the User must change password at next logon property must by set to No.

Password never expires

The password should never

expire on the account. Valid specifications are Yes and No. The default value is No. This setting overrides the Maximum Password Age setting in the password policy for the domain/computer.

Account disabled The user's account is disabled. If an user account is disabled, the account does exist but cannot be used to logon to the network.

Unlock the account Unlock an user account. When an account is locked it is temporarily impossible to log on to the network. An account gets locked when an incorrect password is specified.

Valid specifications are Yes and No. The default value is No. When set to Yes an locked account will be unlocked. This property can only be used when an account is locked.

In document HELP DOCUMENTATION UMRA REFERENCE GUIDE (Page 43-48)