In my testing I realized that the power to quickly create a bunch of test users or test groups was cool but was a lot to type… Unfortunately there is a lot of info that is needed, but I did find a way to shorten it a little by making some assumptions.
I added a new shortcut for adding users. So now instead of typing
admod -autobase 1000:cn=myautouser,OU=TestOU,DC=joe,DC=com -add -bmod {{*RDN*}}_{{*cnt*}},{{*parent*}} objectclass::user -kerbenc unicodepwd::{{*rnd*:15:20}} samaccountname::{{*name*}}_{{*cnt*}} useraccountcontrol::512 pwdlastset::-1 -exterr
you type
admod -sc adau:1000::cn=myautouser,OU=TestOU,DC=joe,DC=com
The rest is autoconfigured by the shortcut. 🙂 1000 fully enabled users with random passwords 15-20 characters long created in seconds. If you want a specific password you can do something like
admod -sc adau:1000:mysecretpassword:cn=autouser,OU=TestOU,DC=joe,DC=com
The same thing is available for ADAM with the -sc adamau switch…
Ex:
F:\Dev\CPP\AdMod>admod -sc adau:1000::cn=myautouser,ou=testou,dc=joe,dc=com -elapsed
AdMod V01.07.00cpp_BETA1 Joe Richards (joe@joeware.net) September 2006
DN Count: 1000
Using server: 2k3dc02.joe.com:389
Directory: Windows Server 2003
Adding specified objects…
DN: cn=myautouser_0,ou=testou,dc=joe,dc=com… “ZeaMRVuCGe_2P0xfn;S6”
DN: cn=myautouser_1,ou=testou,dc=joe,dc=com… “Zlflg+{P4lKSrH98lYf”
DN: cn=myautouser_2,ou=testou,dc=joe,dc=com… “jTdw2[BT$wUMaSR~l”
DN: cn=myautouser_3,ou=testou,dc=joe,dc=com… “bnEwJci71.6b,s]GlN:”
DN: cn=myautouser_4,ou=testou,dc=joe,dc=com… “d;pltx$JL7Sya:h|}”
DN: cn=myautouser_5,ou=testou,dc=joe,dc=com… “GQ}-ZM:_=p~k[TZ#6”
DN: cn=myautouser_6,ou=testou,dc=joe,dc=com… “!Hyr2Wc7@Nmzy;e4B@”
DN: cn=myautouser_7,ou=testou,dc=joe,dc=com… “Z@Pp38Gnr7%BGJ!hfp”
DN: cn=myautouser_8,ou=testou,dc=joe,dc=com… “yEghUS:gJ9t#]OhJ@2[“
DN: cn=myautouser_9,ou=testou,dc=joe,dc=com… “QKccGklWGqK@;R$C.SrP”
DN: cn=myautouser_10,ou=testou,dc=joe,dc=com… “8ZB.k;%i4ln$#BBF”
DN: cn=myautouser_11,ou=testou,dc=joe,dc=com… “k#_2dkZW.8MGT5~KNvj*”
DN: cn=myautouser_12,ou=testou,dc=joe,dc=com… “gx*KV+Hz{wx{r!aFE”
[snip]
DN: cn=myautouser_994,ou=testou,dc=joe,dc=com… “YXlpp$5Tm]Ho_m,=nLb”
DN: cn=myautouser_995,ou=testou,dc=joe,dc=com… “w_b*z{tSK[:r,!L*2”
DN: cn=myautouser_996,ou=testou,dc=joe,dc=com… “ert5hk,ARpolY=kJeQ”
DN: cn=myautouser_997,ou=testou,dc=joe,dc=com… “CQXeJLasAy8BrhxB”
DN: cn=myautouser_998,ou=testou,dc=joe,dc=com… “y0lyL,jmpsQU0wE5RAkc”
DN: cn=myautouser_999,ou=testou,dc=joe,dc=com… “7-1-M{[:pZ4#YlN50j:”
Time Elapsed (sec): 42.812
The command completed successfully
1000 automatically generated fully enabled users in just under 43 seconds…
There is a similar set of shortcuts for groups in AD and ADAM. Instead of the password parameter there is a group type parameter which can be an integer value or various characters describing the group type, u for universal, g for global, l for domain local and you can add an s if you want it to be a security group.
Ex:
F:\Dev\CPP\AdMod>admod -sc adag:100:us:cn=myautogroup,ou=testou,dc=joe,dc=com -elapsed
AdMod V01.07.00cpp_BETA1 Joe Richards (joe@joeware.net) September 2006
DN Count: 100
Using server: 2k3dc02.joe.com:389
Directory: Windows Server 2003
Adding specified objects…
DN: cn=myautogroup_0,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_1,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_2,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_3,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_4,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_5,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_6,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_7,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_8,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_9,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_10,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_11,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_12,ou=testou,dc=joe,dc=com…
[snip]
DN: cn=myautogroup_96,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_97,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_98,ou=testou,dc=joe,dc=com…
DN: cn=myautogroup_99,ou=testou,dc=joe,dc=com…
Time Elapsed (sec): 2.574
The command completed successfully
100 new universal security groups in just under 3 seconds…
If those shortcuts don’t work well for you, don’t forget about the -ef option as that could be used as well.
I am trying to decide if there is value in creating OUs this way as well. Thoughts?
joe
nice addition joe – a thought on your question rgd. creation of OUs: would be nice to combine the different routines.
I.e. besides setting how many OUs should be created, allow setting the number of users and groups (and computer accounts) to be created in each – ideally with a Child-OU for each object type 🙂 I’d probably make the name of the OU part of the account and group names to avoid duplicates.
I imagine some command like the following:
admod -sc adou:20:400:370:50:US:ou=myauto,ou=testou,dc=joe,dc=com
which would create 20 OUs underneath “testou” and 3 child OUs for the objects:
ou=myautoOU_1,ou=testou,dc=joe,dc=com
ou=users,cn=myautoOU_1,ou=testou,dc=joe,dc=com
ou=groups,cn=myautoOU_1,ou=testou,dc=joe,dc=com
ou=computers,cn=myautoOU_1,ou=testou,dc=joe,dc=com
ou=myautoOU_2,ou=testou,dc=joe,dc=com
ou=users,cn=myautoOU_2,ou=testou,dc=joe,dc=com
ou=groups,cn=myautoOU_2,ou=testou,dc=joe,dc=com
ou=computers,cn=myautoOU_2,ou=testou,dc=joe,dc=com
…
ou=myautoOU_20,ou=testou,dc=joe,dc=com
ou=users,cn=myautoOU_20,ou=testou,dc=joe,dc=com
ou=groups,cn=myautoOU_20,ou=testou,dc=joe,dc=com
ou=computers,cn=myautoOU_20,ou=testou,dc=joe,dc=com
and creates the appropriate objects in each OU, e.g. 400 users, 370 computers, 50 universal security groups:
cn=myautoUser_1-1,ou=users,cn=myautoOU_1,ou=testou,dc=joe,dc=com
cn=myautoUser_1-2,ou=users,cn=myautoOU_1,ou=testou,dc=joe,dc=com
…
cn=myautoUser_1-400,ou=users,cn=myautoOU_1,ou=testou,dc=joe,dc=com
cn=myautoComputer_1-1,ou=computers,cn=myautoOU_1,ou=testou,dc=joe,dc=com
cn=myautoComputer_1-2,ou=computers,cn=myautoOU_1,ou=testou,dc=joe,dc=com
…
cn=myautoComputer_1-370,ou=computers,cn=myautoOU_1,ou=testou,dc=joe,dc=com
cn=myautoGroup_1-1,ou=groups,cn=myautoOU_1,ou=testou,dc=joe,dc=com
cn=myautoGroup_1-2,ou=groups,cn=myautoOU_1,ou=testou,dc=joe,dc=com
…
cn=myautoGroup_1-50,ou=groups,cn=myautoOU_1,ou=testou,dc=joe,dc=com
and while you’re at it, how about randomly adding users to the groups in their OU (and even outside their OU after all objects have been created) 😉
Now that would be really nice :-))
Cheers,
Guido
just saw a copy-paste error in my DNs – ofcourse all OU’s use ou= in the DN… duhh…
LOL, yeah that would be nice but admod won’t do it. The shortcuts are simply that, shortcuts, it will enter switches for you that you can normally enter. Consider what object creations take and you see that trying to do that in a decent way on the command line with a generic tool is tough. On the plus side, someone could easily wrap that into a script and call admod for each object type they need.
I could always write a separate tool that is specifically for populating test environments as well I guess but I call those solutions instead of tools. Tools I try to make as generic as possible.
As an FYI, the usage in the released tool did deviate from this original post of the beta version. I ran into some things I could do better by changing parsing characters so now instead of typing
admod -sc adau:1000::cn=myautouser,OU=TestOU,DC=joe,DC=com
you would type
admod -sc adau:1000;;cn=myautouser,OU=TestOU,DC=joe,DC=com
If you think about it, the shortcut is designated by the -sc and adau, then the : tells you here come the parameters for this shortcut and the semicolon delimits them.