Active Directory account creation using php
Posted: Thu Dec 15, 2005 11:01 pm
This is a script I wrote to help automate the AD account creation. It does most except create the home folder and share. Because it is on Linux I just let the logon script check if this is the first logon and have a vbscript the creates the share at logon.
Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<link rel="stylesheet" href="style.css" type="text/css" />
<head></head>
</body>
<?php
// This script will help in the process of creating Windows AD accounts
// Modify as needed. Hopefully it will help.
// Variables
$dbhost = "host";
$dbuser = "user";
$dbpass = "pass";
$db = "db";
$ldapsrv = "xxx.xxx.xxx.xxx";
// Get form variables.
$action = $_REQUEST['action'];
$reqstar = "<font color='red'>*</font>";
$id = $_REQUEST['id'];
// First check to see if an account has been submitted from HR.
// Replace as needed
$link = mysql_connect($dbhost, $dbuser, $dbpass) or die('Could not connect: ' . mysql_error());
mysql_select_db($db) or die('Could not select database');
$query = 'SELECT * FROM accounts where acct_id = '.$id;
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
$num = mysql_numrows($result);
$i = 0;
while ($i < $num) {
$id = mysql_result($result,$i,"acct_id");
$empid = mysql_result($result,$i,"emp_id");
$empfname = mysql_result($result,$i,"emp_fname");
$emplname = mysql_result($result,$i,"emp_lname");
$empdept = mysql_result($result,$i,"emp_dept");
$emptitle = mysql_result($result,$i,"emp_title");
$empmanager = mysql_result($result,$i,"emp_man");
$empphone = mysql_result($result,$i,"emp_phone");
$emphdate = mysql_result($result,$i,"emp_hdate");
$empacttype = mysql_result($result,$i,"emp_acttype");
//echo "<td><a href='adduser.php?id=".$id."'>".$id."</td></tr>";
$i++;
}
mysql_free_result($result);
mysql_close($link);
// Main
if ($action=="Cancel") {
?><center>It appears you have selected Cancel.<br />Thanks for stopping by and have a great day :)<br />
<a href="JavaScript:window.close()">Close this window</a></center>
<?php
exit();
}
if ($action=="Submit"){
$authname = $_REQUEST['authname'];
$authname_req = is_required($authname);
$authpass = $_REQUEST['authpass'];
$authpass_req = is_required($authpass);
$empid = $_REQUEST['empid'];
$empid_req = is_required($empid);
$empfname = $_REQUEST['empfname'];
$empfname_req = is_required($empfname);
$emplname = $_REQUEST['emplname'];
$emplname_req = is_required($emplname);
$empdept = $_REQUEST['empdept'];
$empdept_req = is_required($empdept);
$emptitle = $_REQUEST['emptitle'];
$emptitle_req = is_required($emptitle);
$empmanager = $_REQUEST['empmanager'];
$empmanager_req = is_required($empmanager);
$empphone = $_REQUEST['empphone'];
$emphdate = $_REQUEST['emphdate'];
$emphdate_req = is_required($emphdate);
$empemail = $_REQUEST['empemail'];
$empuname = strtolower(substr($empfname,0,1)."".substr($emplname,0,7));
$empinitials = strtolower(substr($empfname,0,1))."".strtolower(substr($emplname,0,1));
if ($authname and $authpass and $empfname and $emplname and $empdept and $emphdate and $emptitle and $empmanager) {
$adduserAD["cn"][0] = $empfname." ".$emplname;
$adduserAD["samaccountname"][0] = $empuname;
$adduserAD["objectclass"][0] = "top";
$adduserAD["objectclass"][1] = "person";
$adduserAD["objectclass"][2] = "organizationalPerson";
$adduserAD["objectclass"][3] = "user";
$adduserAD["displayname"][0] = $empfname." ".$emplname;
$adduserAD["name"][0] = $empfname." ".$emplname;
$adduserAD["givenname"][0] = $empfname;
$adduserAD["sn"] = $emplname;
$adduserAD["company"][0] = "Example";
$adduserAD["department"][0] = $empdept;
$adduserAD["title"][0] = $emptitle;
$adduserAD["description"][0] = $emptitle;
$adduserAD["initials"][0] = $empinitials;
$adduserAD["userprincipalname"][0] = $empuname."@example.com";
$adduserAD["homeDirectory"][0] = "\\\\Fileserver\\".$empuname."$";
$adduserAD["homeDrive"][0] = "H";
$adduserAD["facsimileTelephoneNumber"][0] = "(000) 000-0000";
$adduserAD["employeeid"][0] = $empid;
// If email is needed create mailbox. Use ADSI to get your information.
if ($empemail){
$adduserAD["homeMDB"][0] = "CN=Mailbox Store (exampleservername),CN=First Storage Group,CN=InformationStore,CN=exampleServerName,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=CompanyName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com";
$adduserAD["homeMTA"][0] = "CN=Microsoft MTA,CN=exampleservername,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=examplecompany,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com";
$adduserAD["mail"][0] = $empfname."".$emplname."@example.com";
$adduserAD["legacyExchangeDN"][0] = "/o=Example/ou=First Administrative Group/cn=Recipients/cn=".$empuname;
$adduserAD["mailNickname"][0] = $empuname;
$adduserAD["msExchHomeServerName"][0] = "/o=Example/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=exampleservername";
}
$adduserAD["l"][0] = "City";
$adduserAD["physicalDeliveryOfficeName"][0] = "Admin";
$adduserAD["streetAddress"][0] = "1234 Someroad";
$adduserAD["st"][0] = "MO";
$adduserAD["postalCode"][0] = "11111";
$adduserAD["c"][0] = "US";
$adduserAD["co"][0] = "United States";
$adduserAD["countryCode"][0] = "840";
if ($empphone){
$adduserAD["telephoneNumber"][0] = $empphone;
} else {
$adduserAD["telephoneNumber"][0] = "(000) 000-0000";
}
$adduserAD["userAccountControl"][0] = "512";
//$adduserAD["WWWHomePage"][0] = "";
if (!($ldap = ldap_connect($ldapsrv))) { die("Could not connect to LDAP server");}
if (!($res = @ldap_bind($ldap, $authname."@example.com", $authpass))) {
die("Could not bind to the LDAP account<br>Please check username and password.");
}
$emploc = "CN=".$empfname." ".$emplname.",OU=Users,OU=".$empdept.",DC=example,DC=com";
if (!(ldap_add($ldap, $emploc, $adduserAD))){
echo "There is a problem to create the account<br>";
echo "Please contact your administrator !";
cleanup($ldap);
exit();
} else {
$link = mysql_connect($dbhost, $dbuser, $dbpass) or die('Could not connect: ' . mysql_error());
mysql_select_db($db) or die('Could not select database');
$query = 'delete FROM accounts where acct_id = '.$id;
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
mysql_free_result($result);
mysql_close($link);
$empmanemail = str_replace(" ","",$empmanager)."@example.com";
echo "It appears the account was created. :-)";
$to = " admin@example.com ,".$empmanemail;
$subject = "New Employee Information";
$body = "Account created for:: ".$empfname." ".$emplname.
"\nEmployee ID: ".$empid.
"\nName: ".$empfname." ".$emplname.
"\nUserName: ".$empuname.
"\nPassword: ".$empinitials."".substr($emphdate,0,2)."".substr($emphdate,-4,2).
"\nDepartment: ".$empdept.
"\nTitle: ".$emptitle.
"\nManager: ".$empmanager.
"\nPhone: ".$empphone.
"\nHire Date: ".$emphdate.
"\nEmail: ".$empfname."".$emplname."@example.com";
$extra = "From: NetworkAdmin";
if (mail($to, $subject, $body, $extra)) {
echo("<p>Message sent!<br></p>");
} else {
echo("<p>Message delivery failed...</p>");
}
}
cleanup($ldap);
?><a href="JavaScript:window.close()">Close this window</a><?php
exit();
}
}
?>
<script language="JavaScript">
window.onload = function()
{
var inputCollection = document.getElementsByTagName("input");
for(var i = 0; i < inputCollection.length; i++)
{
var controlType = inputCollection[i].getAttribute('type');
if(controlType.toLowerCase() == 'text')
{
inputCollection[i].focus();
return;
}
}
}
</script>
<center>
<form name="netacct" action="adduser.php?id=<?php echo $id; ?>" method="post">
<table border="6">
<tr><th colspan="3"><b>Create Network Account...</b></th></tr>
<tr><td>My Username:</td><td><input type="text" name="authname" value="<?php echo $authname; ?>"></td><td><?php echo $reqstar." ".$authname_req; ?></td></tr>
<tr><td>My Password:</td><td><input type="password" name="authpass" value="<?php echo $authpass; ?>"></td><td><?php echo $reqstar." ".$authpass_req; ?></td></tr>
<tr><td>Employee ID: </td><td><input type="text" name="empid" value="<?php echo $empid; ?>"></td><td><?php echo $reqstar." ".$empid_req; ?></td></tr>
<tr><td>First Name: </td><td><input type="text" name="empfname" value="<?php echo $empfname; ?>"></td><td><?php echo $reqstar." ".$empfname_req; ?></td></tr>
<tr><td>Last Name: </td><td><input type="text" name="emplname" value="<?php echo $emplname; ?>"></td><td><?php echo $reqstar." ".$emplname_req; ?></td></tr>
<tr><td>Department: </td><td><select name="empdept">
<option value="<?php echo $empdept; ?>" selected><?php echo $empdept; ?></option>
<option value="Accounting">Accounting</option>
<option value="Administration">Administration</option>
</select></td><td><?php echo $reqstar." ".$empdept_req; ?>
</td></tr>
<tr><td>Title: </td><td><input type="text" name="emptitle" value="<?php echo $emptitle; ?>"></td><td><?php echo $reqstar." ".$emptitle_req; ?></td></tr>
<tr><td>Manager/Supervisor: </td><td><select name="empmanager">
<option value="<?php echo $empmanager; ?>" selected><?php echo $empmanager; ?></option>
<option value="Manager 1">Manager 1</option>
<option value="Manager 2">Manager 2</option>
</select></td><td><?php echo $reqstar." ".$empmanager_req; ?></td></tr>
<tr><td>Phone: </td><td><input type="text" name="empphone"></td></td><td></tr>
<tr><td>Hire Date: </td>
<td><input type="text" name="emphdate" value="<?php echo $emphdate; ?>"></td><td><?php echo $reqstar." ".$emphdate_req; ?></td></tr>
<tr><td>Email: </td><td><input type="checkbox" name="empemail" value="true"></td><td></td></tr>
<tr><td><font color="red">* = Required</font></td>
<td><input type="submit" name="action" value="Submit"><input type="submit" name="action" value="Cancel"></td></tr>
</table>
</form>
</center>
</body>
<?php
// Function for required.
function is_required($fieldname){
if (!$fieldname){
return " <font color='red'>Is Required</font>";
} else {
return " <img src='imgs/ok.png'>";
}
}
// Function for cleanup
function cleanup($ldap){
ldap_unbind($ldap);
}
?>