BizTalk 2006 Server - Automatic Account and Group Creation

BREAKING NEWS! THIS SCRIPT WAS UPDATED ON JUNE 26 2006 TO CORRECT PASSWORD ASSIGNMENT BUG. NEW SCRIPT IS NOW INCLUDED IN THE GREY BOX BELOW

I have installed BizTalk Server 2006 so many times now and every time I get to the domain account creation and group assignment my eyes glaze over and I give a little groan. You know my motto - Why not automate? - so here is a vbs script to create the users, groups, and assign the users to the groups according to the (at the time of writing) current BizTalk 2006 documentation.

Automatically creating the BizTalk 2006 user accounts and groups seems like the only reasonable way to avoid all this manual work

Warnings:

This is not rigirously tested so use it at your own risk. Better yet, use it in an expendable LAB domain first
This is very basic script and will not replay successfully unless you manually delete the account
I'm not taking any heat if you mess something up using this script
You need to have permissions to create users, groups, and assign users to groups in the OU that you decide to target

Instructions

Just create a text file on your computer with a .vbs extension. Copy and paste the text below into it.
You will have to change some of the contstants to get it to work in your domain
I would suggest a totally distinct OU for the BizTalk user accounts and groups

That being said, I have used this script successfully many times in my own environment. This one took a lot of work so if you use it, please drop a simple “thanks” comment at the bottom of the article.

If you have improved the script, or have suggestions for doing so, please let me know so I can benefit from it as well. (two way street y'know)

REM ============================================

REM =CREATES ALL USER ACCOUNTS FOR BIZTALK 2006=

REM ============================================

REM = Neil Thompson

REM = June 2006

REM = n.thompson@cgi.com

REM ============================================

REM = THIS SCRIPT IS SUPPLIED "AS-IS" WITHOUT WARRANTY

REM = OF ANY KIND.

REM = USE THIS FILE AT YOUR OWN RISK. NEITHER CGI

REM = NOR NEIL THOMPSON ENSURE THAT THIS SCRIPT WILL

REM = WORK AS DESCRIBED NOR THAT IT IS SAFE TO RUN

REM = IN YOUR ENVIRONMENT. BY RUNNING THIS SCRIPT

REM = YOU AND YOU ALONE ASSUME RESPONSIBILITY FOR

REM = ANY AND ALL OUTCOMES

REM ============================================

REM == GLOBAL VARIABLES/CONSTANTS==

REM == CHANGE THESE VALUES TO REFLECT YOUR OWN ENVIRONMENT!!

strOU = "ou=BizTalk,ou=service accounts, dc=MYDOMAIN, dc=lab"

strDefaultPWD = "P@ssw0rd"

strDomainName = "MYDOMAIN.COM"

strAdministrator = "cn=administrator,cn=users,dc=MYDOMAIN, dc=lab"

REM ==CREATE ALL GROUPS (ASSUMES NONE EXIST ALREADY)

CreateGroup "SSO Administrator(s)",strOU

CreateGroup "SSO Affiliate Administrators",strOU

CreateGroup "BizTalk Server Administrators",strOU

CreateGroup "BizTalk Server Operators",strOU

CreateGroup "BizTalk Application Users",strOU

CreateGroup "BizTalk Isolated Host Users",strOU

CreateGroup "EDI Subsystem Users",strOU

CreateGroup "BizTalk BAM Portal Users",strOU

CreateGroup "BizTalk Sharepoint Adapter Enabled Hosts",strOU

CreateGroup "BizTalk BAS Web Services",strOU

CreateGroup "BizTalk BAS Users",strOU

CreateGroup "BizTalk BAS Managers",strOU

CreateGroup "BizTalk BAS Administrators",strOU

REM ==CREATE ALL USERS(ASSUMES NONE EXIST ALREADY)

CreateUser "svcSSO",strDefaultPWD, strOU

CreateUser "svcInstanceHost",strDefaultPWD, strOU

CreateUser "svcIsoInstanceHost",strDefaultPWD, strOU

CreateUser "svcReu",strDefaultPWD, strOU

CreateUser "svcEDI",strDefaultPWD, strOU

CreateUser "svcHWS",strDefaultPWD, strOU

CreateUser "svcHWSWeb",strDefaultPWD, strOU

CreateUser "svcBamNotification",strDefaultPWD, strOU

CreateUser "svcBamManWS",strDefaultPWD, strOU

CreateUser "svcBamAppPool",strDefaultPWD, strOU

CreateUser "svcBasOwner",strDefaultPWD, strOU

CreateUser "svcBasManWS",strDefaultPWD, strOU

CreateUser "svcBasPubWS",strDefaultPWD, strOU

CreateUser "svcBasAppPool",strDefaultPWD, strOU

AddUsersToGroups

'REM NOTIFY USERS OF COMPLETION

Msgbox("Created Groups and Accounts")

Sub CreateUser(UserName,Password,OU)

Set objOU = GetObject("LDAP://" & OU)

Set objUser = objOU.Create("User","cn=" & UserName)

objUser.Put "SAMAccountName","" & UserName & ""

objUser.Put "userPrincipalName","" & UserName & "@" & strDomainName

objUser.Put "name","BizTalk Service Account" & UserName & ""

objUser.Put "displayName","BizTalk Service Account" & UserName & ""

objUser.AccountExpirationDate = "01/01/1970"

objUser.SetInfo

objUser.AccountDisabled = FALSE

REM Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

REM objUser.Put "userAccountControl", ADS_UF_DONT_EXPIRE_PASSWD

objUser.SetPassword Password

objUser.SetInfo

End Sub

Sub CreateGroup(GroupName,OU)

Set objOU = GetObject("LDAP://" & OU)

Set objGroup = objOU.Create("Group","cn=" & GroupName)

objGroup.Put "sAMAccountName", "" & GroupName & ""

objGroup.SetInfo

End Sub

Sub AddUsersToGroups

REM === SSO Administrator(s) ===

Set objGroup = GetObject("LDAP://cn=SSO Administrator(s)," & strOU)

objGroup.PutEx 3,"member",Array("cn=svcSSO," & strOU,strAdministrator)

objGroup.SetInfo

REM === SSO Affiliate Administrators ===

Set objGroup = GetObject("LDAP://cn=SSO Affiliate Administrators," & strOU)

objGroup.PutEx 3,"member",Array(strAdministrator )

objGroup.SetInfo

REM === BizTalk Server Administrators ===

Set objGroup = GetObject("LDAP://cn=BizTalk Server Administrators," & strOU)

objGroup.PutEx 3,"member",Array(strAdministrator,"cn=svcBasManWS," & strOU )

objGroup.SetInfo

REM === BizTalk Server Operators ===

Set objGroup = GetObject("LDAP://cn=BizTalk Server Operators," & strOU)

objGroup.PutEx 3,"member",Array(strAdministrator)

objGroup.SetInfo

REM === BizTalk Application Users ===

Set objGroup = GetObject("LDAP://cn=BizTalk Application Users," & strOU)

objGroup.PutEx 3,"member",Array("cn=svcInstanceHost," & strOU)

objGroup.SetInfo

REM === BizTalk Isolated Host Users ===

Set objGroup = GetObject("LDAP://cn=BizTalk Isolated Host Users," & strOU)

objGroup.PutEx 3,"member",Array("cn=svcIsoInstanceHost," & strOU,"cn=svcHWSWeb," & strOU)

objGroup.SetInfo

REM === EDI Subsystem Users ===

Set objGroup = GetObject("LDAP://cn=EDI Subsystem Users," & strOU)

objGroup.PutEx 3,"member",Array("cn=svcEDI," & strOU)

objGroup.SetInfo

REM === BizTalk BAM Portal Users ===

REM === BizTalk BAS Web Services ===

Set objGroup = GetObject("LDAP://cn=BizTalk BAS Web Services," & strOU)

objGroup.PutEx 3,"member",Array("cn=svcBasManWS," & strOU,"cn=svcBasPubWS," & strOU,"cn=svcBasAppPool," & strOU)

objGroup.SetInfo

REM === BizTalk BAM Portal Users ===

REM === BizTalk BAS Managers ===

REM === BizTalk BAS Administrators ===

Set objGroup = GetObject("LDAP://cn=BizTalk BAS Administrators," & strOU)

objGroup.PutEx 3,"member",Array("cn=svcBasOwner," & strOU)

objGroup.SetInfo

REM === BizTalk Sharepoint Adapter Enabled Hosts ===

Set objGroup = GetObject("LDAP://cn=BizTalk Sharepoint Adapter Enabled Hosts," & strOU)

objGroup.PutEx 3,"member",Array("cn=svcInstanceHost," & strOU)

objGroup.SetInfo

End Sub

posted on Tuesday, June 13, 2006 7:37 AM

Feedback

# re: BizTalk 2006 Server - Automatic Account and Group Creation 6/26/2006 2:25 AM gar

Very nice, I'll try it out this evening

# re: BizTalk 2006 Server - Automatic Account and Group Creation 6/30/2006 1:19 PM gar

Hi Neil,
Excellent stuff you just saved me I don't know how many mouse clicks, the script worked like a charm.
Slán
Gar

# BizTalk 2006 Server - Automatic Account and Group Creation 11/21/2006 1:41 AM Biztalking Cat

This is a great time saver, a script that will create the Active Directory Groups, Users, and
Assign...

# re: BizTalk 2006 Server - Automatic Account and Group Creation 11/21/2006 4:18 PM Mashuk Rahman

Thanks so much for doing this.

# re: BizTalk 2006 Server - Automatic Account and Group Creation 1/18/2007 4:15 AM Avinash Dewangan

Thanks very much for this script. You gave me a new year gift.
Again thanks.

# re: BizTalk 2006 Server - Automatic Account and Group Creation 1/20/2007 8:41 AM dcu.lcr

great stuff.

# re: BizTalk 2006 Server - Automatic Account and Group Creation 1/30/2007 10:55 PM Peter

Works a treat, thanks very much!

# re: BizTalk 2006 Server - Automatic Account and Group Creation 7/25/2007 2:58 PM free ringtones

Hello all

# re: BizTalk 2006 Server - Automatic Account and Group Creation 9/4/2007 11:36 AM Glenn Walker

Thanks, this worked very nicely.

# re: BizTalk 2006 Server - Automatic Account and Group Creation 2/3/2008 10:03 AM SteveC

Excellent, thanks for providing the script

Cheers,
Steve C.

# re: BizTalk 2006 Server - Automatic Account and Group Creation 2/28/2008 7:57 AM Dinkar More

Jiyo It help me a lot to reduce the time.

Thanks!!!

# re: BizTalk 2006 Server - Automatic Account and Group Creation 6/20/2008 3:25 AM Hector

Great script, since they are service accounts you may want to update the script to set account passwords not to expire (assuming the syntax is available and possible).

# re: BizTalk 2006 Server - Automatic Account and Group Creation 7/16/2008 9:26 AM Filip

Good job

# re: BizTalk 2006 Server - Automatic Account and Group Creation 1/2/2009 4:03 PM Dan Draper

Very nice work. I can't tell you how much it sucks to do this manually. I am very grateful.

# re: BizTalk 2006 Server - Automatic Account and Group Creation 2/10/2009 4:20 PM Josh

Thanks! I am new to this. Are the ONLY changes that need made in the "REM == CHANGE THESE VALUES TO REFLECT YOUR OWN ENVIRONMENT!!" part of the script?

---- change domain, password, and maybe take out lab dc?

Post Feedback

Title:
Name:
Email: (never displayed)
Url:
Comments:
Remember Me?

Neil Thompson

News

Article Categories

Archives

Post Categories

Fav BizTalk Blogs

Feedback

Post Feedback