At BHS each student has their own account which they can logon with to access a personal home directory and other network services.  Once it was decided that I was going to have to create 1200+ accounts all at once I did some heavy research and this page is a summary of what can be done to make the Network Administration Life much easier.

Requirements:

• Windows 2000 Resource Kit

  • http://microsoft.com/windows2000/techinfo/reskit/default.asp 

• Excel (This makes everything much easier)

The Steps...

First
First you need to generate a text based list of the accounts that you are going to need.  I did an ASCII export of all students at the school into a Comma Delimited file(.CSV). In the following format. If you can have this export sorted by Last name then it would be best.

"Firstname",LastName",Year of Graduation","Student ID"
"Joe","Student","2007","555555"

Note: I use the YOG as a group indicator and so I can add it to the accounts description.  This allows easy maintenance in the future.  You can just sort by Description, Select all that have 2007 and delete them after they graduate( More on this later).  Student ID is not necessary, but is a good thing to use as an initial password.

To make this easier to manage I did an export for each YOG into 4 separate CSV files.

Second
Open the Export File in excel.  I created a directory right on the C: drive called Util to store my script files. When you open the file in Excel make sure you change to this...

When you open you file it will ask you some questions.

Delimited is fine in this case, press next.

On this screen you want to make sure that you choose comma as your delimiter and that there are lines in between each item.  if your export has other delimiters then check them off here.

I would change all of these to text.  Especially the ID field.  If their are any Zeroes then at the beginning then they would disappear. Click finish and then we will edit the excel file.

Editing the Spreadsheet

1. Sort By Last name.  Make sure you are sorted by last name. Why?
This first part is not necessary but I do this for a reason.  I have my home directories set in the following directory tree order...

Each Class is in its own Year Each Class has folders a-z Each home directory is located based on the first letter of the last name. I have created a class folder Template that I just copy, paste and rename each year. NTFS Permissions are: read only for students full for Admins When a class graduates I simply highlight that folder and press delete.

If your export file was already sorted by last name skip ahead, otherwise you need to move the Last name column to the far left of the spreadsheet.  Just right-click on this column and choose cut, then right click again on the leftmost column and choose .  Once this is done then select the left topmost cell and then click on the blank gray square () that is above and left of .  This will select everything and allow you to sort the whole spreadsheet based on column A (The last name)

Now you need to do some busy work and put the correct letter in the E column.  Note after putting a few in and say you have a lot of the same just select a few cells and grab the in the bottom right hand corner.  This will duplicate what you have selected as far as you drag it.

Then you need to right click on the A column and choose Insert.  This will push everything over and create a blank column A.  Type call daytimestudentuser.cmd in the first cell and do the drag thing to replicate it to the bottom of your list.

Now you should check the list for any strangeness.  Did any students have spaces or Jr. , etc in their names that would have thrown off that student record?  After save the file as a TAB delimited file.

When excel yells at you about this just press Yes

Preparing The Text File

Go to the c:\util folder (or wherever you saved it) and rename the file to have a .cmd extension instead of .txt.  Right Click on the file and choose Edit. Add @echo off as the top line and pause as the bottom line.

My small example would look something like this...

@echo off call daytimestudentuser.cmd Student Joe 2007 555555 s pause

The daytimestudentuser.cmd file

This is the Windows NT command script that will do all the work.  The file with the student information in it provides the information.

Each line in the student info file is structured like so...

Call the script	LastName	First	YOG	ID	LastInitial
call daytimestudentuser.cmd	Student	Joe	2007	555555	s

Each piece of info equates to...

Last Name = %1
First Name = %2
YOG = %3
etc...

So all we have to do is define where these variables will go.  Here is the script...

---

---------------------------------------------------------------

@Echo OFF
Rem Bulk User Creation Script
rem by Craig Szymanski
rem Berlin Public Schools, 2002
rem Please note that there is no warranty for this free software
rem Users of this script please not that this program is distributed 
rem under GNU GENERAL PUBLIC LICENSE
rem found at http://www.gnu.org/copyleft/gpl.html

Echo Creating user
rem creates user and makes password the student ID
net user %2.%1 %4 /add
rem adds full name, scriptpath and comment that includes "Class of <grad year>"
net user %2.%1 /fullname:"%2 %1" /scriptpath:Kix32 /comment:"Class of %3"

Echo Creating Home Directory
rem map a drive to remote student share first. I used h:
rem change this to reflect you environment
md h:\%3\%4\%2.%1 > NUL

echo Assigning Permissions for %2.%1
rem remove any possible existing....
cacls "h:\%3\%4\%2.%1" /e /r "CREATOR OWNER"
cacls "h:\%3\%4\%2.%1" /e /r student
cacls "h:\%3\%4\%2.%1" /e /r students
cacls "h:\%3\%4\%2.%1" /e /r everyone

rem admin and System access
Xcacls "H:\%3\%4\%2.%1" /c /e /g system:f 
Xcacls "H:\%3\%4\%2.%1" /c /e /g administrators:f 
rem lab teacher read access to student folders
rem this is optional
Xcacls "H:\%3\%4\%2.%1" /c /e /g labteacher:r 
rem add user and other permissions
rem I change this so that students can not run any executables from their 
rem home directories.
cacls "H:\%3\%4\%2.%1" /t /e /r "%2.%1"
rem allow the user to change
Xcacls "H:\%3\%4\%2.%1" /y /t /E /g %2.%1:ewd;ewd


echo setting home directory...
rem change server name and Share name to your own. I used Students
net user %2.%1 /homedir:"\\FileServerName\students\%3\%4\%2.%1"

echo adding user to appropriate groups...
rem this only works on the pdc
net group students %2.%1 /add
rem add the user to a global group which has the same name as their YOG
rem Create this before running the script.
net group %3 %2.%1 /add

echo making password expire...
rem use cusrmgr.exe (windows 2000 resource kit)
rem change paths to reflect your environment
rem \\YourDomainController should be the same as the one you 
rem are running this script on.
c:\util\cusrmgr.exe -u %2.%1 +s MustChangePassword -m \\YourDomainController  -H U: -h \\FileServerName\students\%3\%4\%2.%1

echo user creation complete for %2 %1 

---------------------------------------------------------------

Download the Text version here.

I would do a test run first.  Make up a maybe 5 test accounts with  various years and names. 

Example Test File...

@echo off

call daytimestudentuser.cmd Student1 Joe 2006 555555 s
call daytimestudentuser.cmd Student2 Joe 2007 555555 s
call daytimestudentuser.cmd Student3 Joe 2004 555555 s
call daytimestudentuser.cmd Student4 Joe 2007 555555 s
call daytimestudentuser.cmd Student5 Joe 2007 555555 s

pause

Now to test this all you have to do is double-click and run the .cmd file that has the Student information.  In this case it would be 2007.cmd.  Make sure that all of these are in the same directory.