Populating users in Active Directory using Perl with OLE

Occasionally, I’ve had the need to populate sample users into an Active Directory for projects.  There are, no doubt, other ways to do this that are simpler/more direct.  For example, it’s likely incredibly easy using PowerShell (but I have never been a PowerShell person) and even in the Perl world, there are Perl modules to interact with LDAP.  So using OLE may not seem like the ideal way, and that’s probably right, but OLE comes with virtually every Windows Perl distribution I’ve seen (as opposed to LDAP) and it isn’t terribly difficult.  In general, I haven’t seen too many examples of using OLE to access this type of data on Windows systems, so I wanted to write a brief post about how it can be used for those that stumble upon it.  It’s also nice that, by virtue of running through OLE, you don’t need anything special for authentication here, as that will be automatically inherited by your active running user.

First things first

In this example, I’ll assume you’ve at least got an Active Directory set up and that it’s generally fairly vanilla.  We need to import the Win32::OLE bits into our script, which is relatively straightforward

Next, we need to know a bit about the Active Directory that’s been set up.  If you don’t know the structure of it, you can use a variety of tools including the open source LDAP Explorer or Microsoft’s Sysinternals Active Directory Explorer.  You’ll need:

  • The domain to put things in, in LDAP format
  • The base path to put the new users/groups in
  • To be a user that has access to create users (and groups, if you’re looking to do so) at the given base path
  • To create or use some format of e-mail addresses for the new users
  • An LDAP URL to access the system

So in this example, we’ll assume I’ll be putting users into customdomain.sfdemo.mysite.com (LDAP format of “DC=customsubdomain,DC=sfdemo,DC=mysite,DC=com”) and giving them an e-mail address of “firstname.lastname@mysite.com”.  The base path will be “OU=UserGroup,OU=DemoUsers,DC=customsubdomain,DC=sfdemo,DC=mysite,DC=com”

So let’s go define these in Perl

Once we have this all defined, we can go grab the OU object and use it later

Simple example: Creating a security group

So to start out with, we’ll do something pretty easy: adding a security group.  Let’s say we want to call this group “LegalUsers”.  At its simplest, adding the group is just

  1. Creating the group
  2. Assigning an the “sAMAccountName” property to it for Active Directory
  3. Updating (saving) the object:

More complex: Adding a user

The only thing that makes adding users more complex is that there are more fields to add.  We need to add the name and set the path of the user in AD and add an e-mail, but may also want to give them a default password, change their account expiration properties, assign them to groups, etc.  Let’s walk through an example of this…

Tying it all together

For creating demo users, I’d often simply create a flat file with usernames in it and read through them.  You can also add managers, cities, and addresses for a more “real-looking” scenario.


Leave a Reply

Your email address will not be published. Required fields are marked *