====== Creating Users ======

===== 1.  Add users from CMD line =====

There is a requirement to create user accounts for Diamond/Emerald on dmcsp.unix.brm.pri which can be done from the command line to save time.

The example below adds a user called tmpuser, with the ability to change their password:-

  mkuser shell=/usr/bin/passwd gecos="Temp User" tmpuser

Then set the users password to the same as the username with:-

  passwd tmpuser

If you dont want the user to change their password on first login (if they are logging in via documentum, they cant change it themselves), then clear the ADMCHG flag with the pwdadm command.

  pwdadm -c tmpuser


===== 2.  Add large amounts of users in one go (test001 - test500) =====

If you have a large amount of users to create (for example "test001" to "test500") then you can do a little script to loop through the alpha part of the username and increment it, like below

  #!/usr/bin/bash
  for i in {1..500}; do
  mkuser shell=/usr/bin/passwd test$prefix$(printf %03d $i)
  done

Once this is done, you'll need to set the password for them (in this case 'password'), the command below does a similar loop to the above, but pipes the output to xargs, which creates a username:password string like "test001:password" which is then redirected to a file.

  printf "%03d\n" {1..500} |xargs -i% echo "test%:password" > chpasswd.file

then just run chpasswd using the file as input.

  cat chpasswd.file | chpasswd

As these passwords are set by root and not the user, they have a flag set so that they are forced to change the password, for documentum accounts this is not desirable, so run the following script to clear the flag.

  #!/usr/bin/bash
  for i in {1..500}; do
  pwdadm -c test$prefix$(printf %03d $i)
  done


===== 3.  Creating Large Volume of Users (Unique Names) =====

This is particular relevant to Document Management Team & Documentum.  They currently have user accounts created in uppercase characters for a roll out of EIM.  Gareth has created some scripts on **docprcs.unix.brm.pri**, in /home/support/mkusers.


==== 3.1  Creating The Files Used By The Scripts ====

Sample of EIMUsers spreadsheet;

^BCC Login  ^First Name  ^Surname  ^Go Live Date^
|SOCBJEWD	|JUNE 	        |WOOD	       |10/06/2010|
|SOCFJEOR	|JACKIE 	|OLIVIER       |10/06/2010|
|SOCASETY	|SARAH-JAYNE 	|THACKER       |10/06/2010|
|SOCATABN	|TANYA 	        |BOWEN	       |10/06/2010|

**Login to docprcs.unix.brm.pri, via putty and cd to /home/support/mkusers**

  cd /home/support/mkusers

Copy the BCC Login, First Name & Surname columns from the spreadsheet and paste into a file such as 20100615-all or yardley-all (using vi).  Re-arrange in Excel (move/insert columns) if they are not in the correct order.


==== 3.2 Running the Script ====

You are now ready to run the script.  You need to pass 3 parameters to the script;

  ./createusers.sh 20100615-all LetMeIn007 20100615b

Where **20100615-all** is user names to be processed, and **LetMeIn007** is the password to be set, and the third parameter is normally the 'go live date', **for this batch**.  The **20100615b** in this example means that there were 2 batches with the same date.  This will create a copy of the chpasswd.file with this date on the end.  This can be used to reset the password for the whole of this batch if required.

For security reasons, please pick your own password for each roll-out, (not limited to 8 characters)

If there are duplicate BCC Login IDs, you will see something similiar to this;

  3004-689 User "BCCADOJY" exists.
  3004-689 User "SOCASEAR" exists.
  3004-689 User "SOCAJSRS" exists.
  3004-689 User "SOCAJEWS" exists

Or an error such as;
  Creating user accounts from ldusers-all with password of xxxxxxxx
  3004-694 Error adding "BCCBCEDSN" : Name is too long.
  Setting passwords ..............
  3004-687 User "BCCBCEDSN" does not exist.
  Done!!!!

  * Email info on duplicates or other errors to **BOTH** Ravi Sibal (SBham) & EDMS Support

  * Email details of the password **ONLY** to Ravi Sibal (SBham) and nick.fawson@capita.co.uk


==== 3.3 Resetting the passwords for a Batch Previously Created ====

Let's assume that a batch of users created on 17/05/2010 didn't atually 'go live' as there was some mix up.  They will be going live on 17/06/2010.  For security reasons, the policy on this server has been set, as follows;

  * A password is valid for 4 weeks
  * 2 weeks after maxage when user can still change password
  * other users cannot switch to this account
  * 10 days before a forced password change warning is given
  * 3 invalid login attempts before locked out
  * 26 weeks you can't reuse a password
  * The last 12 previous passwords cannot be reused
  * minimum alphabetic characters = 2
  * minimum non alphabetic characters = 3
  * minimum length = 8
  * maximum time a character can appear in a password = 3

Based on this policy, users will only have 2 more weeks (grace period) remaining to login before their accounts are locked.  So we want to change all the passwords for this batch of users.  The chpasswd.file.20100517 has a list of users & passwords stored for that batch of users.

Assuming previously that the password was set to LetMeIn1705, the command below performs a search & replace toreplace each occurance with H0n3yBee1706, and outputs this file to chpasswd.file.100610.pwchange

  sed "s/LetMeIn1705/H0n3yBee1706/g" chpasswd.file.20100517 > chpasswd.file.20100617.pwchange

Then issue this command to actually change the password;

  cat chpasswd.file.20100617.pwchange |chpasswd