The settings

The login ids are generated by a deterministic algorithm : prefix + first name's first character + name, truncated to the desired length. A numerical suffix can be appended if the name exists in the directory base.

Some string parameters may include the following macros:

%USERNAME% stands for the user's id
%USERGROUP% stands for the selected global group (for instance staff or pupils)
%GROUP% stands for the user's group (for instance Maths ou 2-1)
%PDC% %DC% %ADC% stands for Domain controller (NT,NTADSI,AD)

The settings parameter have the following signification :

System Refers to the mode of interaction with the operating system directory
  • NT  : via the system API
  • NT ADSI : via ADSI
  • Windows 2000 with extra data required by W2000 (UPN... )
  • Unix
  • Samba
  • LDAP
Path Refers to ADSI path of the user container. It can be one of two types, for instance:
  • WinNT://CHAMPOL for NT ADSI type
  • LDAP://server/CN=Users,DC=lyc-champollion-figeac,DC=ac-toulouse,DC=fr for Active Directory type.
  • or LDAP://CN=Users,DC=lyc-champollion-figeac,DC=ac-toulouse,DC=fr, the serverless mode, is accepted if DB2DIR runs on a W2000 host ( there is an automatic discovery capability).
Prefix In most cases, null. May tag ids with group membership prefix. Several accounts may also be generated  for the same user, with possibly different access rights, loginhours, ( for example bbou and _bbou ). Do not include spaces.
Id length 3 up to 20
Password length 4 up to 10. The password is a random string.
Comment prefix The comment appears in the directory.
Login hours Login hours restrictions.
Password never expires Advised
Id changes if exists Can avoid errors in case of duplicates. Duplicate id is automatically suffixed.
Remove accents Lors de la normalisation des noms de groupes, les accents sont supprimés.
Group character translation Builds a translation table when normalizing group names. Characters from the source string are replaced with characters form the destination string at the same location. The # character has a special meaning : il signifie supprimer le caractère.
Group mapping Translates group field to groupname hrough substitution
Profile The path can include %USERNAME%, %GROUPNAME%, %GROUP% and %(P/A)DC%. macros (NT only).
Script Session startup script. The path can include the %USERNAME%, %GROUPNAME%, %GROUP% and %(P/A)DC%. macros  so that the script can be customized.
Home folder Home folder path. The path may include  the %USERNAME%, %GROUPNAME%, %GROUP% and %(P/A)DC%. macros

Choose a UNC path : \\server\share\folder for instance %(P/A)DC%.\users\%GROUP%\%USERNAME%

If the home folder is to be created, make sure the following is true :

  • the share must have the proper security settings for the user to access it (%(P/A)DC%.\users)
  • the folder above the directory exists (%(P/A)DC%.\users\%GROUP%)
  • %USERNAME% is in the path
Profile folder Profile folder path. The path may include  the %USERNAME%, %GROUPNAME%, %GROUP% and %(P/A)DC%. macros

Choose a UNC path : \\server\share\folder for instance %(P/A)DC%.\users\%GROUP%\%USERNAME%

If the home folder is to be created, make sure the following is true :

  • the share must have the proper security settings for the user to access it (%(P/A)DC%.\users)
  • the folder above the directory exists (%(P/A)DC%.\users\%GROUP%)
  • %USERNAME% is in the path else this will result in attempts to create the same folder while enumerating users.
Create Subaction on home directory : it is created (or destroyed, as indicated in Actions).
Share Subaction on home folder : a network share is created (or destroyed, as indicated in Actions).
If this parameter is on, the user's home folder is created and it is shared as \\serveur\id where id represents the users id.
Fill/Flush Subaction on home folder :  it is filled (or flushed, as indicated in Actions).
Home drive Network drive that acts as a shortcut to the home folder.
Invisible share The share is not visible. The home folder is shared as \\server\id$ where id is the user's id. The share's permissions are those of the folder.
Security The home folder has security permissions applied to it.
Permissions utilisateur Whether the user can destroy the home folder or just modify it.
Administrator access Whether Administrator has access to home folders.
Other access What other group can access the home folders.
Owner If not blank, will change the owner of the folder (for use with Samba/Unix with no ACL to grant access rights)
Home folder structure Home folder sub structure. For example : profile, desktop, data, data\mail, data\homework.
Populating Points a a folder to be copied to the home folder ( with changed permissions ). You cancopy a standard profile with its user.dat and system.dat but also Desktop, Favorites, .... The path can include the USERNAME%,%GROUP%, %USERGROUP% or %(P/A)DC%. macros.
Groupe Main group. The %GROUP% refers to this value.
Groups Other groups. Use the %USERGROUP% macro to make the group name dependent on the GROUP field in the user's record.
Unix Export folder for /etc/passwd, /etc/shadow, /etc/group
Samba Export folder for (/etc/samba/smbpasswd)
Exchange 5.5 mail Exchange 5.5 parameters of the messenging system to interact with.
  • organization (LDAP o=...)
  • site (LDAP ou=...)
  • server
Exchange 2000 mail Domain name supports LDAP syntax. For example champo.ac-toulouse.fr will be indicated as DC=champo,DC=ac-toulouse,DC=fr
Domino mail Domino parameters of the messenging system to interact with.
  • organization (LDAP o=...)
  • site (LDAP ou=...)
  • server

User identification is the notes.ini file to use.
Certifier identification is cert.id file to use.

Mail id type Part of the SMTP address before @. For example bbou or Bernard.Bou or Bernard.Bou.2.
The format is a string with macros :
%f stands for first name
%l stands for name
%i stands for id
%s stands for id suffix ( in case of duplicates )
%g stands for the group
Mail domain Part of the SNMP address after @. For example ac-toulouse.fr.
Distribution list Include the mailbox in a distribution list. For example eleves@champo.ac-toulouse.fr or profs@champo.ac-toulouse.fr.
Other distribution lists Other lists. Use the %USERGROUP% macro to make the list name dependent on the GROUP field in the user's record.
Operator credentials If empty, db2dir uses the current credentials in the current domain.
Directory type 1=Exchange server 5.5 2=Exchange 2000 3=Domino