Guy's Scripting Ezine 113 - Adding users to Multiple Groups
Guy's Scripting Ezine 113 - Adding users to Multiple Groups
♣
When I create my VBScript examples, I keep in mind those of us who need a refresher on a particular
command. For example: .PutEx, or 'For Each abc In xyz... Next'. My point is that I want to make my scripts as simple as possible, yet using real examples that you can trial on your network.
If you are looking for handy network utilities, try some of the free downloads at
Tools4Ever
Most of my group scripts concentrate on the group rather than the user. However, on this page I will redress the balance and tackle scripting groups from the user's point of view. Our mission
is to select one Active Directory user and then add them to multiple groups. Pre-requisites This script is designed to work in a domain. I have not tested it, but it should be possible to run on
an XP machine if you change LDAP:// to WinNT://, you
would also
need to make other adjustments for the name of the workgroup rather than Active Directory domain. Important: As a pre-requisite you need
to create a few User Accounts in the OU specified by strOU. You also need to create in Active Directory, the Global groups specified in your text file (strFile). As I often say, for the sake of
brevity, each
script concentrates on two or three scripting commands. Therefore, if you need more features in your script, such as creating users, then bolt-on modules from other Ezines.
Instructions for adding multiple groups to one user
Check and then edit all the strXYZ variables, eg strOU, strFile Copy and paste the example script below
into notepad or use a VBScript editor. E.g. OnScript. Save the file with a .vbs extension, for example: MultiGrp.vbs Double click
MultiGrp.vbs, then check strOU in Active Directory Users and Computers for the change in account membership.
' MultiGrp.vbs
' VBScript to create Groups
' AUTHOR: Guy Thomas
' COMPANY: Computer Performance
' Version 3.5 - May 2006
' ----------------------------------------------------------'
Option Explicit
Dim strOU, strGroup, strTextGroup, strUser, strFile
Dim strDNSDomain, objRootDSE, objFSO, objTextFile, intCounter
Dim objOU, objUser, objGroup
Const ForReading = 1
Const
ADS_PROPERTY_APPEND = 3
intCounter = 0
' strUser ("CN=Pete ,") must
exist in your OU.
' Set the Name of the OU which holds the user and groups
' NB introduce another variable if user and group are in different OUs
strUser = "CN=Pete ,"
strOU = "OU=Security Groups ,"
strFile = "\\grand\scripts\pete.txt"
' Open the file For Reading
your Group Names
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strFile, ForReading)
' Here is the loop
Do
strTextGroup = objTextFile.ReadLine
strGroup = "CN=" & strTextGroup & " ,"
' Bind to
Active Directory and get LDAP name
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Prepare the OU and the Group
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
' On Error Resume next
' Add user to Group with .PutEx (put
extended)
Set objGroup = GetObject
("LDAP://"& strGroup & strOU & strDNSDomain)
objGroup.PutEx ADS_PROPERTY_APPEND, _
"member", Array(strUser & strOU & strDNSDomain)
objGroup.SetInfo
intCounter = intCounter +1
WScript.Echo strUser
& " has " & intCounter & " new groups"
Loop Until objTextFile.AtEndOfLine = true
objTextFile.Close
' End of add Groups VBScript
Learning PointsNote 1: Seek out my ' comments. Also, trace how the script is divided into sections. Note 2: Just accept that this script requires two
CONST statements. One to open the text file for reading, and one to append users to your groups. Note 3: The file which stores the plain group names (strFile) is reference by a UNC path, this makes it easier to run the script from several machines on your network.
Naturally, you could change strFile to a local drive letter and folder e.g. C:\logs. Note
4: Observe how we create a
file system object to handle the text:
Set objFSO = CreateObject("Scripting.FileSystemObject"). Alternatively we could have worked from a spreadsheet. Note 5: This script employs a 'Do.... Loop until' construction. This cycles through the group names and adds them to one user called
"Pete". (Example 2 improves on this limitation and cycles through all the users in a named OU). Note 6: In this script trace how 'ADS_PROPERTY_APPEND' adds the user to the
group. objGroup.SetInfo is like pressing the OK button in ADUC, (were you to try adding a group to a user manually).
Guy Recommends: Solarwinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click and import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
- Bulk-import new users into Active Directory.
- Seek and zap unwanted user accounts.
- Find inactive computers.
Download your FREE bulk import tool.
In most respects this script is superior to the first script. The reason being it does not rely upon you supplying the user's name via strUser, instead the script cycles through all the users
in a named OU. With each iteration it adds each user to multiple groups which are stored in strFile. The only draw back is that you don't have direct control of which names get added to the groups. However, you
could overcome that limitation by adding filters by way of If statements. Example 2: Employs a superior strategy for adding groups to a user: Here is the key section: For Each objUser In objOU
If objUser.Class = lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next
'
' VBScript to add multiple Groups to multiple users
' AUTHOR: Guy Thomas
' COMPANY: Computer Performance
' Version 4.4 - May 2006
'
----------------------------------------------------------'
Option Explicit
Dim strOU, strGroup, strTextGroup, strUser, strFile
Dim strDNSDomain, objFSO, objTextFile, intCounter
Dim objOU, objUser,
objGroup, objRootDSE
Const ForReading = 1
' Set the Name of the OU which holds the user and groups
' NB introduce another variable if user and group in different OUs
strOU = "OU=Security
Groups ,"
strFile = "\\grand\scripts\pete.txt"
' Open the file For Reading your Group Names
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strFile,
ForReading)
Do
strTextGroup = objTextFile.ReadLine
strGroup = "CN=" & strTextGroup & " ,"
' Bind to Active Directory and get LDAP name
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Prepare the OU and the Group
Set objGroup =
GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)
intCounter = 0
' On Error Resume next
' Sub routine which actually adds all users in the OU to the Groups
For Each objUser In objOU
If objUser.Class =
lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next
WScript.Echo strGroup & " has " & intCounter & " new members"
Loop Until objTextFile.AtEndOfLine = true
objTextFile.Close
' End of Global Group VBScript
Learning PointsNote 1: This script has two loops, an outer Do .... Loop until, and an inner For Each.... Next. The result is that it can cycle through both multiple
users (in Active Directory) and multiple Group names stored in strFile.
These two
examples place the user, rather than the group, at the focus of the script. What this means is that you can multiple groups to a single user. Example 2 extends this principle by employing two loops and thus enabling
multiple groups to be added to multiple users.
See More Active Directory Group VBScripts
• User Spreadsheet • Add Users to Groups • Create
Users • Free
Permissions Monitor
• Ezine 57 Groups •
Ezine 58 Groups •
Ezine 73 primaryID • Ezine 112
Local Groups
•
Ezine 113 Multiple Groups • Ezine 115 Map Groups •
Ezine 138 Groups Join • Ezines
| 
