Tutorial for Adding Users to a Group with VBScript
This page will show you how take one user and then add them to many groups. By adding another loop, we could
add many users, each to many groups.
I design my scripts for beginners. In addition, when I create my examples, I keep in mind those of
us who need a refresher on a particular command. For example .PutEx or For Each abc in xyz..... Next. My point is that I want to make my scripts as simple as possible, yet using real examples
that you can trial on your network.
Most of my group scripts concentrated on the group rather than the user. Therefore on this page I will redress the balance and tackle scripting groups from the user's point of view. Our mission
is to take one user and add them to multiple groups.
Pre-requisites
This script is designed to work in a domain. I have not tested it, but it should be possible to run on XP if you change LDAP:// to WinNT://, you
would also
need to make other adjustments for the workgroup rather than Active Directory.
Important: As a pre-requisite you need
to create a few User Accounts in the OU specified by strOU. You also need to create, in Active Directory, the Global groups specified in your text file (strFile). As I often say, for the sake of simplicity, each
script concentrates on two or three scripting commands. Therefore, if you want more features in your script, such as creating users, then bolt-on modules from other Ezines.
Instructions for adding multiple groups to one user
Check and then edit all the strXYZ variables, eg strOU, strFile
Copy and paste the example script below
into notepad or use a VBScript editor. E.g. OnScript.
Save the file with a .vbs extension, for example: MultiGrp.vbs
Double click
MultiGrp.vbs, then check strOU in Active Directory Users and Computers for the change in account membership.
' MultiGrp.vbs ' VBScript to create Groups ' AUTHOR: Guy Thomas ' COMPANY: Computer Performance ' Version 3.5 - May 2006 ' ----------------------------------------------------------'
Option Explicit Dim strOU, strGroup, strTextGroup, strUser, strFile Dim strDNSDomain, objRootDSE, objFSO, objTextFile, intCounter Dim objOU, objUser, objGroup
' strUser ("CN=Pete ,") must
exist in your OU. ' Set the Name of the OU which holds the user and groups ' NB introduce another variable if user and group are in different OUs strUser = "CN=Pete ," strOU = "OU=Security Groups ," strFile = "\\grand\scripts\pete.txt"
' Open the file For Reading
your Group Names Set objFSO =
CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile(strFile, ForReading)
' Here is the loop Do strTextGroup = objTextFile.ReadLine strGroup = "CN=" & strTextGroup & " ,"
' Bind to
Active Directory and get LDAP name Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Prepare the OU and the Group Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
' On Error Resume next ' Add user to Group with .PutEx (put
extended)
Set objGroup = GetObject
("LDAP://"& strGroup & strOU & strDNSDomain) objGroup.PutEx ADS_PROPERTY_APPEND, _ "member", Array(strUser & strOU & strDNSDomain) objGroup.SetInfo
intCounter = intCounter +1 WScript.Echo strUser
& " has " & intCounter & " new groups"
Loop Until objTextFile.AtEndOfLine = true objTextFile.Close
' End of add Groups VBScript
Learning Points
Note 1: Seek out the ' comments. Trace how the script is divided into sections.
Note 2: Just accept that this script requires two
CONST statements. One to open the text file for reading, and one to append users to your groups.
Note 3: The file which stores the plain group names (strFile) is stored on a UNC path, this makes it easier to run the script from several machines on your network.
Note
4: Observe how we create a
file system object to handle the text: Set objFSO = CreateObject("Scripting.FileSystemObject"). Alternatively we could have worked from a spreadsheet.
Note 5: This script employs a 'Do.... Loop until' construction. This cycles through the group names and adds them to one user called
"Pete". The next script does not require strUser and cycles through all the users in a named OU.
Note 6: In this script trace how 'ADS_PROPERTY_APPEND' adds the user to the
group. objGroup.SetInfo is like pressing the OK button in ADUC, (were you to try adding a group to a user manually).
Guy Recommends: SolarWinds' Free Bulk Mailbox Import Tool
Import users, complete with mailbox from a spreadsheet. Just provide a list of the
users with the fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your Exchange fields with AD's
attributes, click and import the users. Optionally, you can
provide the name of the OU where the new mailboxes will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
Bulk-import new users and mailboxes into Active Directory.
In most respects this script is superior to the first script. The reason being it does not rely upon you supplying the user's name via strUser, instead the script cycles through all the users
in a named OU and adds each to multiple groups which are stored in strFile. The only draw back is that you don't have direct control of which names get added to the groups. However, you
could overcome that limitation by adding filters by way of If statements.
Example 2: Employs a superior strategy for adding groups to a user:
Here is the key section:
For Each objUser In objOU
If objUser.Class = lcase("User") then objGroup.add(objUser.ADsPath) intCounter = intcounter +1 End If Next
' VBScript to add multiple Groups to multiple users ' AUTHOR: Guy Thomas ' COMPANY: Computer Performance ' Version 4.4 - May 2006 '
----------------------------------------------------------' Option Explicit Dim strOU, strGroup, strTextGroup, strUser, strFile Dim strDNSDomain, objFSO, objTextFile, intCounter Dim objOU, objUser,
objGroup, objRootDSE
Const ForReading = 1
' Set the Name of the OU which holds the user and groups ' NB introduce another variable if user and group in different OUs strOU = "OU=Security
Groups ," strFile = "\\grand\scripts\pete.txt"
' Open the file For Reading your Group Names Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile(strFile,
ForReading)
' Bind to Active Directory and get LDAP name
Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Prepare the OU and the Group Set objGroup =
GetObject("LDAP://"& strGroup & strOU & strDNSDomain) Set objOU =GetObject("LDAP://" & strOU & strDNSDomain) intCounter = 0
' On Error Resume next
' Sub routine which actually adds all users in the OU to the Groups For Each objUser In objOU If objUser.Class =
lcase("User") then objGroup.add(objUser.ADsPath) intCounter = intcounter +1
End If Next
WScript.Echo strGroup & " has " & intCounter & " new members"
Loop Until objTextFile.AtEndOfLine = true objTextFile.Close
' End of Global Group VBScript
Learning Points
Note 1: This script has two loops, an outer Do .... Loop until, and an inner For Each.... Next. The result is that it can cycle through both multiple
users (in Active Directory) and multiple Group names stored in strFile.
These two
examples place the user, rather than the group, at the focus of the script. What this means is that you can multiple groups to a single user. Example 2 extends this principle by employing two loops and thus enabling
multiple groups to be added to multiple users.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, SolarWinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
Download my eBook:
Introduction to VBScript - only $6.25
