Guy’s Scripting Ezine 113 – Adding users to Multiple Groups

Guy’s Scripting Ezine 113 – Adding users to Multiple Groups

• This Week’s Secret
• This Week’s Mission
• Example 1: To add multiple groups to one user
• Example 2: Adding multiple groups to multiple users
• Summary Adding users to Multiple Groups

 ♣

This Week’s Secret

When I create my VBScript examples, I keep in mind those of us who need a refresher on a particular command.  For example: .PutEx, or ‘For Each abc In xyz… Next’.  My point is that I want to make my scripts as simple as possible, yet using real examples that you can trial on your network.

This Week’s Mission Adding Users to Multiple Groups

Most of my group scripts concentrate on the group rather than the user. However, on this page I will redress the balance and tackle scripting groups from the user’s point of view.  Our mission is to select one Active Directory user and then add them to multiple groups.

Pre-requisites

This script is designed to work in a domain.  I have not tested it, but it should be possible to run on an XP machine if you change LDAP:// to WinNT://, you would also need to make other adjustments for the name of the workgroup rather than Active Directory domain.

Important: As a pre-requisite you need to create a few User Accounts in the OU specified by strOU.  You also need to create in Active Directory, the Global groups specified in your text file (strFile).  As I often say, for the sake of brevity, each script concentrates on two or three scripting commands.  Therefore, if you need more features in your script, such as creating users, then bolt-on modules from other Ezines.

Example 1: To add multiple groups to one user

Instructions for adding multiple groups to one user

1. Check and then edit all the strXYZ variables, eg strOU, strFile

2. Copy and paste the example script below into notepad or use a VBScript editor. E.g. OnScript.

3. Save the file with a .vbs extension, for example: MultiGrp.vbs 

4. Double click MultiGrp.vbs, then check strOU in Active Directory Users and Computers for the change in account membership.

Learning Points

Note 1:  Seek out my ‘ comments.  Also, trace how the script is divided into sections.

Note 2:  Just accept that this script requires two CONST statements.  One to open the text file for reading, and one to append users to your groups.

Note 3: The file which stores the plain group names (strFile) is reference by a UNC path, this makes it easier to run the script from several machines on your network.  Naturally, you could change strFile to a local drive letter and folder e.g. C:\logs.

Note 4:  Observe how we create a file system object to handle the text:
Set objFSO = CreateObject("Scripting.FileSystemObject").  Alternatively we could have worked from a spreadsheet.

Note 5:  This script employs a ‘Do…. Loop until’ construction.  This cycles through the group names and adds them to one user called "Pete".  (Example 2 improves on this limitation and cycles through all the users in a named OU).

Note 6:  In this script trace how ‘ADS_PROPERTY_APPEND’ adds the user to the group.  objGroup.SetInfo is like pressing the OK button in ADUC, (were you to try adding a group to a user manually).

Guy Recommends:  SolarWinds’ Free Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)

Example 2: Adding multiple groups to multiple users.

In most respects this script is superior to the first script.  The reason being it does not rely upon you supplying the user’s name via strUser, instead the script cycles through all the users in a named OU.  With each iteration it adds each user to multiple groups which are stored in strFile.  The only draw back is that you don’t have direct control of which names get added to the groups.  However, you could overcome that limitation by adding filters by way of If statements.

Example 2: Employs a superior strategy for adding groups to a user:

Here is the key section:

For Each objUser In objOU
   If objUser.Class = lcase("User") then
   objGroup.add(objUser.ADsPath)
   intCounter = intcounter +1
   End If
Next

Learning Points

Note 1:  This script has two loops, an outer Do …. Loop until, and an inner For Each…. Next.  The result is that it can cycle through both multiple users (in Active Directory) and multiple Group names stored in strFile.

Guy Recommends: Tools4ever’s UMRA

Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.

It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.

Summary of Adding Users to Multiple Groups

These two examples place the user, rather than the group, at the focus of the script.  What this means is that you can multiple groups to a single user.  Example 2 extends this principle by employing two loops and thus enabling multiple groups to be added to multiple users.

See More Active Directory Group VBScripts

• User Spreadsheet  • Add User to Group  • Create User  • Free Solarwinds Permissions Monitor

• Ezine 57 Groups  •Ezine 58 Groups  • Ezine 73 primaryID  • Ezine 112 Local Groups

• Ezine 113 Multiple Groups  • Ezine 115 Map Groups  •Ezine 138 Groups Join  • Ezines