Tutorial for Adding Users to a Group with VBScript
This page will show you how take one user and then add them to many groups. By adding another loop, we could add many users, each to many groups.
I design my scripts for beginners. In addition, when I create my examples, I keep in mind those of us who need a refresher on a particular command. For example .PutEx or For Each abc in xyz….. Next. My point is that I want to make my scripts as simple as possible, yet using real examples that you can trial on your network.
Topics for Adding Users to a Group with VBScript
- Our Goal and Mission
- Example 1: To add multiple groups to one User
- Example 2: Adding multiple groups to multiple users
- Active Directory Permissions Analyzer
- Summary of Adding users to Multiple Groups
♣
Our Goal and Mission
Most of my group scripts concentrated on the group rather than the user. Therefore on this page I will redress the balance and tackle scripting groups from the user’s point of view. Our mission is to take one user and add them to multiple groups.
Pre-requisites
This script is designed to work in a domain. I have not tested it, but it should be possible to run on XP if you change LDAP:// to WinNT://, you would also need to make other adjustments for the workgroup rather than Active Directory.
Important: As a pre-requisite you need to create a few User Accounts in the OU specified by strOU. You also need to create, in Active Directory, the Global groups specified in your text file (strFile). As I often say, for the sake of simplicity, each script concentrates on two or three scripting commands. Therefore, if you want more features in your script, such as creating users, then bolt-on modules from other Ezines.
Example 1: To add multiple groups to one User
Instructions for adding multiple groups to one user
Check and then edit all the strXYZ variables, eg strOU, strFile
Copy and paste the example script below into notepad or use a VBScript editor. E.g. OnScript.
Save the file with a .vbs extension, for example: MultiGrp.vbs
Double click MultiGrp.vbs, then check strOU in Active Directory Users and Computers for the change in account membership.
‘ MultiGrp.vbs
‘ VBScript to create Groups
‘ AUTHOR: Guy Thomas
‘ COMPANY: Computer Performance
‘ Version 3.5 – May 2006
‘ ———————————————————-‘
Option Explicit
Dim strOU, strGroup, strTextGroup, strUser, strFile
Dim strDNSDomain, objRootDSE, objFSO, objTextFile, intCounter
Dim objOU, objUser, objGroup
Const ForReading = 1
Const ADS_PROPERTY_APPEND = 3
intCounter = 0
‘ strUser ("CN=Pete ,") must exist in your OU.
‘ Set the Name of the OU which holds the user and groups
‘ NB introduce another variable if user and group are in different OUs
strUser = "CN=Pete ,"
strOU = "OU=Security Groups ,"
strFile = "\\grand\scripts\pete.txt"
‘ Open the file For Reading your Group Names
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strFile, ForReading)
‘ Here is the loop
Do
strTextGroup = objTextFile.ReadLine
strGroup = "CN=" & strTextGroup & " ,"
‘ Bind to Active Directory and get LDAP name
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
‘ Prepare the OU and the Group
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)
Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
‘ On Error Resume next
‘ Add user to Group with .PutEx (put extended)
Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
objGroup.PutEx ADS_PROPERTY_APPEND, _
"member", Array(strUser & strOU & strDNSDomain)
objGroup.SetInfo
intCounter = intCounter +1
WScript.Echo strUser & " has " & intCounter & " new groups"
Loop Until objTextFile.AtEndOfLine = true
objTextFile.Close
‘ End of add Groups VBScript
Learning Points
Note 1: Seek out the ‘ comments. Trace how the script is divided into sections.
Note 2: Just accept that this script requires two CONST statements. One to open the text file for reading, and one to append users to your groups.
Note 3: The file which stores the plain group names (strFile) is stored on a UNC path, this makes it easier to run the script from several machines on your network.
Note 4: Observe how we create a file system object to handle the text:
Set objFSO = CreateObject("Scripting.FileSystemObject"). Alternatively we could have worked from a spreadsheet.
Note 5: This script employs a ‘Do…. Loop until’ construction. This cycles through the group names and adds them to one user called "Pete". The next script does not require strUser and cycles through all the users in a named OU.
Note 6: In this script trace how ‘ADS_PROPERTY_APPEND’ adds the user to the group. objGroup.SetInfo is like pressing the OK button in ADUC, (were you to try adding a group to a user manually).
Guy Recommends: SolarWinds’ Free Bulk Mailbox Import Tool
Import users from a spreadsheet, complete with their mailbox. Just provide a list of the users with the fields in the top row, and save as .csv file. Then launch this FREE utility, match your Exchange fields with AD’s attributes, click and import the users. Optionally, you can provide the name of the OU where the new mailboxes will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
- Bulk-import new users and mailboxes into Active Directory.
- Seek and zap unwanted user accounts.
- Find inactive computers.
Download your FREE bulk mailbox import tool.
Example 2: Adding multiple groups to multiple users.
In most respects this script is superior to the first script. The reason being it does not rely upon you supplying the user’s name via strUser, instead the script cycles through all the users in a named OU and adds each to multiple groups which are stored in strFile. The only draw back is that you don’t have direct control of which names get added to the groups. However, you could overcome that limitation by adding filters by way of If statements.
Example 2: Employs a superior strategy for adding groups to a user:
Here is the key section:
For Each objUser In objOU
If objUser.Class = lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next
‘ VBScript to add multiple Groups to multiple users
‘ AUTHOR: Guy Thomas
‘ COMPANY: Computer Performance
‘ Version 4.4 – May 2006
‘ ———————————————————-‘
Option Explicit
Dim strOU, strGroup, strTextGroup, strUser, strFile
Dim strDNSDomain, objFSO, objTextFile, intCounter
Dim objOU, objUser, objGroup, objRootDSE
Const ForReading = 1
‘ Set the Name of the OU which holds the user and groups
‘ NB introduce another variable if user and group in different OUs
strOU = "OU=Security Groups ,"
strFile = "\\grand\scripts\pete.txt"
‘ Open the file For Reading your Group Names
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strFile, ForReading)
Do
strTextGroup = objTextFile.ReadLine
strGroup = "CN=" & strTextGroup & " ,"
‘ Bind to Active Directory and get LDAP name
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
‘ Prepare the OU and the Group
Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)
intCounter = 0
‘ On Error Resume next
‘ Sub routine which actually adds all users in the OU to the Groups
For Each objUser In objOU
If objUser.Class = lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next
WScript.Echo strGroup & " has " & intCounter & " new members"
Loop Until objTextFile.AtEndOfLine = true
objTextFile.Close
‘ End of Global Group VBScript
Learning Points
Note 1: This script has two loops, an outer Do …. Loop until, and an inner For Each…. Next. The result is that it can cycle through both multiple users (in Active Directory) and multiple Group names stored in strFile.
Summary of Adding users to Multiple Groups
These two examples place the user, rather than the group, at the focus of the script. What this means is that you can multiple groups to a single user. Example 2 extends this principle by employing two loops and thus enabling multiple groups to be added to multiple users.
See Also
• Enumerate Groups a User is a MemberOf • Enumerate a Group to Display its members
25+ scripts to get you started with VBScript. Topics include Active Directory, Network, WMI, File System Object and the Registry. In addition to the ebook, you get a PDF and a Word version of Introduction to VBScript.
|
Download my eBook: Introduction to VBScript – only $6.25