I'm working on an automated procedure to implement a security model on a server, like doing user to group assignments, user creation, file system rights, things like that.
There's one thing I can't get done: assigning groups to other groups. I keep getting error 'A new member could not be added to a local group because the member has the wrong account type.'
Here's the code I use:
Sub doAddGroupsToGroup(strDomain, strParentGroup, strNestedGroup)
Set objDomain = GetObject("WinNT://" & strDomain)
Set objParentGroup = GetObject("WinNT://" & strDomain & "/" & strParentGroup & ",group")
Set objNestedGroup = GetObject("WinNT://" & strDomain & "/" & strNestedGroup & ",group")
doLog 4, "Adding group '" & objNestedGroup.Name & "' to group '" & objParentGroup.Name & "'..."
' most-common error trapping
If (Hex(Err.Number) = 80070562) Then ' user already resides in that group
doLog 4, "Group '" & objNestedGroup.Name & "' already resides in group '" & objParentGroup.Name & "'."
doLog 0, "Group '" & objNestedGroup.Name & "' was added to group '" & objParentGroup.Name & "' successfully."
Set objGroup = Nothing
Set objDomain = Nothing
- the doLog subroutine is a routine that basically does nothing but echo to the console log and log the same thing to a log file.
- I know the error handling is NOT what it should be right now, I'll get to that later...
Thanks for any help! Regards,