?
Solved

VB Script to make a group a member in AD

Posted on 2005-03-23
9
Medium Priority
?
409 Views
Last Modified: 2010-05-02
I am currently using a script to create a large number of OUs inside of a domain.  Then the script creates 3 new domain global groups inside each OU.  Can anyone tell me what I need to add to this script in order to make these Domain Global Groups members of a domain local group in the Users folder under the domain.

An example of one of my OUs would be the OU name NOVA.  NOVA would have three groups a NOVAMaintManagers group which needs to be a member of the domain local group MaintManagers in the domain.  A NOVAPower Users group which needs to be a memeber of Power Users.  A NOVAUsers group which needs to be a member of Users.

Here is a copy of my current code:

Dim oFSO, oTS, oADRoot, oADDomain, oADOU, oADGroup, szLine, a_szSuffixes, szSuffix

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.OpenTextFile("c:\ScriptOU\test.txt", 1)
Set oADRoot = GetObject("LDAP://rootDSE")
Set oADDomain = GetObject("LDAP://" & oADRoot.Get("defaultNamingContext"))

a_szSuffixes = Array("Users", "MaintManagers", "PowerUsers")

Do Until oTS.AtEndOfStream

   szLine = Trim(oTS.ReadLine)

   Set oADOU = oADDomain.Create("organizationalUnit","ou="& szLine)
      oADOU.Put "Description", szLine
      oADOU.SetInfo

   For Each szSuffix In a_szSuffixes
      Set oADGroup = oADOU.Create("Group", "cn=" & szLine & szSuffix)
          oADGroup.Put "sAMAccountName", szLine & szSuffix & "_AM"
          oADGroup.Put "Description", szLine & szSuffix
          oADGroup.SetInfo
   Next

Loop

oTS.Close

Set oFSO = Nothing
Set oTS = Nothing
Set oADGroup = Nothing
Set oADOU = Nothing
Set oADRoot = Nothing
Set oADDomain = Nothing
0
Comment
Question by:whiting002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 16

Accepted Solution

by:
jimbobmcgee earned 2000 total points
ID: 13612249
Try changing the array declarations from this

       a_szSuffixes = Array("Users", "MaintManagers", "PowerUsers")

to

       a_szSuffixes = Array("Users", "MaintManagers", "PowerUsers")  
       a_szParentGroups = Array("Users", "MaintManagers", "Power Users")

Then, instead of the For/Next we originally set up, change to

       For n = LBound(a_szSuffixes) To UBound(a_szSuffixes)
 
           szSuffix = a_szSuffixes(n)
           szParentGroup = "cn=" & a_szParentGroups(n) & ",ou=MyParentGroupOU,dc=MyDomain,dc=com"

           Set oParentGroup = GetObject("LDAP://" & strParentGroup)
           Set oADGroup = oADOU.Create("Group", "cn=" & szLine & szSuffix)

           oADGroup.Put "sAMAccountName", szLine & szSuffix & "_AM"
           oADGroup.Put "Description", szLine & szSuffix
           oADGroup.SetInfo

           oParentGroup.Add(oADGroup.AdsPath)
           oParentGroup.SetInfo
           
       Next

That might do it, although I have no test environment to play with...

J.
0
 
LVL 2

Author Comment

by:whiting002
ID: 13612510
I'm getting an error on the line Set oParentGroup = GetObject("LDAP://" & strParentGroup)

I assumed you meant szParentGroup and not strParentGroup

I have a feeling its somehting to do with the
szPrentGroup = "cn=" & a_szParentGroups(n) & ",ou=MyParentGroupOU,dc=MyDomian,dc=com"

I understand "cn=" & a_szParentGroups(n) but as far as ou=MyParentGroupOU, I'm not using an OU for this.  These groups are located in the Users folder on directly under the domain. The dc=MyDomain:  I put in my fully qualfied domain name (test.eng.comp.net) and I took out the second dc because i'm not sure why you have dc=com
0
 
LVL 16

Expert Comment

by:jimbobmcgee
ID: 13612821
I did mean szParentGroup, of course.

In fairness, I cribbed the code above from a similar question on adding users to groups (see http://tinyurl.com/4783h).  If you don't think you need an OU try taking it out (although, the ou flag could be ou=Users), same with the DC flags.  In your case, the second dc flag might be dc=net.

J.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Expert Comment

by:jimbobmcgee
ID: 13612883
You should be able to get the fully qualified adspath for your parent group from its properties in the active directory users and computers mmc.

Then, to simplify things, you could change the array to reflect this:

     a_szParentGroups = Array("cn=blah1a,ou=blah1b,dc=blah1c", _
                                            "cn=blah2a,ou=blah2b,dc=blah2c", _
                                            "cn=blah3a,ou=blah3b,dc=blah3c")
     '...
     szParentGroup = a_szParentGroups(n)
     '...etc

J.
0
 
LVL 2

Author Comment

by:whiting002
ID: 13613054
Yeha I'm not sure what's going on with this now.  My code is:
szParentGroup = "cn=" & a_szParentGroups(n) & ",ou=Users,dc=CompName"

I get an error message that says:
"A referral was returned from the server."
0
 
LVL 2

Author Comment

by:whiting002
ID: 13613275
Ok I was able to find out that I'm putting my dc name in wrong.  If my domain name is Pepsi.Eng.LEMON.com  how would I write that here?   Would it be dc=Pepsi,dc=Eng,dc=LEMON,dc=com
0
 
LVL 2

Author Comment

by:whiting002
ID: 13613915
Alright I figured it out here is the code that works.  Big problem was that Users is not an ou but rather a container and should have been cn.

Dim oFSO, oTS, oADRoot, oADDomain, oADOU, oADGroup, szLine, a_szSuffixes, szSuffix, objRootDSE, strDNSDomain, objDomain

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.OpenTextFile("c:\ScriptOU\test.txt", 1)
Set oADRoot = GetObject("LDAP://rootDSE")
Set oADDomain = GetObject("LDAP://" & oADRoot.Get("defaultNamingContext"))

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

Do Until oTS.AtEndOfStream

   szLine = Trim(oTS.ReadLine)

   a_szSuffixes = Array("MaintManagers", "Power Users", "Usersm")  
   a_szParentGroups = Array("MaintManagers", "Power Users", "Usersm")  
   Set oADOU = oADDomain.Create("organizationalUnit","ou="& szLine)
      oADOU.Put "Description", szLine
      oADOU.SetInfo

  For n = LBound(a_szSuffixes) To UBound(a_szSuffixes)
      szSuffix = a_szSuffixes(n)
      szParentGroup = "cn=" & a_szParentGroups(n) & ",cn=Users," & strDNSDomain

      Set oParentGroup = GetObject("LDAP://" & szParentGroup)
      Set oADGroup = oADOU.Create("Group", "cn=" & szLine & szSuffix)

      oADGroup.Put "sAMAccountName", szLine & szSuffix & "_AM"
      oADGroup.Put "Description", szLine & szSuffix
      oADGroup.SetInfo
     
      oParentGroup.Add(oADGroup.AdsPath)
      oParentGroup.SetInfo
           
   Next

Loop

oTS.Close

Set oFSO = Nothing
Set oTS = Nothing
Set oADGroup = Nothing
Set oADOU = Nothing
Set oADRoot = Nothing
Set oADDomain = Nothing


Thanks for the help again.
0
 
LVL 16

Expert Comment

by:jimbobmcgee
ID: 13620463
Ah, the mysteries of AD.  Users is a container, eh?  I'll remember that next time.

Thanks for the points,

J.
0
 
LVL 2

Author Comment

by:whiting002
ID: 13621491
Thanks for the help!!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question