Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VB Script to make a group a member in AD

Posted on 2005-03-23
9
Medium Priority
?
412 Views
Last Modified: 2010-05-02
I am currently using a script to create a large number of OUs inside of a domain.  Then the script creates 3 new domain global groups inside each OU.  Can anyone tell me what I need to add to this script in order to make these Domain Global Groups members of a domain local group in the Users folder under the domain.

An example of one of my OUs would be the OU name NOVA.  NOVA would have three groups a NOVAMaintManagers group which needs to be a member of the domain local group MaintManagers in the domain.  A NOVAPower Users group which needs to be a memeber of Power Users.  A NOVAUsers group which needs to be a member of Users.

Here is a copy of my current code:

Dim oFSO, oTS, oADRoot, oADDomain, oADOU, oADGroup, szLine, a_szSuffixes, szSuffix

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.OpenTextFile("c:\ScriptOU\test.txt", 1)
Set oADRoot = GetObject("LDAP://rootDSE")
Set oADDomain = GetObject("LDAP://" & oADRoot.Get("defaultNamingContext"))

a_szSuffixes = Array("Users", "MaintManagers", "PowerUsers")

Do Until oTS.AtEndOfStream

   szLine = Trim(oTS.ReadLine)

   Set oADOU = oADDomain.Create("organizationalUnit","ou="& szLine)
      oADOU.Put "Description", szLine
      oADOU.SetInfo

   For Each szSuffix In a_szSuffixes
      Set oADGroup = oADOU.Create("Group", "cn=" & szLine & szSuffix)
          oADGroup.Put "sAMAccountName", szLine & szSuffix & "_AM"
          oADGroup.Put "Description", szLine & szSuffix
          oADGroup.SetInfo
   Next

Loop

oTS.Close

Set oFSO = Nothing
Set oTS = Nothing
Set oADGroup = Nothing
Set oADOU = Nothing
Set oADRoot = Nothing
Set oADDomain = Nothing
0
Comment
Question by:whiting002
  • 5
  • 4
9 Comments
 
LVL 16

Accepted Solution

by:
jimbobmcgee earned 2000 total points
ID: 13612249
Try changing the array declarations from this

       a_szSuffixes = Array("Users", "MaintManagers", "PowerUsers")

to

       a_szSuffixes = Array("Users", "MaintManagers", "PowerUsers")  
       a_szParentGroups = Array("Users", "MaintManagers", "Power Users")

Then, instead of the For/Next we originally set up, change to

       For n = LBound(a_szSuffixes) To UBound(a_szSuffixes)
 
           szSuffix = a_szSuffixes(n)
           szParentGroup = "cn=" & a_szParentGroups(n) & ",ou=MyParentGroupOU,dc=MyDomain,dc=com"

           Set oParentGroup = GetObject("LDAP://" & strParentGroup)
           Set oADGroup = oADOU.Create("Group", "cn=" & szLine & szSuffix)

           oADGroup.Put "sAMAccountName", szLine & szSuffix & "_AM"
           oADGroup.Put "Description", szLine & szSuffix
           oADGroup.SetInfo

           oParentGroup.Add(oADGroup.AdsPath)
           oParentGroup.SetInfo
           
       Next

That might do it, although I have no test environment to play with...

J.
0
 
LVL 2

Author Comment

by:whiting002
ID: 13612510
I'm getting an error on the line Set oParentGroup = GetObject("LDAP://" & strParentGroup)

I assumed you meant szParentGroup and not strParentGroup

I have a feeling its somehting to do with the
szPrentGroup = "cn=" & a_szParentGroups(n) & ",ou=MyParentGroupOU,dc=MyDomian,dc=com"

I understand "cn=" & a_szParentGroups(n) but as far as ou=MyParentGroupOU, I'm not using an OU for this.  These groups are located in the Users folder on directly under the domain. The dc=MyDomain:  I put in my fully qualfied domain name (test.eng.comp.net) and I took out the second dc because i'm not sure why you have dc=com
0
 
LVL 16

Expert Comment

by:jimbobmcgee
ID: 13612821
I did mean szParentGroup, of course.

In fairness, I cribbed the code above from a similar question on adding users to groups (see http://tinyurl.com/4783h).  If you don't think you need an OU try taking it out (although, the ou flag could be ou=Users), same with the DC flags.  In your case, the second dc flag might be dc=net.

J.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 16

Expert Comment

by:jimbobmcgee
ID: 13612883
You should be able to get the fully qualified adspath for your parent group from its properties in the active directory users and computers mmc.

Then, to simplify things, you could change the array to reflect this:

     a_szParentGroups = Array("cn=blah1a,ou=blah1b,dc=blah1c", _
                                            "cn=blah2a,ou=blah2b,dc=blah2c", _
                                            "cn=blah3a,ou=blah3b,dc=blah3c")
     '...
     szParentGroup = a_szParentGroups(n)
     '...etc

J.
0
 
LVL 2

Author Comment

by:whiting002
ID: 13613054
Yeha I'm not sure what's going on with this now.  My code is:
szParentGroup = "cn=" & a_szParentGroups(n) & ",ou=Users,dc=CompName"

I get an error message that says:
"A referral was returned from the server."
0
 
LVL 2

Author Comment

by:whiting002
ID: 13613275
Ok I was able to find out that I'm putting my dc name in wrong.  If my domain name is Pepsi.Eng.LEMON.com  how would I write that here?   Would it be dc=Pepsi,dc=Eng,dc=LEMON,dc=com
0
 
LVL 2

Author Comment

by:whiting002
ID: 13613915
Alright I figured it out here is the code that works.  Big problem was that Users is not an ou but rather a container and should have been cn.

Dim oFSO, oTS, oADRoot, oADDomain, oADOU, oADGroup, szLine, a_szSuffixes, szSuffix, objRootDSE, strDNSDomain, objDomain

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.OpenTextFile("c:\ScriptOU\test.txt", 1)
Set oADRoot = GetObject("LDAP://rootDSE")
Set oADDomain = GetObject("LDAP://" & oADRoot.Get("defaultNamingContext"))

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

Do Until oTS.AtEndOfStream

   szLine = Trim(oTS.ReadLine)

   a_szSuffixes = Array("MaintManagers", "Power Users", "Usersm")  
   a_szParentGroups = Array("MaintManagers", "Power Users", "Usersm")  
   Set oADOU = oADDomain.Create("organizationalUnit","ou="& szLine)
      oADOU.Put "Description", szLine
      oADOU.SetInfo

  For n = LBound(a_szSuffixes) To UBound(a_szSuffixes)
      szSuffix = a_szSuffixes(n)
      szParentGroup = "cn=" & a_szParentGroups(n) & ",cn=Users," & strDNSDomain

      Set oParentGroup = GetObject("LDAP://" & szParentGroup)
      Set oADGroup = oADOU.Create("Group", "cn=" & szLine & szSuffix)

      oADGroup.Put "sAMAccountName", szLine & szSuffix & "_AM"
      oADGroup.Put "Description", szLine & szSuffix
      oADGroup.SetInfo
     
      oParentGroup.Add(oADGroup.AdsPath)
      oParentGroup.SetInfo
           
   Next

Loop

oTS.Close

Set oFSO = Nothing
Set oTS = Nothing
Set oADGroup = Nothing
Set oADOU = Nothing
Set oADRoot = Nothing
Set oADDomain = Nothing


Thanks for the help again.
0
 
LVL 16

Expert Comment

by:jimbobmcgee
ID: 13620463
Ah, the mysteries of AD.  Users is a container, eh?  I'll remember that next time.

Thanks for the points,

J.
0
 
LVL 2

Author Comment

by:whiting002
ID: 13621491
Thanks for the help!!!
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
Suggested Courses
Course of the Month13 days, 5 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question