Create Multiple Groups in AD

Does someone have a script that will create multiple group objects in AD by reading the names from a text file?

I have the following script which creates 1 (one) group, how can I modify it to make it create more than one?


Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000

Set objOU = GetObject("LDAP://ou=SPECIFY OU HERE,dc=SPECIFY DN HERE")
Set objGroup = objOU.Create("Group", "cn=Name_Of_Group")

objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or _
    ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo


We are about to being a project to migrate our existing AD to our parent companies' AD (which I hate but what can you do) and I need to recreate about 150 groups from our AD in their AD.  There is no trusts setup so ADMT is out of the question.
LVL 1
dspentAsked:
Who is Participating?
 
Netman66Commented:
OK, here's the modified code:

****

@echo off
cls

Set /p strStartOU="Enter the top-level starting OU: "
set /p strDC="Please enter the NetBIOS name of a DC: "
Set /p strOU="Please enter the name of the OU to create the groups: "
for /f "delims=" %%D in ('dsquery OU -name "%strStartOU%" -s %strDC%') do set strStartPath=%%D
for /f "delims=" %%A in ('dsquery OU %strStartPath% -name "%strOU%" -s %strDC%') do set strOUPath=%%A

for /f "tokens=1,2 delims=," %%B in (groups.txt) do dsadd group "CN="%%B","%strOUPath% -secgrp yes -desc "%%C" -scope g -s %strDC%

pause

****

Here's what the groups.txt should look like:

Tester1,Test Group 1
Tester2,Test Group 2
Tester3,Test Group 3


Remember, this can only load one OU at a time, so your groups.txt will have to be created accordingly.

The first prompt asks for the top-level OU - I would imaging you would put AKJ in this.
The second prompt is for a DC name.
The third prompt is for the OU where you want the groups created.


Hope this is what you want.

0
 
Netman66Commented:
This will work for you.  Copy this into a CMD file, run it from the server or an XP workstation.  This script assumes the following:

1) The groups are in a text file named "groups.txt" and are entered one per line with no quotes (eg. Management).  
2) This script can be run against one OU at a time - if you require creating groups in different OUs, then you need to divide them up into multiple Groups.txt files - one per OU.
3)  It is creating Global Groups.  To change this, after the -scope switch you can use (l)ocal, (u)niversal, or (g)lobal.
4)  There is no error checking - it's a down and dirty script.


@echo off
cls

set /p strDC="Please enter the NetBIOS name of a DC: "
Set /p strOU="Please enter the name of the OU to create the groups: "
for /f %%A in ('dsquery OU -name %strOU% -s %strDC%') do set strOUPath=%%A

for /f "delims=" %%B in (groups.txt) do dsadd group "CN="%%B","%strOUPath% -secgrp yes -scope g -s %strDC%

pause

0
 
Netman66Commented:
I forgot to add - the server and/or the worksation must have the Support Tools installed on them.  They're on their respective CD under Support.

0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
dspentAuthor Commented:
I am not at work this minute so I can't test...

However, one thing that has me questioning whether this will work for me is access rights/permissions to the domain.  Of course I am domain admin in MY domain.... But in the corporate domain we are limited admins only to our top level OU.

In other words, we only have what administrative rights the corporate IS domain admins have delegated.  Do you think this will be a problem?  I will test this out in the A.M.

-Jones
0
 
Pete LongTechnical ConsultantCommented:
0
 
Netman66Commented:
You can create the groups at the level you are granted rights.  The other admins can move them if they won't allow you to create them where they belong.

0
 
dspentAuthor Commented:
Where you have:

Set /p strOU="Please enter the name of the OU to create the groups: "

How do I enter the OU name?

I'm assuming...
ou=groups,ou=AKJ,ou=Facilities,dc=corporatedomain,dc=com   etc.....?
0
 
dspentAuthor Commented:
Oh yeah and what about specifying the description for the group, can that also be done?
0
 
Netman66Commented:
No, just enter the friendly name - ie. Groups.  The script will go get the proper LDAP name.

Description can be added but it adds a bit of complexity to things.

If you have to do this by script let me know and I'll tweak that tonight.



0
 
dspentAuthor Commented:
You say the script will get the proper name, but how will it be able to differentiate between my group and other groups that have the same name in other OU's....

The corporate OU Structure is like this

TOP LEVEL (domain)
---FACILITIES (ou)
-------XXX (ou)  where xxx is a three letter code for each hospital in the domain.  ours is AKJ
----------Groups (ou)  and other ou's at this level for users, workstations, server etc...

Each OU under facilities is exactly the same for every facility.  So if I specify for example GroupBlah in Groups OU how will your script know to put it in the Groups OU under the AKJ ou and not some other Groups OU?


As for the description, if you wouldn't mind, I would appreciate being able to add a description via the script.  The corporate IS has already put dozens of groups in the OU for whatever reason and I want to be able to single out the groups I have added once I am finished.....However if you don't want to go through any extra hassle please don't...It's not absolutely necessary.
0
 
Netman66Commented:
For the OU, you can choose the root at which to begin the search.  

for /f %%A in ('dsquery OU -name %strOU% -s %strDC%') do set strOUPath=%%A

Change the line above so that dsquery has a startnode:

for /f %%A in ('dsquery OU "{startnode}" -name %strOU% -s %strDC%') do set strOUPath=%%A

where startnode is the complete DN for example:  "ou=AKJ,ou=Facilities,dc=corporatedomain,dc=com"

As for description, I will assume that the group and description are in the same file separated by a comma (like so):

group name,group description

(no spaces between the comma and the description)

I will try to tweak this tonight.
0
 
Netman66Commented:
You can load all the groups into one OU then move them according to description if you want to do it all from one text file - this would be a second script - and a second question! :o)

0
 
dspentAuthor Commented:
Sorry I didn't get back sooner....

I ran the script, but I get errors...

ou=-HNMC,dc=hnmc,dc=hnw,dc=tenethealth,dc=com
HNMADDC1
TestMe
dsquery failed:No value specified for `s'.
type dsquery /? for help.dsquery failed:No value specified for `s'.
type dsquery /? for help.dsadd failed:No value specified for `s'.
type dsadd /? for help.dsadd failed:No value specified for `s'.
type dsadd /? for help.dsadd failed:No value specified for `s'.
type dsadd /? for help.Press any key to continue . . .
0
 
Netman66Commented:
Which script gave you this error?

Can you post a couple of lines of your text file?  Change names and stuff, but do not change the format you are using, I need to see it as it is - spaces and all.

The top-level starting OU should be HNMC - do not use the LDAP path, just the simple name of the OU - no quotes and as you read it, including spaces.

So, if I interpret the last post correctly, then this:

HNMC
HNMADDC1
TestMe

Those should be your inputs.

0
 
dspentAuthor Commented:
Here is the script I used...

@echo off
cls

Set /p strStartOU="-HNMC"
set /p strDC="HNMADDC1"
Set /p strOU="TestMe"
for /f "delims=" %%D in ('dsquery OU -name "%strStartOU%" -s %strDC%') do set strStartPath=%%D
for /f "delims=" %%A in ('dsquery OU %strStartPath% -name "%strOU%" -s %strDC%') do set strOUPath=%%A

for /f "tokens=1,2 delims=," %%B in (groups.txt) do dsadd group "CN="%%B","%strOUPath% -secgrp yes -desc "%%C" -scope g -s %strDC%

pause


The -HNMC is the top level OU... running the above gives me the error I posted previously.


Here is my groups.txt file....

Blah,ThisIsBlah
Blah2,This Is Blah 2
Blah3,This_Is_Blah_3



0
 
Netman66Commented:
First off,

Set /p strStartOU="-HNMC"
set /p strDC="HNMADDC1"
Set /p strOU="TestMe"

Should be:

Set  strStartOU="-HNMC"
Set  strDC="HNMADDC1"
Set  strOU="TestMe"

Secondly, this line cannot wrap, it has to be on one line:

for /f "tokens=1,2 delims=," %%B in (groups.txt) do dsadd group "CN="%%B","%strOUPath% -secgrp yes -desc "%%D" -scope g -s %strDC%


If this still fails, I will be home in a few hours and can debug it there.

0
 
dspentAuthor Commented:
That's what the problem was... The /p needed to be removed.

Works perfectly.  Thanks a million for your assistance.
0
 
Netman66Commented:
Anytime!

Just so you know, I put the prompts in there so you don't have to alter the code each time.  Simply enter the new info each time you run it.

Glad to help!

NM
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.