Solved

Adding Users to Groups via a CSV file

Posted on 2006-11-23
27
500 Views
Last Modified: 2008-01-16
Happy Thanksgiving!

Well, it was happy until someone deleting our MIIS provisoning groups! We have the groups restored, the problems is the group membership is all empty. Luckily we have  a spreadsheet of all user\group membership. I am looking for a way add users to groups via a script or command line. I DO NOT want to move users, I simple want automate adding the users to groups. Opening each group and adding the users manually would take weeks. Any ideas?

Thanks!
0
Comment
Question by:Justin Durrant
  • 16
  • 11
27 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003270
Well without using any fancy AD tools from a DC you can run

net group groupname username username username /add

so if you can post the format of your file I can potentially drop that into a batch file using a quick FOR command if you wish.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003331
What about DSMOD GROUP?

I am looking for the quickest way.. here is the syntext of my source CSV file:

groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
groupname      CN=firstname lastname      OU=ccccccc      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003435
OK, thats slightly more difficult in that you have names rather than easier login names.

Yes you could do it with dsmod.

effectively it would have to ouput lines as

dsmod group "cn=groupname,ou=container,dc=domain,dc=com" -addmbr "cn=user name,ou=aaaaaa,dc=domain,dc=com"

You can get the start of this with a command such as this.  %%a gets the first token upto blank space, then %%b the next etc.

@echo off
for /f "tokens=1,2,3,4,5,6" %%a in ("yourfile.txt") do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b %%c,%%d,%%e,%%f" & pause

See what that outputs.  If it looks right then take out the echo and remove the & pause from the end of the line.

If not post an actual line (again change the domain etc.), are those tabs or spaces for instance.

hth

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003440
Sorry should have said,save that as  fixgroups.cmd or something in Notepad, and remove the two double quotes I put in by mistake, i.e.

@echo off
for /f "tokens=1,2,3,4,5,6" %%a in (yourfile.txt) do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b %%c,%%d,%%e,%%f" & pause
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003496
Ok, how do I eneter the user name in the text file?

Firstname lastname
"first name lastname"
ect.

I tried both and this is the output I get:

C:\>dsmod2
dsmod group "cn="firstname,cn=thegroup,ou=theouthegroupisin,dc=mydomain,dc=com
" -addmbr "lastname" ,,,"
Press any key to continue . . .
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003538
I thought the text file was as you posted it?  This took the groupname from the first tokenm the firstname and second name from the next etc.

What format is the text file in or are you adjusting in Excel and formatting it how you like.  All we actually need is two things really and you could adjust this in Excel if you like to something like this it would be easier:

"cn=groupname,ou=container,dc=domain,dc=com","cn=username,ou=container,dc=domain,dc=com"

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003566
no.. the format above is my CSV file.. i have no text file. Each space is a different column in my CSV
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003607
Ok sorry to be pedantic then but can you post an actual line from it (change the domain slightly if you wish) so I can get the precise format -- I mean open the file in notepad, don't let it auto open into excel and post one line.  This might do it, changing the delimiter to command and space.

@echo off
for /f "tokens=1,2,3,4,5,6 delims=, " %%a in (yourfile.txt) do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b %%c,%%d,%%e,%%f" & pause

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003623
Here is how the CSV looks in notepad:

Domain Admins,CN=firstname lastname,OU=ou name,DC=domain,DC=com,
Account Operators,CN=firstname lastname,OU=ou name,DC=domain,DC=com



Some lines hae the trailing comma, and some do not.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003650
OK.  Some of the problems with this are the obvious in that there are spaces and commas here not apparent in your dump before.

OK try this

@echo off
for /f "tokens=1,2,3,4,5 delims=," %%a in (yourfile.txt) do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause

hth

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003654
That should look like

dsmod group "cn=domain admins,ou=container,dc=domain,dc=com" -addmbr "CN=firstname lastname,OU=ou name,DC=domain,DC=com"

Steve

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003686
Off very shortly, will look back later on if you have any queries on this.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003691
no luck.. here is my dsmod.bat:

@echo off
for /f "tokens=1,2,3,4,5 delims=," %%a in (users.txt) do echo dsmod group "cn=%%a,cn=groupname,ou=outhegroupisin,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause

And my users.txt:

groupname,CN=firstname lastname,OU=outheuserisin,DC=domain,DC=com,

Output:

C:\>dsmod2.cmd
dsmod group "cn=groupname,cn=groupname,ou=outhegroupisin,dc=domain,dc=com" -addmbr "CN=firstname lastname,OU=outheuserisin,DC=domain,DC=com"
Press any key to continue . . .

User is never added to the group
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003726
OK, why the extra added cn=groupname in the command?  The group name is added in the %%a bit from your text file.

@echo off
for /f "tokens=1,2,3,4,5 delims=," %%a in (users.txt) do dsmod group "cn=%%a,ou=outhegroupisin,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause


The user won't be adde to the group until you remove the echo command anyway (unless you have).  The echo is there so you can check it looks Ok before running it for real.

Steve

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003730
OK, off now for a while.  Will look back later on.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003761
Ok, when I run that, the command just loop.

for /f "tokens=1,2,3,4,5 delims=," %%a in (users.txt) do dsmod group "cn=%%a,ou=outhegroupisin,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause

Users.txt:

groupname,CN=firstname lastname,OU=outheuserisin,DC=domain,DC=com,

Output:

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br
^CTerminate batch job (Y/N)? y
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003828
Is the "%%b,%%c,%%d,%%e" & pause dropped onto a newline, it should be on the end of the other line.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003906
I changed it to all one line and it still loops.


0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003985
ok.  it is supposed to loop, once per line in th ecsv file.  Can I suggest you send the csv file and your current batch file as attachments k(part of csv if you like) to the email address in my profile - click on the dragon-it link above.

On mobile cujrrently, will check back later
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18004604
i gave up and used net group instead :)
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18005033
Oh well OK.  That was my first choice :-)

Script does appear to work for me but there you go.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18005037
I would still like to get it to work.. Can I still email you the files?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18005111
Got them.  Will take a look in the morning.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18005112
thx much
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 18006459
Jason,

When I run the script as you sent to me I get

C:\Temp>users

C:\Temp>FOR /F "tokens=1,2,3,4,5 delims=," %a in (users.txt) do echo dsmod group "cn=%a,ou=Insurance ASP Service Accounts,ou=FIProd Service Accounts,dc=fxxxxx,dc=com" -addmbr "%b,%c,%d,%e"   & pause

C:\Temp>echo dsmod group "cn=Domain Admins,ou=Insurance ASP Service Accounts,ou=FIProd Service Accounts,dc=fxxxxx,dc=com" -addmbr "CN=InsASP08,OU=Insurance ASP
Service Accounts,OU=FIProd Service Accounts,DC=fiprod"   & pause

dsmod group "cn=Domain Admins,ou=Insurance ASP Service Accounts,ou=FIProd Service Accounts,dc=fiprod,dc=com" -addmbr "CN=InsASP08,OU=Insurance ASP Service Accou
nts,OU=FIProd Service Accounts,DC=xxxxx"
Press any key to continue . . .

I added the echo back in so it did not run the dsmod command but it does appear OK in that it.  I suspect it not working is due to the fact your groups aren't  in the OU you have put in and also that the number of OU's is different to the file you posted so he last one was missed off.  How about this instead which will search AD for the full group name and pass that to DSMOD for the addition of the user

FOR /F "tokens=1,2,3,4,5,6 delims=," %%a in (users.txt) do dsquery group -name "%%a" | dsmod group -addmbr "%%b,%%c,%%d,%%e,%%f" & pause

let me know how that goes.

Steve

0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18018708
worked! thanks!
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18018951
No problem, got there in th end.  Steve
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now