Solved

Adding Users to Groups via a CSV file

Posted on 2006-11-23
27
505 Views
Last Modified: 2008-01-16
Happy Thanksgiving!

Well, it was happy until someone deleting our MIIS provisoning groups! We have the groups restored, the problems is the group membership is all empty. Luckily we have  a spreadsheet of all user\group membership. I am looking for a way add users to groups via a script or command line. I DO NOT want to move users, I simple want automate adding the users to groups. Opening each group and adding the users manually would take weeks. Any ideas?

Thanks!
0
Comment
Question by:Justin Durrant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 11
27 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003270
Well without using any fancy AD tools from a DC you can run

net group groupname username username username /add

so if you can post the format of your file I can potentially drop that into a batch file using a quick FOR command if you wish.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003331
What about DSMOD GROUP?

I am looking for the quickest way.. here is the syntext of my source CSV file:

groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=aaaaaa      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
groupname      CN=firstname lastname      OU=ccccccc      DC=domain DC=com      
groupname      CN=firstname lastname      OU=bbbbbb      DC=domain DC=com      
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003435
OK, thats slightly more difficult in that you have names rather than easier login names.

Yes you could do it with dsmod.

effectively it would have to ouput lines as

dsmod group "cn=groupname,ou=container,dc=domain,dc=com" -addmbr "cn=user name,ou=aaaaaa,dc=domain,dc=com"

You can get the start of this with a command such as this.  %%a gets the first token upto blank space, then %%b the next etc.

@echo off
for /f "tokens=1,2,3,4,5,6" %%a in ("yourfile.txt") do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b %%c,%%d,%%e,%%f" & pause

See what that outputs.  If it looks right then take out the echo and remove the & pause from the end of the line.

If not post an actual line (again change the domain etc.), are those tabs or spaces for instance.

hth

Steve
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003440
Sorry should have said,save that as  fixgroups.cmd or something in Notepad, and remove the two double quotes I put in by mistake, i.e.

@echo off
for /f "tokens=1,2,3,4,5,6" %%a in (yourfile.txt) do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b %%c,%%d,%%e,%%f" & pause
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003496
Ok, how do I eneter the user name in the text file?

Firstname lastname
"first name lastname"
ect.

I tried both and this is the output I get:

C:\>dsmod2
dsmod group "cn="firstname,cn=thegroup,ou=theouthegroupisin,dc=mydomain,dc=com
" -addmbr "lastname" ,,,"
Press any key to continue . . .
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003538
I thought the text file was as you posted it?  This took the groupname from the first tokenm the firstname and second name from the next etc.

What format is the text file in or are you adjusting in Excel and formatting it how you like.  All we actually need is two things really and you could adjust this in Excel if you like to something like this it would be easier:

"cn=groupname,ou=container,dc=domain,dc=com","cn=username,ou=container,dc=domain,dc=com"

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003566
no.. the format above is my CSV file.. i have no text file. Each space is a different column in my CSV
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003607
Ok sorry to be pedantic then but can you post an actual line from it (change the domain slightly if you wish) so I can get the precise format -- I mean open the file in notepad, don't let it auto open into excel and post one line.  This might do it, changing the delimiter to command and space.

@echo off
for /f "tokens=1,2,3,4,5,6 delims=, " %%a in (yourfile.txt) do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b %%c,%%d,%%e,%%f" & pause

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003623
Here is how the CSV looks in notepad:

Domain Admins,CN=firstname lastname,OU=ou name,DC=domain,DC=com,
Account Operators,CN=firstname lastname,OU=ou name,DC=domain,DC=com



Some lines hae the trailing comma, and some do not.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003650
OK.  Some of the problems with this are the obvious in that there are spaces and commas here not apparent in your dump before.

OK try this

@echo off
for /f "tokens=1,2,3,4,5 delims=," %%a in (yourfile.txt) do echo dsmod group "cn=%%a,ou=container,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause

hth

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003654
That should look like

dsmod group "cn=domain admins,ou=container,dc=domain,dc=com" -addmbr "CN=firstname lastname,OU=ou name,DC=domain,DC=com"

Steve

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003686
Off very shortly, will look back later on if you have any queries on this.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003691
no luck.. here is my dsmod.bat:

@echo off
for /f "tokens=1,2,3,4,5 delims=," %%a in (users.txt) do echo dsmod group "cn=%%a,cn=groupname,ou=outhegroupisin,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause

And my users.txt:

groupname,CN=firstname lastname,OU=outheuserisin,DC=domain,DC=com,

Output:

C:\>dsmod2.cmd
dsmod group "cn=groupname,cn=groupname,ou=outhegroupisin,dc=domain,dc=com" -addmbr "CN=firstname lastname,OU=outheuserisin,DC=domain,DC=com"
Press any key to continue . . .

User is never added to the group
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003726
OK, why the extra added cn=groupname in the command?  The group name is added in the %%a bit from your text file.

@echo off
for /f "tokens=1,2,3,4,5 delims=," %%a in (users.txt) do dsmod group "cn=%%a,ou=outhegroupisin,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause


The user won't be adde to the group until you remove the echo command anyway (unless you have).  The echo is there so you can check it looks Ok before running it for real.

Steve

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003730
OK, off now for a while.  Will look back later on.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003761
Ok, when I run that, the command just loop.

for /f "tokens=1,2,3,4,5 delims=," %%a in (users.txt) do dsmod group "cn=%%a,ou=outhegroupisin,dc=domain,dc=com" -addmbr "%%b,%%c,%%d,%%e" & pause

Users.txt:

groupname,CN=firstname lastname,OU=outheuserisin,DC=domain,DC=com,

Output:

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br

C:\>dsmod group "CN=groupname,OU=outhegroupisin,DC=domain,DC=com" -addm
br
^CTerminate batch job (Y/N)? y
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003828
Is the "%%b,%%c,%%d,%%e" & pause dropped onto a newline, it should be on the end of the other line.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18003906
I changed it to all one line and it still loops.


0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003985
ok.  it is supposed to loop, once per line in th ecsv file.  Can I suggest you send the csv file and your current batch file as attachments k(part of csv if you like) to the email address in my profile - click on the dragon-it link above.

On mobile cujrrently, will check back later
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18004604
i gave up and used net group instead :)
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18005033
Oh well OK.  That was my first choice :-)

Script does appear to work for me but there you go.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18005037
I would still like to get it to work.. Can I still email you the files?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18005111
Got them.  Will take a look in the morning.

Steve
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18005112
thx much
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 18006459
Jason,

When I run the script as you sent to me I get

C:\Temp>users

C:\Temp>FOR /F "tokens=1,2,3,4,5 delims=," %a in (users.txt) do echo dsmod group "cn=%a,ou=Insurance ASP Service Accounts,ou=FIProd Service Accounts,dc=fxxxxx,dc=com" -addmbr "%b,%c,%d,%e"   & pause

C:\Temp>echo dsmod group "cn=Domain Admins,ou=Insurance ASP Service Accounts,ou=FIProd Service Accounts,dc=fxxxxx,dc=com" -addmbr "CN=InsASP08,OU=Insurance ASP
Service Accounts,OU=FIProd Service Accounts,DC=fiprod"   & pause

dsmod group "cn=Domain Admins,ou=Insurance ASP Service Accounts,ou=FIProd Service Accounts,dc=fiprod,dc=com" -addmbr "CN=InsASP08,OU=Insurance ASP Service Accou
nts,OU=FIProd Service Accounts,DC=xxxxx"
Press any key to continue . . .

I added the echo back in so it did not run the dsmod command but it does appear OK in that it.  I suspect it not working is due to the fact your groups aren't  in the OU you have put in and also that the number of OU's is different to the file you posted so he last one was missed off.  How about this instead which will search AD for the full group name and pass that to DSMOD for the addition of the user

FOR /F "tokens=1,2,3,4,5,6 delims=," %%a in (users.txt) do dsquery group -name "%%a" | dsmod group -addmbr "%%b,%%c,%%d,%%e,%%f" & pause

let me know how that goes.

Steve

0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 18018708
worked! thanks!
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18018951
No problem, got there in th end.  Steve
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question