Solved

Create a query based group of all users except certain members

Posted on 2008-10-07
1
400 Views
Last Modified: 2012-05-05
I have a need to create a group that contains all users in AD except 7 users.  Does anyone know a way to acheive this end?
0
Comment
Question by:jcistaro
1 Comment
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 22661269
Paste the script below into a text file with a .vbs extension.  Customize the values of the variables and dictionary entries above the horizontal line as indicated in the comments.  Running the script will create a new group containing all users except the excluded ones.


On Error Resume Next
 

Const ADS_SCOPE_SUBTREE = 2

Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 4

Const ADS_GROUP_TYPE_GLOBAL_GROUP = 2

Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = 8

Const ADS_GROUP_TYPE_SECURITY_ENABLED = -2147483648
 

'Distinguished name of your domain

strContainer = "dc=yourdomain,dc=local"
 

'Name of the group to create

strGroup = "new group"
 

'Distinuished name of the OU to create the new group in

strGroupOU = "ou=security groups,dc=yourdomain,dc=local"
 

'Type of group to create

strGroupType = ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
 

'Description of the new group

strGroupDesc = "My new group"
 

Set objExclude = CreateObject("Scripting.Dictionary")

objExclude.CompareMode = VBTextCompare

'Customize each entry with the SAM ID of a user to exclude from the query

objExclude.Add "user1", ""

objExclude.Add "user2", ""

objExclude.Add "user3", ""

objExclude.Add "user4", ""

objExclude.Add "user5", ""

objExclude.Add "user6", ""

objExclude.Add "user7", ""
 

'--------------------------------------------------------------------------------------
 

set objGroupOU = GetObject("LDAP://" & strGroupOU)

set objGroup = objGroupOU.Create("group","cn=" & strGroup)

objGroup.Put "groupType", strGroupType

objGroup.Put "samAccountName", strGroup

objGroup.Put "description", strGroupDesc

objGroup.SetInfo
 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
 

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 

objCommand.CommandText = _

    "SELECT AdsPath FROM 'LDAP://" & strContainer & "' WHERE objectCategory='user'"  

Set objRecordSet = objCommand.Execute
 

objRecordSet.MoveFirst

Do Until objRecordSet.EOF

    Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)

    

    If Not objExclude.Exists(objUser.sAMAccountName) Then

        objGroup.Add(objUser.ADsPath)

    End If

    objRecordSet.MoveNext

Loop

Open in new window

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now