Solved

Create a query based group of all users except certain members

Posted on 2008-10-07
1
408 Views
Last Modified: 2012-05-05
I have a need to create a group that contains all users in AD except 7 users.  Does anyone know a way to acheive this end?
0
Comment
Question by:jcistaro
1 Comment
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 22661269
Paste the script below into a text file with a .vbs extension.  Customize the values of the variables and dictionary entries above the horizontal line as indicated in the comments.  Running the script will create a new group containing all users except the excluded ones.


On Error Resume Next
 
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 4
Const ADS_GROUP_TYPE_GLOBAL_GROUP = 2
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = 8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = -2147483648
 
'Distinguished name of your domain
strContainer = "dc=yourdomain,dc=local"
 
'Name of the group to create
strGroup = "new group"
 
'Distinuished name of the OU to create the new group in
strGroupOU = "ou=security groups,dc=yourdomain,dc=local"
 
'Type of group to create
strGroupType = ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
 
'Description of the new group
strGroupDesc = "My new group"
 
Set objExclude = CreateObject("Scripting.Dictionary")
objExclude.CompareMode = VBTextCompare
'Customize each entry with the SAM ID of a user to exclude from the query
objExclude.Add "user1", ""
objExclude.Add "user2", ""
objExclude.Add "user3", ""
objExclude.Add "user4", ""
objExclude.Add "user5", ""
objExclude.Add "user6", ""
objExclude.Add "user7", ""
 
'--------------------------------------------------------------------------------------
 
set objGroupOU = GetObject("LDAP://" & strGroupOU)
set objGroup = objGroupOU.Create("group","cn=" & strGroup)
objGroup.Put "groupType", strGroupType
objGroup.Put "samAccountName", strGroup
objGroup.Put "description", strGroupDesc
objGroup.SetInfo
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT AdsPath FROM 'LDAP://" & strContainer & "' WHERE objectCategory='user'"  
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)
    
    If Not objExclude.Exists(objUser.sAMAccountName) Then
        objGroup.Add(objUser.ADsPath)
    End If
    objRecordSet.MoveNext
Loop

Open in new window

0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question