• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 425
  • Last Modified:

Create a query based group of all users except certain members

I have a need to create a group that contains all users in AD except 7 users.  Does anyone know a way to acheive this end?
0
jcistaro
Asked:
jcistaro
1 Solution
 
Shift-3Commented:
Paste the script below into a text file with a .vbs extension.  Customize the values of the variables and dictionary entries above the horizontal line as indicated in the comments.  Running the script will create a new group containing all users except the excluded ones.


On Error Resume Next
 
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 4
Const ADS_GROUP_TYPE_GLOBAL_GROUP = 2
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = 8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = -2147483648
 
'Distinguished name of your domain
strContainer = "dc=yourdomain,dc=local"
 
'Name of the group to create
strGroup = "new group"
 
'Distinuished name of the OU to create the new group in
strGroupOU = "ou=security groups,dc=yourdomain,dc=local"
 
'Type of group to create
strGroupType = ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
 
'Description of the new group
strGroupDesc = "My new group"
 
Set objExclude = CreateObject("Scripting.Dictionary")
objExclude.CompareMode = VBTextCompare
'Customize each entry with the SAM ID of a user to exclude from the query
objExclude.Add "user1", ""
objExclude.Add "user2", ""
objExclude.Add "user3", ""
objExclude.Add "user4", ""
objExclude.Add "user5", ""
objExclude.Add "user6", ""
objExclude.Add "user7", ""
 
'--------------------------------------------------------------------------------------
 
set objGroupOU = GetObject("LDAP://" & strGroupOU)
set objGroup = objGroupOU.Create("group","cn=" & strGroup)
objGroup.Put "groupType", strGroupType
objGroup.Put "samAccountName", strGroup
objGroup.Put "description", strGroupDesc
objGroup.SetInfo
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT AdsPath FROM 'LDAP://" & strContainer & "' WHERE objectCategory='user'"  
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)
    
    If Not objExclude.Exists(objUser.sAMAccountName) Then
        objGroup.Add(objUser.ADsPath)
    End If
    objRecordSet.MoveNext
Loop

Open in new window

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now