We help IT Professionals succeed at work.

Adding a user to an AD group via VBScript using alternate credentials

Joemonkey
Joemonkey asked
on
5,051 Views
Last Modified: 2012-05-06
I'm trying to create a vbscript that receives a parameter of samaccountname then have alternate credentials within the vbscript add that user to a group in Active Directory.  We run the script like this:

scriptname.vbs samaccountname

and it pulls in the info correctly, but I can't figure out the code to do the "add user to group" part under the alternate credentials i specified in the script.   The current code adds the user to the group with the credentials of the person running the script.  i tried

objUser2.add (objGroup.Add("LDAP://"& strUserDN)) but that didn't work either :(  all the examples I have found online have things like

objUser2.setPassword

but nothing like I want to do

' Constants for the NameTranslate object. 
Const ADS_NAME_INITTYPE_GC = 3 
Const ADS_NAME_TYPE_NT4 = 3 
Const ADS_NAME_TYPE_1779 = 1 
Set args = WScript.Arguments 
arg1 = args.Item(0) 
 
' Specify the NetBIOS name of the domain and the NT name of the user. 
strNTName = "domain\" & arg1 
 
Set objTrans = CreateObject("NameTranslate") 
' Initialize NameTranslate by locating the Global Catalog. 
objTrans.Init ADS_NAME_INITTYPE_GC, "" 
' Use the Set method to specify the NT format of the object name. 
objTrans.Set ADS_NAME_TYPE_NT4, strNTName 
' Use the Get method to retrieve the RPC 1779 Distinguished Name. 
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779) 
 
' Escape any "/" characters with backslash escape character. 
' All other characters that need to be escaped will be escaped. 
strUserDN = Replace(strUserDN, "/", "\/") 
 
' Bind to the user object in Active Directory with the LDAP provider. 
Set objUser = GetObject("LDAP://" & strUserDN) 
strGroupDN = "CN=groupname,OU=ou1,OU=ou2,OU=ou3,OU=ou4,DC=domain,DC=net" 
Const ADS_SECURE_AUTHENTICATION = 1 
 
strUserDN2 = "domain\serviceaccount" 
strPassword2 = "serviceaccountpassword" 
 
Set objDSO = GetObject("LDAP:") 
Set objUser2 = objDSO.OpenDSObject("LDAP://DC=domain,DC=net", strUserDN2, strPassword2, ADS_SECURE_AUTHENTICATION) 
 
'in case user is already in group 
On Error Resume Next 
 
Set objGroup = GetObject("LDAP://"& strGroupDN) 
objGroup.Add("LDAP://"& strUserDN)

Open in new window

Comment
Watch Question

bluntTonyHead of ICT
Top Expert 2009

Commented:
You need to connect to the group object using the credentials also. At the moment, you're using GetObject, which will use the current session credentials.
MemberOf (user attribute) and member (group attribute) are linked attributes. The primary attribute is member (the group attribute), meaning that you change this attribute, not memberof. memberof will follow suit. Therefore you need to connect to the group object using OpenDSObject, as this is the object you are editing.
Instead of
Set objGroup = GetObject("LDAP://" & strGroupDN)
Use...
Set objGroup =  objDSO.OpenDSObject("LDAP://DC=domain,DC=net", strUserDN2, strPassword2, ADS_SECURE_AUTHENTICATION)
From looking at your code, I don't think you even need to connect to the user object as you're not editing it.
Please let me know if I have misunderstood.

Author

Commented:
That makes sense, but now when I attempt the

objGroup.Add("LDAP://"& strUserDN)

I get the error that Object does not support this property or method "objGroup.Add"

Author

Commented:
I hit Submit too soon, is there no way to edit a comment?  anyway...

Using Set objGroup =  objDSO.OpenDSObject("LDAP://DC=domain,DC=net", strUserDN2, strPassword2, ADS_SECURE_AUTHENTICATION)

how do i get the script the user and group AD information after binding this way?
Head of ICT
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks!  I usually only use VBScript for installing things via SMS, querying AD isn't usually something I script.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.