Solved

Add programmatically a user to a group in an NT domain

Posted on 2009-05-16
5
731 Views
Last Modified: 2013-12-04
Very easy to do using the "User Manager", but how to do it in code?
I am writing a utility for administrators.  I need a function that will get:
User name
User password (probably not even necessary)
Domain

Now I would like to move them into and out of existing groups.
Any code? examples?
thanks
0
Comment
Question by:yossikally
  • 3
  • 2
5 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24405388

You might need to find a copy of ADSI 2.5 depending on the platform executing the script. Try it though, I was far too near the beginning of my career to do scripting when I played with Windows NT :)

All examples below are in VbScript. Let me know if you want something else (can do VB .NET, C# .NET, PowerShell and Perl as well).

Chris
' Connecting to a Domain
 
Set objDomain = GetObject("WinNT://DomainName")
 
' Looping through objects in the Domain
 
objDomain.Filter = Array("user")
ForEach objUser in objDomain
  WScript.Echo objUser.FullName
Next
 
' Connecting to a specific user
 
Set objUser = GetObject("WinNT://DomainName/Username")
WScript.Ech objUser.FullName
 
' Connecting to a specific group
 
Set objGroup = GetObject("WinNT://DomainName/GroupName")
 
' Adding a member to a group
 
objGroup.Add "WinNT://DomainName/UserName"
' Or
objGroup.Add objUser.ADSPath
 
' Removing a member from a group
 
objGroup.Remove "WinNT://DomainName/UserName"
' Or
objGroup.Remove objUser.ADSPath

Open in new window

0
 

Author Comment

by:yossikally
ID: 24405397
Thanks. I would rather have it in C++, but this will do.
I notice you use "WinNT://...", while other examples I saw use "LDAP...". What's the difference?
I need it to run on XP workstation. Some examples I saw will only ru on Windows Server.  Does your code run on XP?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24405414

The LDAP provider is only useful if you're connecting to an LDAP complaint directory like Active Directory. That's no help for Windows NT because it doesn't use LDAP. For a Windows NT domain you have no choice but to use the WinNT provider.

The code will run on Windows XP, you won't need to add anything to use it, ADSI is present by default from Windows 2000 and up. It can attach to a Windows NT domain from there.

If you're wanting C++ I suspect the following might help (I assume it's C++, it's not labelled):

http://msdn.microsoft.com/en-us/library/aa772211(VS.85).aspx

You should find references for the Add Method under IADsGroup and so on.

Chris
0
 

Author Comment

by:yossikally
ID: 24405478
I still don't quite understand the difference between using LDAP and WinNT, I understand they are sematics used to differentiate between 2 sets of use cases.  I realize this is not a part of the question but can you direct me to source of more information (I guess ADSI for beginners reference)
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24405539

There's the ADSI Scripting Primer here which might help?

http://www.microsoft.com/technet/scriptcenter/guide/sas_ads_overview.mspx?mfr=true

ADSI Architecture tends to cover most of the real differences.

In short I would say:

WinNT Provider
 - Can connect to Windows NT directories and Active Directory directories (although doesn't differentiate between the two)
 - Accesses a full set of properties for a Windows NT domain, and a subset of properties for an Active Directory domains
 - Can only access user, group, computer and domain objects in Active Directory (other object classes are not exposed in the WinNT provider)
 - Treats every directory as a flat namespace (all objects are referenced on the same level). As seen in User Manager / Server Manager
 - Cannot deal with nested groups (Windows NT didn't allow that)

LDAP Provider
 - Can only connect to Active Directory domains / forests
 - Can access all properties
 - Can access all object classes
 - Will access the directory as a hierarchical namespace. As seen in AD Users and Computers
 - Can access and enumerate nested group structures

The LDAP Provider is certainly the way to go if you're dealing with an AD Domain or Forest. Its far more powerful which tends to make it much more suitable.

Chris
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question