Add Users to Security Groups based on Company Field

Posted on 2010-01-06
Last Modified: 2013-12-24
Good afternoon Experts,

We have multiple independent locations that have their own "utilitty" servers for WSUS, AV updates, etc that update the local PCs from the server, and then all the utility servers update to a master server at our datacenter.

I am trying to create home directory/my documents redirect to the local utility servers, that replicate to the master server at our datacenter.  What I have for the users at each location is a 3 digit code in their company field in their active directory profile designating their location.  I also have created groups for all of those users locations.  What I need is to create a script checks the users company field for that code, and adds the user to the appropriate group.  Once I have that I can create the folder logon scripts to point to the correct local server for their home folders.

I can create the logon script, but I need a script that I can run nightly to adjust group membership based on that company field.  
Question by:SoldatoDiDio
    LVL 70

    Accepted Solution


    Not a bad request at all. Let me know if anything in the attached isn't clear :)

    ' Create a connection to the group the users go in
    Dim objGroup : Set objGroup = GetObject("LDAP://CN=Group Name,OU=SomeWhere,DC=domain,DC=com")
    ' LDAP Filter to find users with specific company field
    Dim strLdapFilter : strLdapFilter = "(&(objectClass=user)(objectCategory=person)(company=abc))"
    ' Find the domain
    Dim objRootDSE : Set objRootDSE = GetObject("LDAP://RootDSE")
    Dim strLdapPath : strLdapPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")
    ' Set up the Search
    Dim objConnection : Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Dim objCommand : Set objCommand = Createobject("ADODB.Command")
    objCommand.ActiveConnection = objConnection
    objCommand.Properties("Page Size") = 1000
    objCommand.CommandText = "<" & strLdapPath & ">;" & _
      strLdapFilter & ";distinguishedName;subtree"
    Dim objRecordSet : Set objRecordSet = objCommand.Execute
    Do Until objRecordSet.EOF
      ' Add the member to the group - Suppress errors about a member already being in the group
      On Error Resume Next
      objGroup.Add("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
      If Err.Number = -2147019886 Then
        ' Already a member of the group - Ignore it
      ElseIf Err.Number <> 0 Then
        ' Something went wrong, tell us about it.
        WScript.Echo Err.Number & ": " & Err.Description
      End If
      On Error Goto 0

    Open in new window

    LVL 27

    Assisted Solution

    Just to expand on Chris's concept a little, the below will allow you to assess codes and add users to various different groups based on the content of the code in 'company' by looping through a dictionary array object.

    You just need to edit the section I have commented to add the code and the DN of the group it relates to. You can add as many 'objGroupDict.Add......' lines as you need.

    This code can be run once each day and will add users to all of the groups you specify in the script.


    Set oRootDSE = GetObject("LDAP://RootDSE")
    Set objConn = CreateObject("ADODB.Connection")
    Set objComm =   CreateObject("ADODB.Command")
    Set objGroupDict = CreateObject("Scripting.Dictionary")
    objConn.Provider = "ADsDSOObject"
    objConn.Open "Active Directory Provider"
    Set objComm.ActiveConnection = objConn
    objComm.Properties("Page Size") = 1000
    strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"
    strAttrs  = "distinguishedName;"
    strScope  = "subtree"
    'ADD THE CODES AND THE DNS FOR YOUR GROUPS HERE.........................
    'objGroupDict.Add "ABC", "CN=GroupABC,OU=groups,DC=domain,DC=local"
    'objGroupDict.Add "DEF", "CN=GroupDEF,OU=groups,DC=domain,DC=local"
    'objGroupDict.Add "GHI", "CN=GroupGHI,OU=groups,DC=domain,DC=local"
    'objGroupDict.Add "JKL", "CN=GroupJKL,OU=groups,DC=domain,DC=local"
    For Each groupCode In objGroupDict.Keys
    	strFilter = "(&(objectclass=user)(objectCategory=person)(company=*" & groupCode & "*));"
    	objComm.CommandText = strBase & strFilter & strAttrs & strScope
    	Set objRS = objComm.Execute
    	Set objGroup = GetObject("LDAP://" & objGroupDict.Item(groupCode))
    	If objRs.RecordCount > 0 Then
    		Do Until objRS.EOF
    			On Error Resume Next
    	  		objGroup.Add("LDAP://" & objRS.Fields("distinguishedName").Value)
    	  		If Err.Number = -2147019886 Then
    	  			'Do nothing
    	  		ElseIf Err.Number<> 0 Then
    	  			WScript.Echo Err.Number & ": " & Err.Description
    	  		End If	
    			On Error Goto 0
    	End if

    Open in new window


    Author Closing Comment

    Chris, you gave the perfect solution, and after testing it worked out great.  I began to repeat the loop with multiple constants, and it worked.  Then Tony created the array to simply what I was trying to accomplish.  Thank you both so much!

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Entering a date in Microsoft Access can be tricky. A typo can cause month and day to be shuffled, entering the day only causes an error, as does entering, say, day 31 in June. This article shows how an inputmask supported by code can help the user a…
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now