[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Group creation

Posted on 2012-09-05
8
Medium Priority
?
523 Views
Last Modified: 2012-09-25
I have to create multiple Universal group in the active directory. Is there any scripts to do so to give the list of groups as a input file and the script has to read the names from the input file ? Or how to achieve the same through CSVDE? Thanks
0
Comment
Question by:jmohan0302
  • 4
  • 3
8 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 38369522
Are you just creating the groups or do you want to populate them also?
0
 

Author Comment

by:jmohan0302
ID: 38369553
I have to create the groups in  Active Directory and also the description and the Email Address for the group as it is a Universal Distribution group. I need to create a multiple Universal Distribution group so I am looking for a script or a command to do this. Thanks
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 38369556
Using the quest powershell cmdlets to create groups would be similar to below.

Import-CSV {filename}.csv | ForEach{ new-qadgroup -name $_.name -parentcontainer "OU=Destination,DC=domain,DC=com" -groupscope universal}


The following will take a CSV file with a column named Name and create the groups using that. The top row of the CSV must be named name for this to work correctly.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 35

Expert Comment

by:Joseph Daly
ID: 38369562
If they are going to be distribution groups then you will need to use the code below.

Import-CSV {filename}.csv | ForEach{ new-qadgroup -name $_.name -parentcontainer "OU=Destination,DC=domain,DC=com" -groupscope universal -grouptype distribution}
0
 

Author Comment

by:jmohan0302
ID: 38369756
Thanks. What should be the content of the filename.csv.  Also I need to have the description and email address of each group
0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 750 total points
ID: 38369786
The content of the CSV will be 3 columns name, description, and email. The column headings can be anything you want. As long as you modify the $_.name to match whatever the first row of your CSV is. That will be the heading row.

Import-CSV {filename}.csv | ForEach{ new-qadgroup -name $_.name -parentcontainer "OU=Destination,DC=domain,DC=com" -groupscope universal -grouptype distribution -email $_.email -description $_.description}
0
 

Author Comment

by:jmohan0302
ID: 38370818
Could you provide me the sampe CSV file
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 750 total points
ID: 38371063
Hi, you can try this VBScript to add multiple groups.  It reads from "groups.txt" for group names, and add users defined in "users.txt" to each group created.

You need to change
strOU = "CN=Users," & strDomain

to point to the OU to create the groups in.

Regards,

Rob.

strGroupsFile = "groups.txt"
strUsersFile = "users.txt"
strResultsFile = "Results.txt"

Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("defaultNamingContext")
' Change this to the OU to create the groups in:
strOU = "CN=Users," & strDomain

strResponse = InputBox( _
	"What group type do you want to create from " & strGroupsFile & "?" & VbCrLf & _
	"1) Domain Local Distribution" & VbCrLf & _
	"2) Global Security" & VbCrLf & _
	"3) Universal Distribution" & VbCrLf & _
	"4) Universal Security" & VbCrLf & VbCrLf & _
	"The groups will be created in" & VbCrLf & _
	strOU, _
	"Group Type", "1")

Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_PROPERTY_APPEND = 3

Set objOU = GetObject("LDAP://" & strOU)

Set objFSO = CreateObject("Scripting.FileSystemObject")
Const intForReading = 1

Set objResults = objFSO.CreateTextFile(strResultsFile, True)
objResults.WriteLine "Creating Groups " & Now

Set objUsers = objFSO.OpenTextFile(strUsersFile, intForReading, False)
strAllDNs = ""
While Not objUsers.AtEndOfStream
	strUserName = objUsers.ReadLine
	strUserDN = ""
	strUserDN = Get_LDAP_User_Properties("user", "samAccountName", strUserName, "distinguishedName")
	If strUserDN <> "" Then
		If strAllDNs = "" Then
			strAllDNs = strUserDN
		Else
			strAllDNs = strAllDNs & "|" & strUserDN
		End If
	Else
		objResults.WriteLine "Could not find " & strUserName & ". User will not be added to new groups."
	End If
Wend
objUsers.Close
arrAllDNs = Split(strAllDNs, "|")

boolInvalidGroupType = False

Set objGroups = objFSO.OpenTextFile(strGroupsFile, intForReading, False)
While Not objGroups.AtEndOfStream
	strGroupName = objGroups.ReadLine
	Set objGroup = objOU.Create("Group", "cn=" & strGroupName)
	objGroup.Put "sAMAccountName", strGroupName
	
	Select Case strResponse
		Case "1"
			objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
			objResults.WriteLine "Creating Domain Local Distribution groups."
		Case "2"
			objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
			objResults.WriteLine "Creating Global Security groups."
		Case "3"
			objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP
			objResults.WriteLine "Creating Universal Distribution groups."
		Case "4"
			objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
			objResults.WriteLine "Creating Universal Security groups."
		Case Else
			boolInvalidGroupType = True
	End Select
	
	If boolInvalidGroupType = False Then
		On Error Resume Next
		objGroup.SetInfo
		If Err.Number <> 0 Then
			'MsgBox strGroupName & " already exists."
			objResults.WriteLine strGroupName & " already exists. Users have not been altered."
			Err.Clear
			On Error GoTo 0
		Else
			On Error GoTo 0	
			objGroup.PutEx ADS_PROPERTY_APPEND, "member", arrAllDNs 
			objGroup.SetInfo
			objResults.WriteLine strGroupName & " created. Users added."
		End If
	Else
		MsgBox "Invalid group type selected."
	End If
	
	Set objGroup = Nothing
Wend
objGroups.Close
Set objGroups = Nothing

objResults.Close

MsgBox "Done"

Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
	
	If InStr(strObjectToGet, "\") > 0 Then
		arrGroupBits = Split(strObjectToGet, "\")
		strDC = arrGroupBits(0)
		strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
		strObjectToGet = arrGroupBits(1)
	Else
		Set objRootDSE = GetObject("LDAP://RootDSE")
		strDNSDomain = objRootDSE.Get("defaultNamingContext")
	End If

	strBase = "<LDAP://" & strDNSDomain & ">"
	' Setup ADO objects.
	Set adoCommand = CreateObject("ADODB.Command")
	Set adoConnection = CreateObject("ADODB.Connection")
	adoConnection.Provider = "ADsDSOObject"
	adoConnection.Open "Active Directory Provider"
	adoCommand.ActiveConnection = adoConnection

 
	' Filter on user objects.
	'strFilter = "(&(objectCategory=person)(objectClass=user))"
	strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"

	' Comma delimited list of attribute values to retrieve.
	strAttributes = strCommaDelimProps
	arrProperties = Split(strCommaDelimProps, ",")

	' Construct the LDAP syntax query.
	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
	adoCommand.CommandText = strQuery
	adoCommand.Properties("Page Size") = 100
	adoCommand.Properties("Timeout") = 30
	adoCommand.Properties("Cache Results") = False

	WScript.Echo ""
	WScript.Echo "Executing " & strQuery
	' Run the query.
	Set adoRecordset = adoCommand.Execute
	' Enumerate the resulting recordset.
	Do Until adoRecordset.EOF
	    ' Retrieve values and display.    
	    For intCount = LBound(arrProperties) To UBound(arrProperties)
	    	If strDetails = "" Then
	    		strDetails = adoRecordset.Fields(intCount).Value
	    	Else
	    		strDetails = strDetails & VbCrLf & adoRecordset.Fields(intCount).Value
	    	End If
	    Next
	    ' Move to the next record in the recordset.
	    adoRecordset.MoveNext
	Loop

	' Clean up.
	adoRecordset.Close
	adoConnection.Close
	Get_LDAP_User_Properties = strDetails

End Function 

Open in new window

0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question