• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1289
  • Last Modified:

Creating multiple Domain Local groups in specific OU.

Does anyone have a script to create multiple Domain Local groups in AD by reading a txt file?  I need to create over 100 Domain Local groups and I rather do it using a script.  I need it under a specific OU because of security rights.

I will reward points asap.
0
mystikal1000
Asked:
mystikal1000
1 Solution
 
Sarang TinguriaSr EngineerCommented:
0
 
mystikal1000Author Commented:
I rather not use this powerscript, but I received an error in the code, cause we have a large AD.  Does anyone have a VBScript instead?


The string starting:
At c:\powershell script\bulk_ad_group_creation.ps1:37 char:30
+     Write-Host "Target OU can <<<< 't be found! Group creation skipped!"
is missing the terminator: '.
At c:\powershell script\bulk_ad_group_creation.ps1:39 char:2
+ } <<<<
    + CategoryInfo          : ParserError: (t be found! Gro...ipped!"
  }
}:String) [], ParseException
    + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString

Open in new window

0
 
RobSampsonCommented:
Hi, you can try this VBScript to add multiple groups.  It reads from "groups.txt" for group names, and add users defined in "users.txt" to each group created.

You need to change
strOU = "CN=Users," & strDomain

to point to the OU to create the groups in.

Regards,

Rob.

strGroupsFile = "groups.txt"
strUsersFile = "users.txt"
strResultsFile = "Results.txt"

Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("defaultNamingContext")
' Change this to the OU to create the groups in:
strOU = "CN=Users," & strDomain

strResponse = InputBox( _
	"What group type do you want to create from " & strGroupsFile & "?" & VbCrLf & _
	"1) Domain Local Distribution" & VbCrLf & _
	"2) Global Security" & VbCrLf & _
	"3) Universal Distribution" & VbCrLf & _
	"4) Universal Security" & VbCrLf & VbCrLf & _
	"The groups will be created in" & VbCrLf & _
	strOU, _
	"Group Type", "1")

Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_PROPERTY_APPEND = 3

Set objOU = GetObject("LDAP://" & strOU)

Set objFSO = CreateObject("Scripting.FileSystemObject")
Const intForReading = 1

Set objResults = objFSO.CreateTextFile(strResultsFile, True)
objResults.WriteLine "Creating Groups " & Now

Set objUsers = objFSO.OpenTextFile(strUsersFile, intForReading, False)
strAllDNs = ""
While Not objUsers.AtEndOfStream
	strUserName = objUsers.ReadLine
	strUserDN = ""
	strUserDN = Get_LDAP_User_Properties("user", "samAccountName", strUserName, "distinguishedName")
	If strUserDN <> "" Then
		If strAllDNs = "" Then
			strAllDNs = strUserDN
		Else
			strAllDNs = strAllDNs & "|" & strUserDN
		End If
	Else
		objResults.WriteLine "Could not find " & strUserName & ". User will not be added to new groups."
	End If
Wend
objUsers.Close
arrAllDNs = Split(strAllDNs, "|")

boolInvalidGroupType = False

Set objGroups = objFSO.OpenTextFile(strGroupsFile, intForReading, False)
While Not objGroups.AtEndOfStream
	strGroupName = objGroups.ReadLine
	Set objGroup = objOU.Create("Group", "cn=" & strGroupName)
	objGroup.Put "sAMAccountName", strGroupName
	
	Select Case strResponse
		Case "1"
			objGroup.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
			objResults.WriteLine "Creating Domain Local Distribution groups."
		Case "2"
			objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
			objResults.WriteLine "Creating Global Security groups."
		Case "3"
			objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP
			objResults.WriteLine "Creating Universal Distribution groups."
		Case "4"
			objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
			objResults.WriteLine "Creating Universal Security groups."
		Case Else
			boolInvalidGroupType = True
	End Select
	
	If boolInvalidGroupType = False Then
		On Error Resume Next
		objGroup.SetInfo
		If Err.Number <> 0 Then
			'MsgBox strGroupName & " already exists."
			objResults.WriteLine strGroupName & " already exists. Users have not been altered."
			Err.Clear
			On Error GoTo 0
		Else
			On Error GoTo 0	
			objGroup.PutEx ADS_PROPERTY_APPEND, "member", arrAllDNs 
			objGroup.SetInfo
			objResults.WriteLine strGroupName & " created. Users added."
		End If
	Else
		MsgBox "Invalid group type selected."
	End If
	
	Set objGroup = Nothing
Wend
objGroups.Close
Set objGroups = Nothing

objResults.Close

MsgBox "Done"

Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
	
	If InStr(strObjectToGet, "\") > 0 Then
		arrGroupBits = Split(strObjectToGet, "\")
		strDC = arrGroupBits(0)
		strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
		strObjectToGet = arrGroupBits(1)
	Else
		Set objRootDSE = GetObject("LDAP://RootDSE")
		strDNSDomain = objRootDSE.Get("defaultNamingContext")
	End If

	strBase = "<LDAP://" & strDNSDomain & ">"
	' Setup ADO objects.
	Set adoCommand = CreateObject("ADODB.Command")
	Set adoConnection = CreateObject("ADODB.Connection")
	adoConnection.Provider = "ADsDSOObject"
	adoConnection.Open "Active Directory Provider"
	adoCommand.ActiveConnection = adoConnection

 
	' Filter on user objects.
	'strFilter = "(&(objectCategory=person)(objectClass=user))"
	strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"

	' Comma delimited list of attribute values to retrieve.
	strAttributes = strCommaDelimProps
	arrProperties = Split(strCommaDelimProps, ",")

	' Construct the LDAP syntax query.
	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
	adoCommand.CommandText = strQuery
	adoCommand.Properties("Page Size") = 100
	adoCommand.Properties("Timeout") = 30
	adoCommand.Properties("Cache Results") = False

	WScript.Echo ""
	WScript.Echo "Executing " & strQuery
	' Run the query.
	Set adoRecordset = adoCommand.Execute
	' Enumerate the resulting recordset.
	Do Until adoRecordset.EOF
	    ' Retrieve values and display.    
	    For intCount = LBound(arrProperties) To UBound(arrProperties)
	    	If strDetails = "" Then
	    		strDetails = adoRecordset.Fields(intCount).Value
	    	Else
	    		strDetails = strDetails & VbCrLf & adoRecordset.Fields(intCount).Value
	    	End If
	    Next
	    ' Move to the next record in the recordset.
	    adoRecordset.MoveNext
	Loop

	' Clean up.
	adoRecordset.Close
	adoConnection.Close
	Get_LDAP_User_Properties = strDetails

End Function 

Open in new window

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Krzysztof PytkoActive Directory EngineerCommented:
Rob gave you great solution and I would use it in your case. However, if you are interested in something simple using DSADD command with for loop, please let me know. I will give you a script for that

But as I said, Rob gave you complete solution and if you only want to create groups, follow his script

Regards,
Krzysztof
0
 
mystikal1000Author Commented:
Rob I really don't need to add users, however I left it blank.

I am getting an error when trying to test with one group.




Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

c:\AD_Groups.vbs(26, 1) (null): 0x80005000
0
 
RobSampsonCommented:
An error on line 26 (which is this line)
strOU = "CN=Users," & strDomain

means that the OU cannot be found.  The OU segments are specified backwards when in distinguished name format.

In your AD, say you wanted to put the groups into
domain.com\Offices\Office1\Groups

So for strOU, you would use
strOU = "OU=Groups,OU=Office1,OU=Offices," & strDomain

Try that and see how you go.

Regards,

Rob.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now