johnnyjonathan
asked on
Input username and add it to an AD group using VBS
Hi,
I have a text file with a username (Not full DN) and I need a vbscript to read that text file (it only has the username of a single user). and add it to a specific group.
Any advise please?
I have a text file with a username (Not full DN) and I need a vbscript to read that text file (it only has the username of a single user). and add it to a specific group.
Any advise please?
ASKER
Hi,
Thanks, i tried that, edited with the group DN, the domain name and the text file but got an error (null) in line 23 (i removed the On error resume next)
Thanks, i tried that, edited with the group DN, the domain name and the text file but got an error (null) in line 23 (i removed the On error resume next)
If you can do it via powershell i can assist.
Will.
Will.
ASKER
Must use it in VBS :(
Can you add a line:
WScript.Echo strDomain & "\" & strNTName
on line 18? Just need to make sure the AD domain and user account information is valid.
ASKER
i see the username properly but the addition to the group isn't actually working
Hi, I haven't tested this at all, but I think it should work. You will need to change the name of the users.txt file, and the name of the group.
Regards,
Rob.
Regards,
Rob.
strUsers = "users.txt"
strGroupName = "YourGroupName"
Const ADS_PROPERTY_APPEND = 3
strGroupDN = Get_LDAP_User_Properties("group", "cn", strGroupName, "distinguishedName")
If strGroupDN <> "" Then
Else
WScript.Echo "Could not find group " & strGroupName & "."
Else
Set objGroup = GetObject("LDAP://" & strGroupDN)
Const ForReading = 1
Set objUsers = objFSO.OpenTextFile(strUsers, ForReading, False)
While Not objUsers.AtEndOfStream
strUserName = objUsers.ReadLine
strUserDN = ""
strUserDN = Get_LDAP_User_Properties("user", "samAccountName", strUserName, "distinguishedName")
If strUserDN <> "" Then
objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(strUserDN)
On Error Resume Next
objGroup.SetInfo
If Err.Number = 0 Then
WScript.Echo strUserName & " was added to the group " & strGroupName
Else
WScript.Echo strUserName & " is already a member of the group " & strGroupName
End If
Err.Clear
On Error Goto 0
Else
WScript.Echo "Could not find " & strUserName & ". User will not be added to the group."
End If
Wend
objUsers.Close
WScript.Echo vbcrlf & "Finished"
End If
Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
If InStr(strObjectToGet, "\") > 0 Then
arrGroupBits = Split(strObjectToGet, "\")
strDC = arrGroupBits(0)
strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
strObjectToGet = arrGroupBits(1)
Else
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
End If
strBase = "<LDAP://" & strDNSDomain & ">"
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Filter on user objects.
'strFilter = "(&(objectCategory=person)(objectClass=user))"
strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"
' Comma delimited list of attribute values to retrieve.
strAttributes = strCommaDelimProps
arrProperties = Split(strCommaDelimProps, ",")
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
WScript.Echo ""
WScript.Echo "Executing " & strQuery
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
For intCount = LBound(arrProperties) To UBound(arrProperties)
If strDetails = "" Then
strDetails = adoRecordset.Fields(intCount).Value
Else
strDetails = strDetails & VbCrLf & adoRecordset.Fields(intCount).Value
End If
Next
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
Get_LDAP_User_Properties = strDetails
End Function
ASKER
Hi Rob,
Thanks, i'm getting this error though -
Line 9
Error: Expected 'End'
?
Thanks, i'm getting this error though -
Line 9
Error: Expected 'End'
?
Oops. Please remove the Else from line 7 above.
ASKER
Thanks!
Did it and got the following -
2 Echos -
1. -------------------------- -
Windows Script Host
-------------------------- -
Executing <LDAP://DC=DOMAINNAME,DC=C OM>;(&(obj ectClass=T ESTGROUP)( cn=GROUPNA ME));disti nguishedNa me;subtree
-------------------------- -
OK
-------------------------- -
2. -------------------------- -
Windows Script Host
-------------------------- -
Could not find group TESTGROUP.
-------------------------- -
OK
-------------------------- -
Did it and got the following -
2 Echos -
1. --------------------------
Windows Script Host
--------------------------
Executing <LDAP://DC=DOMAINNAME,DC=C
--------------------------
OK
--------------------------
2. --------------------------
Windows Script Host
--------------------------
Could not find group TESTGROUP.
--------------------------
OK
--------------------------
I'm confused why objectClass is TESTGROUP? Did you change line 5? You don't need to change that. The only lines you need to change are lines 1 and 2. Line 5 makes an query for "group" object types, with the name of your strGroupName.
Rob.
Rob.
ASKER
Your right!
my mistake, this is the notification -
-------------------------- -
Windows Script Host
-------------------------- -
Executing <LDAP://DC=DOMAINNAME,DC=C OM>;(&(obj ectClass=g roup)(cn=T ESTGROUP)) ;distingui shedName;s ubtree
-------------------------- -
OK
-------------------------- -
my mistake, this is the notification -
--------------------------
Windows Script Host
--------------------------
Executing <LDAP://DC=DOMAINNAME,DC=C
--------------------------
OK
--------------------------
You can have multiple AD groups with the same CN (or RDN) so be careful when using this attribute to find the group.
The error is suggesting that no group is found at all, using the CN specified by strGroupName. Can you try it with strGroupName set to a group that has no special characters, and maybe not even spaces?
If you have the Attribute Editor tab in your ADUC console, can you verify the CN from the CN field or the DistinguishedName field?
Rob.
If you have the Attribute Editor tab in your ADUC console, can you verify the CN from the CN field or the DistinguishedName field?
Rob.
ASKER
I tried it with a group without special characters (not even a space) and i still got the same.
the executing output seems strange to me it isn't the actual DN of the group.
Any simpler way maybe to do it in PS if VBS isn't working?
the executing output seems strange to me it isn't the actual DN of the group.
Any simpler way maybe to do it in PS if VBS isn't working?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
AMAZING! Thank you so much!
No problem, sorry that took a while. Thanks for the grade.
Rob.
Rob.
Open in new window