ADSI and group membership - what am I doing wrong "Neil Chambers" <n3llyb0y[ at ]aol.com> 13.07.2007 16:43:06 I'm trying to commit changes to group membership but nothing seems to happen #>[adsi]$grp = get-adobject -class Group -filter "(name=myGrp)" #>[adsi]$usr = get-adobject -class User -filter "(name=myUser)" #>$grp.member.add([string]$usr.distinguishedname) ## - $grp.member will show the dn of the user is showing at this point ## - now I try to save the changes - I can't find a SetInfo() method but I can find this in the PSBase: #>$grp.PSBase.CommitChanges() nadda What gives? Cheers :-) Neil

Re: ADSI and group membership - what am I doing wrong "Clint Bergman" <clint[ at ]psd267.wednet.edu> 13.07.2007 17:00:23 Here's a version of how I have successfully added a member to a group. I just installed the Quest AD cmdlets yesterday and am looking at how we might use those to accomplish the task..... $ADS_PROPERTY_APPEND = 3 $user = [ADSI]"LDAP://<PATH_TO_USER>" $group = [ADSI]"LDAP://<PATH_TO_GROUP>" $group.putEx($ADS_PROPERTY_APPEND,"member",[ at ]($user.distinguishedname)) $group.setInfo() "Neil Chambers" <n3llyb0y[ at ]aol.com> wrote in message news:uYNli.26447$ew4.7230[ at ]fe03.news.easynews.com... [Quoted Text] > I'm trying to commit changes to group membership but nothing seems to happen > > > #>[adsi]$grp = get-adobject -class Group -filter "(name=myGrp)" > #>[adsi]$usr = get-adobject -class User -filter "(name=myUser)" > #>$grp.member.add([string]$usr.distinguishedname) > ## - $grp.member will show the dn of the user is showing at this point > ## - now I try to save the changes - I can't find a SetInfo() method but I can find this in the PSBase: > #>$grp.PSBase.CommitChanges() > > nadda > > What gives? > > Cheers :-) > Neil

Re: ADSI and group membership - what am I doing wrong "Clint Bergman" <clint[ at ]psd267.wednet.edu> 13.07.2007 17:08:20 This is a multi-part message in MIME format. ------=_NextPart_000_0026_01C7C535.BD1E3300 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable If you install the Quest AD cmdlets ( = http://www.quest.com/activeroles-server/arms.aspx ) You can do = (something like): Add-QADGroupMember -identitiy (Get-QADGroup myGrp) -member = (DOMAIN\username) For more info: get-help Add-QADGroupMember From the documentation: Detailed Description Use this cmdlet to add objects to a group in Active Directory. You can = specify a list of objects to add, separating the list entries by commas. The cmdlet can use the connection that is established by the Connect- QADService cmdlet (see "Connect-QADService" earlier in this document). Example Connect to the local Administration Service with the credentials of a = specific user, add two objects (the first one specified by Domain\Name, the = second one specified by SID) to the group, and then disconnect: $pw =3D read-host "Enter password" -AsSecureString connect-QADService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw add-QADGroupMember -identity 'CN=3Dgroup1,OU=3DcompanyOU,DC=3Dcompany,DC=3Dcom' -member 'company\jsmith', 'S-1-5-21-1279736177-1630491018-182859109-1215' disconnect-QADService "Neil Chambers" <n3llyb0y[ at ]aol.com> wrote in message = news:uYNli.26447$ew4.7230[ at ]fe03.news.easynews.com... [Quoted Text] > I'm trying to commit changes to group membership but nothing seems to = happen >=20 >=20 > #>[adsi]$grp =3D get-adobject -class Group -filter "(name=3DmyGrp)" > #>[adsi]$usr =3D get-adobject -class User -filter "(name=3DmyUser)" > #>$grp.member.add([string]$usr.distinguishedname) > ## - $grp.member will show the dn of the user is showing at this point > ## - now I try to save the changes - I can't find a SetInfo() method = but I=20 > can find this in the PSBase: > #>$grp.PSBase.CommitChanges() >=20 > nadda >=20 > What gives? >=20 > Cheers :-) > Neil=20 > ------=_NextPart_000_0026_01C7C535.BD1E3300 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.6000.16481" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV><FONT face=3DArial size=3D2>If you install the Quest AD cmdlets ( = </FONT><A=20 href=3D"http://www.quest.com/activeroles-server/arms.aspx"><FONT = face=3DArial=20 size=3D2>http://www.quest.com/activeroles-server/arms.aspx</FONT></A><FON= T=20 face=3DArial size=3D2> )  You can do (something = like):</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Add-QADGroupMember -identitiy = (Get-QADGroup myGrp)=20 -member (DOMAIN\username)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>For more info:</FONT></DIV> <DIV><FONT face=3DArial size=3D2>get-help = Add-QADGroupMember</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>From the documentation:</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>Detailed = Description</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>Use this cmdlet to add = objects to a=20 group in Active Directory. You can specify a</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>list of objects to add, = separating the=20 list entries by commas.</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>The cmdlet can use the = connection that=20 is established by the Connect-</FONT></DIV> <DIV><FONT face=3DArial size=3D2>QADService cmdlet (see = =93Connect-QADService=94 earlier=20 in this document).</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>Example</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>Connect to the local = Administration=20 Service with the credentials of a specific</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>user, add two objects (the = first one=20 specified by Domain\Name, the second</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>one specified by SID) to = the group, and=20 then disconnect:</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2></FONT> </DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>$pw =3D read-host "Enter = password"=20 -AsSecureString</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>connect-QADService = -service 'localhost'=20 -proxy</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>-ConnectionAccount=20 'company\administrator'</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>-ConnectionPassword = $pw</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial = size=3D2>add-QADGroupMember</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>-identity=20 'CN=3Dgroup1,OU=3DcompanyOU,DC=3Dcompany,DC=3Dcom'</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial size=3D2>-member = 'company\jsmith',</FONT></DIV> <DIV align=3Dleft><FONT face=3DArial=20 size=3D2>'S-1-5-21-1279736177-1630491018-182859109-1215'</FONT></DIV> <DIV><FONT face=3DArial size=3D2>disconnect-QADService</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>"Neil Chambers" <</FONT><A=20 href=3D"mailto:n3llyb0y[ at ]aol.com"><FONT face=3DArial=20 size=3D2>n3llyb0y[ at ]aol.com</FONT></A><FONT face=3DArial size=3D2>> = wrote in message=20 </FONT><A = href=3D"news:uYNli.26447$ew4.7230[ at ]fe03.news.easynews.com"><FONT=20 face=3DArial=20 size=3D2>news:uYNli.26447$ew4.7230[ at ]fe03.news.easynews.com</FONT></A><FONT= =20 face=3DArial size=3D2>...</FONT></DIV><FONT face=3DArial size=3D2>> = I'm trying to=20 commit changes to group membership but nothing seems to happen<BR>> = <BR>>=20 <BR>> #>[adsi]$grp =3D get-adobject -class Group -filter=20 "(name=3DmyGrp)"<BR>> #>[adsi]$usr =3D get-adobject -class User = -filter=20 "(name=3DmyUser)"<BR>>=20 #>$grp.member.add([string]$usr.distinguishedname)<BR>> ## - = $grp.member=20 will show the dn of the user is showing at this point<BR>> ## - now I = try to=20 save the changes - I can't find a SetInfo() method but I <BR>> can = find this=20 in the PSBase:<BR>> #>$grp.PSBase.CommitChanges()<BR>> <BR>> = nadda<BR>> <BR>> What gives?<BR>> <BR>> Cheers :-)<BR>> = Neil=20 <BR>></FONT></BODY></HTML> ------=_NextPart_000_0026_01C7C535.BD1E3300--

Re: ADSI and group membership - what am I doing wrong "Neil Chambers" <n3llyb0y[ at ]aol.com> 13.07.2007 17:45:10 Thanks Chris, As you used the SetInfo() method I thought I would try it even though it isn't listed in the member properties of the object?? Anyway - my method now works a treat. Cheers, Neil "Clint Bergman" <clint[ at ]psd267.wednet.edu> wrote in message news:%23DkRO9WxHHA.3784[ at ]TK2MSFTNGP02.phx.gbl... [Quoted Text] > Here's a version of how I have successfully added a member to a group. I > just installed the Quest AD cmdlets yesterday and am looking at how we > might use those to accomplish the task..... > > $ADS_PROPERTY_APPEND = 3 > > $user = [ADSI]"LDAP://<PATH_TO_USER>" > $group = [ADSI]"LDAP://<PATH_TO_GROUP>" > $group.putEx($ADS_PROPERTY_APPEND,"member",[ at ]($user.distinguishedname)) > $group.setInfo() > > > "Neil Chambers" <n3llyb0y[ at ]aol.com> wrote in message > news:uYNli.26447$ew4.7230[ at ]fe03.news.easynews.com... >> I'm trying to commit changes to group membership but nothing seems to >> happen >> >> >> #>[adsi]$grp = get-adobject -class Group -filter "(name=myGrp)" >> #>[adsi]$usr = get-adobject -class User -filter "(name=myUser)" >> #>$grp.member.add([string]$usr.distinguishedname) >> ## - $grp.member will show the dn of the user is showing at this point >> ## - now I try to save the changes - I can't find a SetInfo() method but >> I can find this in the PSBase: >> #>$grp.PSBase.CommitChanges() >> >> nadda >> >> What gives? >> >> Cheers :-) >> Neil > >

Re: ADSI and group membership - what am I doing wrong "Jason" <nospam[ at ]nospam.com> 13.07.2007 20:58:48 [Quoted Text] > As you used the SetInfo() method I thought I would try it even though it > isn't listed in the member properties of the object?? For a discussion of the invisible methods, see: http://pathologicalscripter.wordpress.com/2006/09/28/invisible-methods-for-adsi/ Cheers, Jason ------------------------------------------------------ PowerShell Training at SANS Conferences http://www.WindowsPowerShellTraining.com ------------------------------------------------------