|
|
I saw the below script example on how to modify group membership to clear a
member list and add two users. How do i modify it to take an input file,
where the input file is a CSV text file simply containing user ids. these
user ids are already defined as users in AD, so I just need to add them as
group members. The purpose of this is to modify the group memnership which
in turns controls which users have access to a shared network directory. The
script will be run nightly since user membership in the group changes daily.
Const ADS_PROPERTY_UPDATE = 2
Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.PutEx ADS_PROPERTY_UPDATE, "member", _
Array("cn=YoungRob,ou=R&D,dc=NA,dc=fabrikam,dc=com", _
"cn=ShenAlan,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
|
|
"Jake Gamlieli" <JakeGamlieli[ at ]discussions.microsoft.com> wrote in message
news:DB8FF739-044B-480C-A2F2-BB2B6582A53C[ at ]microsoft.com...
[Quoted Text] >I saw the below script example on how to modify group membership to clear a
> member list and add two users. How do i modify it to take an input file,
> where the input file is a CSV text file simply containing user ids. these
> user ids are already defined as users in AD, so I just need to add them as
> group members. The purpose of this is to modify the group memnership
> which
> in turns controls which users have access to a shared network directory.
> The
> script will be run nightly since user membership in the group changes
> daily.
>
> Const ADS_PROPERTY_UPDATE = 2
>
> Set objGroup = GetObject _
> ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
>
> objGroup.PutEx ADS_PROPERTY_UPDATE, "member", _
> Array("cn=YoungRob,ou=R&D,dc=NA,dc=fabrikam,dc=com", _
> "cn=ShenAlan,ou=R&D,dc=NA,dc=fabrikam,dc=com")
> objGroup.SetInfo
>
I have an example VBScript program that adds users to a group using
Distinguished Names read from a text file. The program is linked here:
http://www.rlmueller.net/Add%20Users%20to%20Group%202.htm
The program assumes one Distinguished Name per line. You may be planning on
using the NT names of the users, also called the "pre-Windows 2000 logon
name", instead of Distinguished Names. This is the value of the
sAMAccountName attribute. If so, a script can use the NameTranslate object
to convert the NT names to Distinguished Names. For more info, see this
link:
http://www.rlmueller.net/NameTranslateFAQ.htm
If you use Distinguished Names, a csv file can be a problem. Distinguished
Names always have embedded commas, so the names must be enclosed in quotes.
A script would have trouble parsing the file and the quotes would need to be
stripped off.
Finally, if you use Common Names, the values may not uniquely identify the
users. Much code would be required to find the corresponding user and ensure
there was only one user with the give Common Name.
The best way to add users to a group, especially in this case where the
script will run repeatedly, is to bind to the group object and use the
IsMember method to check if the user is already a member. If not, use the
Add method of the group object to add the user. The IsMember and Add methods
both take the AdsPath of the prospective member as argument. Otherwise an
error is raised if you attempt to add a user that is already a member.
An example VBScript program to read NT names from a file (one name per
line), use NameTranslate, and add to a specified group could be:
=========================
Const ForReading = 1
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Use the NameTranslate object.
Set objTrans = CreateObject("NameTranslate")
' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use Set method to specify DNS domain name.
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
' Use Get method to retrieve NetBIOS name of domain.
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
' Specify text file of user NT Names.
strFile = "c:\Scripts\Members.txt"
' Specify DN of group.
strGroupDN = "cn=TestGroup,ou=Sales,dc=MyDomain,dc=com"
' Bind to the group object.
Set objGroup = GetObject("LDAP://" & strGroupDN)
' Use FSO to open text file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)
' Read the text file.
Do Until objFile.AtEndOfStream
' Retrieve user NT name.
strUser = Trim(objFile.ReadLine)
' Skip blank lines.
If (strUser <> "") Then
' Use Set method to specify NT Name.
' Trap error if user not found.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain _
& "\" & strUser
If (Err.Number = 0) Then
On Error GoTo 0
' User Get method to retrieve Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to user object.
Set objUser = GetObject("LDAP://" & strUserDN)
' Check if user already a member of the group.
If (objGroup.IsMember(objUser.AdsPath) = False) Then
' Add user to the group.
objGroup.Add(objUser.AdsPath)
End If
Else
On Error GoTo 0
' user does not exist.
Wscript.echo "User " & strUser & " not found."
End If
End If
Loop
' Clean up.
objFile.Close
===========
If you use a comma delimited file, you can use the ReadAll method of the
objFile object to read the entire contents of the file into a string
variable, then use the Split function to parse the string names delimited by
commas into an array. Then you would loop through the array in a For/Each
loop similar to the loop above.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
|
|
|