script to change group membership using an input file?

Discussion in 'Scripting' started by Jake Gamlieli, Jun 8, 2007.

  1. I saw the below script example on how to modify group membership to clear a
    member list and add two users. How do i modify it to take an input file,
    where the input file is a CSV text file simply containing user ids. these
    user ids are already defined as users in AD, so I just need to add them as
    group members. The purpose of this is to modify the group memnership which
    in turns controls which users have access to a shared network directory. The
    script will be run nightly since user membership in the group changes daily.

    Const ADS_PROPERTY_UPDATE = 2

    Set objGroup = GetObject _
    ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

    objGroup.PutEx ADS_PROPERTY_UPDATE, "member", _
    Array("cn=YoungRob,ou=R&D,dc=NA,dc=fabrikam,dc=com", _
    "cn=ShenAlan,ou=R&D,dc=NA,dc=fabrikam,dc=com")
    objGroup.SetInfo
     
    Jake Gamlieli, Jun 8, 2007
    #1
    1. Advertisements

  2. I have an example VBScript program that adds users to a group using
    Distinguished Names read from a text file. The program is linked here:

    http://www.rlmueller.net/Add Users to Group 2.htm

    The program assumes one Distinguished Name per line. You may be planning on
    using the NT names of the users, also called the "pre-Windows 2000 logon
    name", instead of Distinguished Names. This is the value of the
    sAMAccountName attribute. If so, a script can use the NameTranslate object
    to convert the NT names to Distinguished Names. For more info, see this
    link:

    http://www.rlmueller.net/NameTranslateFAQ.htm

    If you use Distinguished Names, a csv file can be a problem. Distinguished
    Names always have embedded commas, so the names must be enclosed in quotes.
    A script would have trouble parsing the file and the quotes would need to be
    stripped off.

    Finally, if you use Common Names, the values may not uniquely identify the
    users. Much code would be required to find the corresponding user and ensure
    there was only one user with the give Common Name.

    The best way to add users to a group, especially in this case where the
    script will run repeatedly, is to bind to the group object and use the
    IsMember method to check if the user is already a member. If not, use the
    Add method of the group object to add the user. The IsMember and Add methods
    both take the AdsPath of the prospective member as argument. Otherwise an
    error is raised if you attempt to add a user that is already a member.

    An example VBScript program to read NT names from a file (one name per
    line), use NameTranslate, and add to a specified group could be:
    =========================
    Const ForReading = 1
    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1

    ' Determine DNS domain name from RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Use the NameTranslate object.
    Set objTrans = CreateObject("NameTranslate")
    ' Initialize NameTranslate by locating the Global Catalog.
    objTrans.Init ADS_NAME_INITTYPE_GC, ""
    ' Use Set method to specify DNS domain name.
    objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
    ' Use Get method to retrieve NetBIOS name of domain.
    strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
    ' Remove trailing backslash.
    strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

    ' Specify text file of user NT Names.
    strFile = "c:\Scripts\Members.txt"

    ' Specify DN of group.
    strGroupDN = "cn=TestGroup,ou=Sales,dc=MyDomain,dc=com"

    ' Bind to the group object.
    Set objGroup = GetObject("LDAP://" & strGroupDN)

    ' Use FSO to open text file for read access.
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.OpenTextFile(strFile, ForReading)

    ' Read the text file.
    Do Until objFile.AtEndOfStream
    ' Retrieve user NT name.
    strUser = Trim(objFile.ReadLine)
    ' Skip blank lines.
    If (strUser <> "") Then
    ' Use Set method to specify NT Name.
    ' Trap error if user not found.
    On Error Resume Next
    objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain _
    & "\" & strUser
    If (Err.Number = 0) Then
    On Error GoTo 0
    ' User Get method to retrieve Distinguished Name.
    strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
    ' Bind to user object.
    Set objUser = GetObject("LDAP://" & strUserDN)

    ' Check if user already a member of the group.
    If (objGroup.IsMember(objUser.AdsPath) = False) Then
    ' Add user to the group.
    objGroup.Add(objUser.AdsPath)
    End If
    Else
    On Error GoTo 0
    ' user does not exist.
    Wscript.echo "User " & strUser & " not found."
    End If
    End If
    Loop

    ' Clean up.
    objFile.Close
    ===========
    If you use a comma delimited file, you can use the ReadAll method of the
    objFile object to read the entire contents of the file into a string
    variable, then use the Split function to parse the string names delimited by
    commas into an array. Then you would loop through the array in a For/Each
    loop similar to the loop above.
     
    Richard Mueller [MVP], Jun 11, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.