Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD Add user to group in usercreate script. 1

Status
Not open for further replies.
sparkbyte

sparkbyte

Technical User
Sep 20, 2002
879
US
I am needing a little help on how to add a newly created user to a few domain groups after the initial creation.

Here is the code I have thus far.

Code: 
'*******************************************************************
'	Author:		John Fuhrman
'				Lenexa Outlink Data Center
'				10910 W. 87th
'				Lenexa, Ks 66215
'
'	Date:		12/18/2006
'	Revision:	3.3
'
'	Script to create bank Terminal Server user
'	accounts for the Outlink Data Center.
'*******************************************************************


strOU= InputBox("Enter the Organizational Unit of the User" &_
		vbCrLf & "to be created.")
	If strOU = False Then Call NO_OU(1)
	If strOU = "" Then Call NO_OU(2)
'	If IsNumeric(strOU) = False Then Call NO_OU(3)

strName = InputBox("Enter the Logon ID of the User" &_
		vbCrLf & "to be created.")
	If strName = False Then Call NOName(1)
	If strName = "" Then Call NOName(2)
'	If IsNumeric((Left(strName,3))) = False Then Call NOName(3) 

strFirstName = InputBox("Enter the User's First Name")
	If strFirstName = False Then Call NOName(1)
	If strFirstName = "" Then Call NOName(2)

strLastName = InputBox("Enter the User's Last Name")
	If strLastName = False Then Call NOName(1)
	If strLastName = "" Then Call NOName(2)

strBrowserUser = MsgBox("Is this a BROWSER user?",vbYesNo)
	If strBrowserUser = vbNo Then strBrowser = "corelogin.bat"
	If strBrowserUser = vbYes Then strBrowser = "corebrow.bat"

strTellerUser = MsgBox("Is this a Teller user?",vbYesNo)
	If strTellerUser = vbYes Then strTeller = Disabled
	If strTellerUser = vbNo Then strTeller = Enabled

Call Password()

Call Main()
Call Quit(2)

Sub Main()

Set objRootDSE = GetObject("LDAP://RootDSE")
	strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objRoot = GetObject("LDAP://rootDSE")
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objDomain = GetObject("LDAP://" &_
	objRoot.Get("defaultNamingContext"))
Set objOU = GetObject("LDAP://OU=" &_
	strOU & "," & strDNSDomain) 


'Create the new User
On Error Resume Next
Set objUser = objOU.Create("User", "cn=" & strFirstName & " " & strLastName)
	objUser.Put "sAMAccountName", strName
	objUser.Put "givenName", strFirstName
	objUser.Put "sn", strLastName
	objUser.Put "distinguishedName", strFirstName & " " & strLastName
	objUser.Put "displayName", strLastName & "," & strFirstName
	objUser.Put "userPrincipalName", strName & "@corebanks.jackhenry.com"
	objUser.SetInfo
	 If Err.number <> 0 Then Call Quit(1)

'Set User TS environment
Set objUser = objOU.GetObject ("User", "cn=" & strFirstName & " " & strLastName)
		Const Enabled = 1
		Const Disabled = 0
	If objUser.class = "user" Then 
          	objUser.ConnectClientDrivesAtLogon = Disabled
			objUser.ConnectClientPrintersAtLogon = strTeller
			objUser.DefaultToMainPrinter = strTeller
			objUser.TerminalServicesInitialProgram = _
			"\\%machine%\users\%username%\bk" &_
			strBank & "\" & strBrowser
			objUser.TerminalServicesWorkDirectory = ""
'			objUser.TerminalServicesProfilePath = _
'			"\\corebanks\folders\Profiles\" & objUser.SamAccountName
			objUser.TerminalServicesHomeDirectory = ""
			objUser.TerminalServicesHomeDrive = ""
			objUser.AllowLogon = Enabled
			objUser.IsAccountLocked = True 
			objUser.SetPassword strInputReturn1
			objUser.Put "pwdLastSet", Disabled
			objUser.AccountDisabled = false
			objUser.SetInfo
	End if

'objUser.SetPassword StrPassword1
'objUser.SetPassword StrPassword2
'objUser.Put "pwdLastSet", Enabled

End Sub

Function Password()
strPassword = InputBox("Enter the User's Password")
	If strPassword = False Then Call NOPassword(1)
	If strPassword = "" Then Call NOPassword(2)
strConfPassword = InputBox("Enter the User's Password")
	If strConfPassword = False Then Call NOPassword(1)
	If strConfPassword = "" Then Call NOPassword(2)
If strPassword <> strConfPassword Then 
	Call PasswordMisMatch(1)
	Else strInputReturn1 = strPassword
End If 
End Function 

Function BrowserUser()
strBrowserUser = InputBox("Is this a BROWSER user?")
	If strBrowserUser = False Then strBrowser = "corelogin.bat"
	If strBrowserUser = True Then strBrowser = "corebrow.bat"
End Function 



Sub NO_OU(Error)
	If Error = "1" Then MsgBox("Canceled")
	If Error = "2" Then MsgBox("User's Organizational Unit not entered.")
	If Error = "3" Then MsgBox("Invalid Organizational Unit Entered!" &_
	 vbCrLf & "Example: 001")
	Call Quit(1)
End sub

Sub NOName(Error)
	If Error = "1" Then MsgBox("Canceled")
	If Error = "2" Then MsgBox("User's Name not entered.")
	If Error = "3" Then MsgBox("Invalid User Name" & vbCrLf &_
	 "Example: 888$jsmith")
	Call Quit(1)
End sub

Sub NOPassword(Error)
	If Error = "1" Then MsgBox("Canceled")
	If Error = "2" Then MsgBox("User's Password not entered.")
	Call Quit(1)
End Sub

Sub PasswordMisMatch(Error)
	If Error = "1" Then MsgBox("Passwords Do NOT Match" &_
		vbCrLf & "Try Again.")
	Call Password()
End Sub

Sub Quit(Error1)
If Error1 = "1" Then MsgBox("Script Canceled!!")
If Error1 = "2" Then MsgBox("User Account Created.")
WScript.Quit
End Sub

Sub Sure(Error1)
	If Error = "1" Then strYN = MsgBox("Are you sure?", 4, "Enter OU Prompt")
		If strYN = 6 Then 
		If strYN = 7 Then Call Quit(1)	 
	End If 
End Sub

As you can see I create the user by using inputbox promtpts then set the users terminal server settings we need. The problem is I also need to add the user to 3 - 5 global security goups in AD as well.

any help would be geatly appreciated!!

I have googled many examples, but nothing seems to fit or I am not seeing how they could be used.

Thanks!!!!!!

Thanks

John Fuhrman
Titan Global Services
 
Sort by date Sort by votes
untested, but this is what came to mind:

Code: 
' strName would be the user SamAccountName
Call AddToGroups(strName, Array("Group1", "Group2", "Group3", "Group4"))

Sub AddToGroups(strSAMAcctName, arrGroups)
	Const ADS_PROPERTY_APPEND = 3

	Dim strUser : strUser = GetDistinguishedName(strSAMAcctName) 'strName would be SamAccountName
	Dim group, objGroup
	For Each group In arrGroups
		Set objGroup = GetObject("LDAP://" & GetDistinguishedName(group))
    	objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(strUser)
    	objGroup.SetInfo
	Next
End Sub

Function GetDistinguishedName(strUserName)
' 	On Error Resume Next

	Const ADS_SCOPE_SUBTREE = 2
	
	Dim objConnection, objCommand, strDomain, objRoot, objRecordSet
	
	Set objRoot = GetObject("LDAP://rootDSE")
	strDomain = objRoot.Get("defaultNamingContext")
	Set objConnection = CreateObject("ADODB.Connection")
	Set objCommand = CreateObject("ADODB.Command")
	objConnection.Provider = ("ADsDSOObject")
	objConnection.Open "Active Directory Provider"
	objCommand.ActiveConnection = objConnection
	objCommand.CommandText = "SELECT distinguishedName FROM " & _
	    					 "'LDAP://" & strDomain & "' " & _
	                         "WHERE samAccountName = '" & strUserName & "'"
	objCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
	Set objRecordSet = objCommand.Execute
	If Not objRecordSet.EOF Then
		GetDistinguishedName = objRecordSet.Fields.Item("distinguishedName").Value
	End If
End Function

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid
 
Upvote 0 Downvote
OK, incorporated your functions but I can't seem to track down a syntax error.

Code: 
'*******************************************************************
'	Author:		John Fuhrman
'				Lenexa Outlink Data Center
'				10910 W. 87th
'				Lenexa, Ks 66215
'
'	Date:		12/18/2006
'	Revision:	3.3
'
'	Script to create bank Terminal Server user
'	accounts for the Outlink Data Center.
'*******************************************************************


strOU= InputBox("Enter the Organizational Unit of the User" &_
		vbCrLf & "to be created.")
	If strOU = False Then Call NO_OU(1)
	If strOU = "" Then Call NO_OU(2)
'	If IsNumeric(strOU) = False Then Call NO_OU(3)

strName = InputBox("Enter the Logon ID of the User" &_
		vbCrLf & "to be created.")
	If strName = False Then Call NOName(1)
	If strName = "" Then Call NOName(2)
	If IsNumeric((Left(strName,3))) = False Then Call GetBankNumber() 

strFirstName = InputBox("Enter the User's First Name")
	If strFirstName = False Then Call NOName(1)
	If strFirstName = "" Then Call NOName(2)

strLastName = InputBox("Enter the User's Last Name")
	If strLastName = False Then Call NOName(1)
	If strLastName = "" Then Call NOName(2)

strBrowserUser = MsgBox("Is this a BROWSER user?",vbYesNo)
	If strBrowserUser = vbNo Then strBrowser = "corelogin.bat"
	If strBrowserUser = vbYes Then strBrowser = "corebrow.bat"

strTellerUser = MsgBox("Is this a Teller user?",vbYesNo)
	If strTellerUser = vbYes Then strTeller = Disabled
	If strTellerUser = vbNo Then strTeller = Enabled

Call Password()

Call Main()

If strBrowser = "corebrow.bat" Then 
		 strGroup = strGetBankNumber & "Browser"
	Else strGroup = strGetBankNumber & "Win100"
End If

' strName would be the user SamAccountName
Call AddToGroups(strName, Array(strGetBankNumber, strGroup, "Remote Desktop Users"))

Call Quit(2)

Sub Main()

Set objRootDSE = GetObject("LDAP://RootDSE")
	strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objRoot = GetObject("LDAP://rootDSE")
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objDomain = GetObject("LDAP://" &_
	objRoot.Get("defaultNamingContext"))
Set objOU = GetObject("LDAP://OU=" &_
	strOU & "," & strDNSDomain) 


'Create the new User
On Error Resume Next
Set objUser = objOU.Create("User", "cn=" & strFirstName & " " & strLastName)
	objUser.Put "sAMAccountName", strName
	objUser.Put "givenName", strFirstName
	objUser.Put "sn", strLastName
	objUser.Put "distinguishedName", strFirstName & " " & strLastName
	objUser.Put "displayName", strLastName & "," & strFirstName
	objUser.Put "userPrincipalName", strName & "@corebanks.jackhenry.com"
	objUser.SetInfo
	 If Err.number <> 0 Then Call Quit(1)

'Set User TS environment
Set objUser = objOU.GetObject ("User", "cn=" & strFirstName & " " & strLastName)
		Const Enabled = 1
		Const Disabled = 0
	If objUser.class = "user" Then 
          	objUser.ConnectClientDrivesAtLogon = Disabled
			objUser.ConnectClientPrintersAtLogon = strTeller
			objUser.DefaultToMainPrinter = strTeller
			objUser.TerminalServicesInitialProgram = _
			"\\%machine%\users\%username%\bk" &_
			strBank & "\" & strBrowser
			objUser.TerminalServicesWorkDirectory = ""
'			objUser.TerminalServicesProfilePath = _
'			"\\corebanks\folders\Profiles\" & objUser.SamAccountName
			objUser.TerminalServicesHomeDirectory = ""
			objUser.TerminalServicesHomeDrive = ""
			objUser.AllowLogon = Enabled
			objUser.IsAccountLocked = True 
			objUser.SetPassword strInputReturn1
			objUser.Put "pwdLastSet", Disabled
			objUser.AccountDisabled = false
			objUser.SetInfo
	End if

End Sub

Function Password()
strPassword = InputBox("Enter the User's Password")
	If strPassword = False Then Call NOPassword(1)
	If strPassword = "" Then Call NOPassword(2)
strConfPassword = InputBox("Enter the User's Password")
	If strConfPassword = False Then Call NOPassword(1)
	If strConfPassword = "" Then Call NOPassword(2)
If strPassword <> strConfPassword Then 
	Call PasswordMisMatch(1)
	Else strInputReturn1 = strPassword
End If 
End Function 

Function BrowserUser()
strBrowserUser = InputBox("Is this a BROWSER user?")
	If strBrowserUser = False Then strBrowser = "corelogin.bat"
	If strBrowserUser = True Then strBrowser = "corebrow.bat"
End Function 

Sub NO_OU(Error)
	If Error = "1" Then MsgBox("Canceled")
	If Error = "2" Then MsgBox("User's Organizational Unit not entered.")
	If Error = "3" Then MsgBox("Invalid Organizational Unit Entered!" &_
	 vbCrLf & "Example: 001")
	Call Quit(1)
End sub

Sub NOName(Error)
	If Error = "1" Then MsgBox("Canceled")
	If Error = "2" Then MsgBox("User's Name not entered.")
	If Error = "3" Then Call GetBankNumber()
	Call Quit(1)
End sub

Function GetBankNumber()
strGetBankNumber = InputBox("Enter the Bank Number for the user?")
	If strGetBankNumber = False Then Call NoBankNum(1)
	If strGetBankNumber = "" Then Call NoBankNum(2)
	If IsNumeric(strGetBankNumber) = False Then 
		Call NoBankNum(3)
		Else 
		strGetBankNumber = strGetBankNumber
	End If 
End Function 

Sub NoBankNum(Error)
	If Error = "1" Then MsgBox("Canceled")
	Call Quit(1)
	If Error = "2" Then MsgBox("No Bank Number Entered.")
	If Error = "3" Then MsgBox("No Bank Number Entered.")
	Call GetBankNumber()
End sub


Sub NOPassword(Error)
	If Error = "1" Then MsgBox("Canceled")
	If Error = "2" Then MsgBox("User's Password not entered.")
	Call Quit(1)
End Sub

Sub PasswordMisMatch(Error)
	If Error = "1" Then MsgBox("Passwords Do NOT Match" &_
		vbCrLf & "Try Again.")
	Call Password()
End Sub

Sub Quit(Error1)
If Error1 = "1" Then MsgBox("Script Canceled!!")
If Error1 = "2" Then MsgBox("User Account Created.")
WScript.Quit
End Sub

Sub Sure(Error1)
	If Error = "1" Then strYN = MsgBox("Are you sure?", 4, "Enter OU Prompt")
		If strYN = 6 Then 
		If strYN = 7 Then Call Quit(1)	 
	End If 
End Sub 


' strName would be the user SamAccountName
'Call AddToGroups(strName, Array("Group1", "Group2", "Group3", "Group4"))

Sub AddToGroups(strSAMAcctName, arrGroups)
    Const ADS_PROPERTY_APPEND = 3

    Dim strUser : strUser = GetDistinguishedName(strSAMAcctName) 'strName would be SamAccountName
    Dim group, objGroup
    For Each group In arrGroups
        [highlight]Set objGroup = GetObject("LDAP://" & GetDistinguishedName(group))[/highlight]
        objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(strUser)
        objGroup.SetInfo
    Next
End Sub

Function GetDistinguishedName(strUserName)
'     On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2
    
    Dim objConnection, objCommand, strDomain, objRoot, objRecordSet
    
    Set objRoot = GetObject("LDAP://rootDSE")
    strDomain = objRoot.Get("defaultNamingContext")
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = ("ADsDSOObject")
    objConnection.Open "Active Directory Provider"
    objCommand.ActiveConnection = objConnection
    objCommand.CommandText = "SELECT distinguishedName FROM " & _
                             "'LDAP://" & strDomain & "' " & _
                             "WHERE samAccountName = '" & strUserName & "'"
    objCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
    Set objRecordSet = objCommand.Execute
    If Not objRecordSet.EOF Then
        GetDistinguishedName = objRecordSet.Fields.Item("distinguishedName").Value
    End If
End Function

output said:
E:\-- Farm Prep Scripts\-- Not Ready for Production\Create_New_User_Account.vbs(196, 9) (null): 0x80005000


***** script completed *****
Click to expand...

The highlighted line is 196 in the script.

My suspicion is that the GetDistinguishedName function is looking for a user and getting a group back causing it to error. Ijust don't know how to test or change it.


Thanks!!


Thanks

John Fuhrman
Titan Global Services
 
Upvote 0 Downvote
Try the GetDistinguishedName in a seperate script and see if you can get the groups distinguished name.

wscript.echo GetDistinguishedName("group name")

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid
 
Upvote 0 Downvote
I just tried it on my testbox and it worked without an error.

Are you providing valid group names?
Call AddToGroups(strName, Array("Group Name1", "Group Name1"))

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid
 
Upvote 0 Downvote
Could I see your test script?? I have tried it in a seperate script and still can't seem to get it to return an answer from the GetDistinguishedName function.

Thanks..

Thanks

John Fuhrman
Titan Global Services
 
Upvote 0 Downvote
To add a user to two groups.

If it still doesn't work, then use any method you know works in your environment for locating a AD object and retrieve its distinguished name. Tested this on a Win2k3 box.

Code: 
strName = "test.user"

AddToGroups strName, Array("testgrp - group1", "testgrp - group2")

Sub AddToGroups(strSAMAcctName, arrGroups)
    Const ADS_PROPERTY_APPEND = 3

    Dim strUser : strUser = GetDistinguishedName(strSAMAcctName) 'strName would be SamAccountName
    Dim group, objGroup
    For Each group In arrGroups
        Set objGroup = GetObject("LDAP://" & GetDistinguishedName(group))
        objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(strUser)
        objGroup.SetInfo
    Next
End Sub

Function GetDistinguishedName(strUserName)
'     On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2
    
    Dim objConnection, objCommand, strDomain, objRoot, objRecordSet
    
    Set objRoot = GetObject("LDAP://rootDSE")
    strDomain = objRoot.Get("defaultNamingContext")
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = ("ADsDSOObject")
    objConnection.Open "Active Directory Provider"
    objCommand.ActiveConnection = objConnection
    objCommand.CommandText = "SELECT distinguishedName FROM " & _
                             "'LDAP://" & strDomain & "' " & _
                             "WHERE samAccountName = '" & strUserName & "'"
    objCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
    Set objRecordSet = objCommand.Execute
    If Not objRecordSet.EOF Then
        GetDistinguishedName = objRecordSet.Fields.Item("distinguishedName").Value
    End If
End Function

To verify the GetDistinguishedName works
Code: 
strName = "test.user"

'test retrieving user dn
WScript.Echo GetDistinguishedName(strName) 
'test retrieving group dn
WScript.Echo GetDistinguishedName("testgrp - group1") 

Function GetDistinguishedName(strUserName)
'     On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2
    
    Dim objConnection, objCommand, strDomain, objRoot, objRecordSet
    
    Set objRoot = GetObject("LDAP://rootDSE")
    strDomain = objRoot.Get("defaultNamingContext")
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = ("ADsDSOObject")
    objConnection.Open "Active Directory Provider"
    objCommand.ActiveConnection = objConnection
    objCommand.CommandText = "SELECT distinguishedName FROM " & _
                             "'LDAP://" & strDomain & "' " & _
                             "WHERE samAccountName = '" & strUserName & "'"
    objCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
    Set objRecordSet = objCommand.Execute
    If Not objRecordSet.EOF Then
        GetDistinguishedName = objRecordSet.Fields.Item("distinguishedName").Value
    End If
End Function



--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid
 
Upvote 0 Downvote
Took the better part of a day (off and on) but I got the script working.

The problem wasn't the GetDintinguishedName function, it was with the AddToGroups. But specifically it was that if the group the user is trying to be added to does not exist or the variable gets passed incorrectly [blush] the sub fails.

Thanks for all your assistance.

John

Thanks

John Fuhrman
Titan Global Services
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Locked
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
1K
SoftwareRT
SoftwareRT
bdwilcox
  • Locked
  • Question
Script seeing input variable value as blank but sees hard-coded value 4
Replies
6
Views
724
bdwilcox
bdwilcox
wchull
  • Locked
  • Question
How do I resolve this permissions error in my script?
Replies
0
Views
250
wchull
wchull
Alexvb6
  • Locked
  • Question
Deprecation of VBScript + Classic ASP: How to Ask Microsoft to cancel their planned craziness
Replies
0
Views
436
Alexvb6
Alexvb6
lunter
  • Locked
  • Question
How to create vbArray+vbByte (8209) in *.vbs stript
Replies
0
Views
251
lunter
lunter

Part and Inventory Search

Sponsor

Back
Top