AD Group membership help

[swlymer]

Hello, I am trying to create a script that enumerates group membership of one user (stemplateUsr) and adds another user (strUserDN) to those groups.

Here is the pertinent code from my script:

************************************************************
Set adsNameTranslate = CreateObject("NameTranslate")
adsNameTranslate.Init ADS_NAME_INITTYPE_GC, ""


' Set the user name into NameTranslation
adsNameTranslate.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & adsUser

' Get the DN of the user
strUserDN = adsNameTranslate.Get(ADS_NAME_TYPE_1779)
WScript.Echo strUserDN


' Bind to the user object
'This is the new account to be created
Set adsUser = GetObject("LDAP://" & strUserDN)

' Bind to the template user object
'This is the account to copy groups fromo
Set objUser = GetObject("LDAP://" & stemplateUsr)

'Enumerate Groups the template user belongs To
Set objGroup = objUser.memberof


For Each Memberof in objGroup
objGroup.add adsUser.adspath
Next

************************************************************

When I run my script I get "Object not a collection".

Any help is appreciated!!

Scot Lymer

 

[dm4ever]

You need to bind to the group that you want to add users to.

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb03.mspx

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid

 

[swlymer]

OK, I made some modifications to my code but I still can't seem to add a newly created user to groups of an existing user. The code is listed below. Any help is appreciated.

Thansk!!

"""""""""""""""""""""""""""""""""""""""""""""""""""
Dim strNetBIOSDomain, strNTName, strUserDN
Dim rootdse, domainContainer, adsNameTranslate
Dim adsUser, templuser

strNetBIOSDomain = "SOI"
strNTName = rs("Unique_Identifier")
sTemplateUser = rs("copyfrom")
'WScript.Echo strNTName
'WScript.Echo sTemplateUser

'Bind To AD
Set rootdse = GetObject("LDAP://rootdse")
domainContainer = rootdse.Get("defaultNamingContext")

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
Const ADS_NAME_TYPE_DISPLAY = 4
Const ADS_PROPERTY_CLEAR = 1
Const ADS_PROPERTY_UPDATE = 2
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_DELETE = 4

Set adsNameTranslate = CreateObject("NameTranslate")
adsNameTranslate.Init ADS_NAME_INITTYPE_GC, ""

WScript.Echo strNetBIOSDomain & "\" & strNTName

'WScript.Sleep 100000
'Set the user name into NameTranslate
adsNameTranslate.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
adsNameTranslate.Get(ADS_NAME_TYPE_1779)



' Get the DN of the user
strUserDN = adsNameTranslate.Get(ADS_NAME_TYPE_1779)
WScript.Echo strUserDN


' Bind to the user object

Set adsUser = GetObject("LDAP://" & strUserDN)
'WScript.Echo adsUser
WScript.Echo sTemplateUser
Set templuser = GetObject("LDAP://" & sTemplateUser)
'WScript.Echo templuser

Dim strGroupDN, objGroup

If not IsNull (adsUser) Then
WScript.Echo "User Fouond"
strGroupDN = templuser.GetEx("memberof")
for each strGroupDN in templuser.GetEx("memberOf")
WScript.Echo strGroupDN
Set objGroup = GetObject("LDAP://" & strGroupDN)
WScript.Echo "Add to group"
'WScript.Echo objGroup
objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(strUserDN)
objGroup.SetInfo
Next

Else

WScript.Echo "User not found"
'objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
adsNameTranslate.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
adsNameTranslate.Get(ADS_NAME_TYPE_1779)

' Get the DN of the user
strUserDN = adsNameTranslate.Get(ADS_NAME_TYPE_1779)
Set adsUser = GetObject("LDAP://" & strUserDN)
WScript.Echo strGroupDN
End If

''''''''''''''''''''''''''''''''''''''''''''''''''''

 

[dm4ever]

Try the following...if it works for you...the next step would be to get the distinguished name for the user you want by simply providing the username.

http://www.microsoft.com/technet/scriptcenter/scripts/misc/searchad/mssevb04.mspx

Const ADS_PROPERTY_APPEND = 3

Dim objTemplateUser, objUserAdd, objGroup, group

objUserAdd = "CN=someuser,OU=someou,DC=domain,DC=com"

Set objTemplateUser = GetObject("LDAP://CN=templateuser,OU=someou,DC=domain,DC=com")

For Each group In objTemplateUser.Groups
	Set objGroup = GetObject("LDAP://" & group.distinguishedName)
	objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(objUserAdd)
	objGroup.SetInfo
Next

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid

 

[swlymer]

Thanks for the help. The code works fine when the template user and the new user are hard-coded so I am now attempting to variablize the template and new user. 1 question I have, however, is there anyway to overcome the "Name translation: Could not find the name or insufficient rights to see the name" error?

Thanks again for your help!!!!

 

[markdmac]

Here is a more robust version that works along the same lines as what dm4ever provided.

'==========================================================================
'
' NAME: CloneUserGroups.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 4/17/2007
' COPYRIGHT (c) 2007 All Rights Reserved
'
' COMMENT: Copies group memberships from one user to another
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'
'==========================================================================


On Error Resume Next
Const ADS_PROPERTY_APPEND = 3
Dim strSourceUser, strAddUser, objTemplateUser, objUserAdd, objGroup, group, oShell

'Force CScript
Set oShell = CreateObject("Wscript.Shell")

forceUseCScript

Sub forceUseCScript()
   If Not WScript.FullName = WScript.Path & "\cscript.exe" Then
      oShell.Popup "Launched using wscript. Relaunching...",3,"WSCRIPT"
      oShell.Run "cmd.exe /k " & WScript.Path & "\cscript.exe //NOLOGO " & Chr(34) & WScript.scriptFullName & Chr(34),1,False
      WScript.Quit 0
   End If
End Sub 

' Check for command line arguments.
Dim obArgs
Dim cArgs

Set obArgs = WScript.Arguments
cArgs = obArgs.Count

If obArgs.Count <> 2 Then
    Wscript.StdOut.Write "Enter Username To Copy: "        ' prompt user for input
    strSourceUser = Wscript.StdIn.ReadLine               ' get user's name (Template User)

    Wscript.StdOut.Write "Enter User To Join To Groups: "        ' prompt user for input
    strAddUser = Wscript.StdIn.ReadLine               ' get user's name (Target User)
Else
    strSourceUser = obArgs.Item(0)
    strAddUser = obArgs.Item(1)
End If

Set objSourceUser = GetObject("LDAP://" & SearchDistinguishedName(strSourceUser))
objUserAdd = SearchDistinguishedName(strAddUser)

For Each group In objSourceUser.Groups
	Set objGroup = GetObject("LDAP://" & group.distinguishedName)
    objGroup.PutEx ADS_PROPERTY_APPEND, _
	"member", Array(objUserAdd)
	objGroup.SetInfo
    
    If Err.Number <> 0 And Err.Number <> -2147019886 Then
    	WScript.Echo  Err.Number, Err.Description
    End If
Next

WScript.Echo "Group Clone Operation Completed"

Public Function SearchDistinguishedName(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[swlymer]

Thanks for the function. However, excuse my ignorance but this line is giving me a syntax error and I don't see what the error is.

Public Function SearchDistinguishedName(ByVal vSAN)

Thanks again for the help!!

 

[markdmac]

You saved the text to a VBS file right?

The line in question is the start of the function. Your profile says you are a developer, is that not the case?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[swlymer]

Actually, I am a security engineer tasked w/ some VBScript work. So no, I am not a developer.

Thanks!!

 

[swlymer]

and, yes, I did save the code w/ a VBS extension. I actually added your code as a function into my existing code but am receiving a syntax error at the beginning of the function.

Thanks!!

 

[PHV]

Probably the code BEFORE the function is not well terminated.