Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
logon script that joins domain users in an OU to domain groups 1
- Thread starter solec
- Start date
- Thread starter
- #21
- Thread starter
- #23
You say thing piece by piece. Were I an attorney in this regard? And maybe mrmovie can step in for deeper insight.
Sure you can with the same script except that adsysteminfo is tied to login. But why at login time? Also, you did not show the "good candidate" user's info. If the data is good and failed to add, you have a permission problem to reckon with.
Add error control to see the error number and description. (Again for debug purpose, not for permenant use.)
[tt]
on error resume next
objGroup.Add objUser.ADsPath
if err.number=0 then
objGroup.SetInfo
else
wscript.echo hex(err.number) & vbcrlf & err.description
end if
on error goto 0
[/tt]
Sure you can with the same script except that adsysteminfo is tied to login. But why at login time? Also, you did not show the "good candidate" user's info. If the data is good and failed to add, you have a permission problem to reckon with.
Add error control to see the error number and description. (Again for debug purpose, not for permenant use.)
[tt]
on error resume next
objGroup.Add objUser.ADsPath
if err.number=0 then
objGroup.SetInfo
else
wscript.echo hex(err.number) & vbcrlf & err.description
end if
on error goto 0
[/tt]
with regards to debugging i would suggest it is good practice to echo every thing, also dont use On Error Resume Next in the first instance (unless, as tsuji suggests, you might expect an error and you want to trap it)
Your use of
Set objOU=GetObject("LDAP://" & strOU)
is not needed, you are simply comparing strings you dont need this additional bind
Set objUser = GetObject(strUserPath)
Set objParent = GetObject(objUser.Parent)
Set objOU=GetObject("LDAP://" & strOU)
Wscript.Echo objParent.ADsPath & "=parent"
Wscript.Echo "LDAP://" & strOU
If strcomp(objParent.ADsPath,"LDAP://" & strOU,1)=0 Then
Wscript.echo "we have a match"
Set objGroup = GetObject("LDAP://" & strGroup)
Wscript.Echo "after bind to group"
wscript.echo objGroup.grouptype
on error resume next
'error checking as per tsuji's posts
objGroup.Add objUser.ADsPath
objGroup.SetInfo
on error goto 0
Set objGroup = Nothing
End If
more over, as tsuji suggests, why do it at logon? an admin script to enumerate all users in the OU and then add them to a group....
something like this might do the job
Set objOU=GetObject("LDAP://" & strOU)
Set objGroup = GetObject("LDAP://" & strGroup)
For Each aObject In objOU
'check its a user object???
objGroup.Add aObject.ADsPath
Next
Set objGroup = Nothing
Set objOU = Nothing
Your use of
Set objOU=GetObject("LDAP://" & strOU)
is not needed, you are simply comparing strings you dont need this additional bind
Set objUser = GetObject(strUserPath)
Set objParent = GetObject(objUser.Parent)
Set objOU=GetObject("LDAP://" & strOU)
Wscript.Echo objParent.ADsPath & "=parent"
Wscript.Echo "LDAP://" & strOU
If strcomp(objParent.ADsPath,"LDAP://" & strOU,1)=0 Then
Wscript.echo "we have a match"
Set objGroup = GetObject("LDAP://" & strGroup)
Wscript.Echo "after bind to group"
wscript.echo objGroup.grouptype
on error resume next
'error checking as per tsuji's posts
objGroup.Add objUser.ADsPath
objGroup.SetInfo
on error goto 0
Set objGroup = Nothing
End If
more over, as tsuji suggests, why do it at logon? an admin script to enumerate all users in the OU and then add them to a group....
something like this might do the job
Set objOU=GetObject("LDAP://" & strOU)
Set objGroup = GetObject("LDAP://" & strGroup)
For Each aObject In objOU
'check its a user object???
objGroup.Add aObject.ADsPath
Next
Set objGroup = Nothing
Set objOU = Nothing
Just a side note. I add on error resume next at that spot because it is way _too_ easy at testing and at production, especially running every login, to add oneself to the group who is already a member. Otherwise, those who know me via posts, know I am not impressed at all blanket on error resume next at the top.
no worries tsuji, wasnt meaning to flame you post, was making a comment on solec's initial use. good point on the 'already a member thing'. its funny how little defense we tend to put in when posting this forum, why use a sledge hammer
>you are simply comparing strings you dont need this additional bind.
I am not defensive here. That binding I suggested is of this idea in mind. You know the lexical space of the adspath or dn is manifold. You can insert semantically insignificant whitespace after comma. Hence, in order free from that hassel, binding to the object and then retrieve the adspath and dn will result from the output of a consistent engine making the strcomp() or any string comparison algorithm more consistent and assurance.
ps: Do they, 150 an hour?! You must draft thing out before calling!
I am not defensive here. That binding I suggested is of this idea in mind. You know the lexical space of the adspath or dn is manifold. You can insert semantically insignificant whitespace after comma. Hence, in order free from that hassel, binding to the object and then retrieve the adspath and dn will result from the output of a consistent engine making the strcomp() or any string comparison algorithm more consistent and assurance.
ps: Do they, 150 an hour?! You must draft thing out before calling!
without wanting to bind to every user object in the OU, or every user object in the target group a dictionary object might help
Set dicObjectMembers = CreateObject("Scripting.Dictionary")
Set objOU=GetObject("LDAP://" & strOU)
Set objGroup = GetObject("LDAP://" & strGroup)
For Each aObject In objGroup.Members
If aObject.Class = "user" Then
dicObjectMembers.Add UCase(aObject.ADsPath), "hmm"
End If
Next
For Each aObject In objOU
'check its a user object???
If aObject.Class = "user" Then
If Not dicObjectMembers.Exists(UCase(aObject.ADsPath)) Then
objGroup.Add aObject.ADsPath
End If
End If
Next
Set objGroup = Nothing
Set objOU = Nothing
i am just guessing to the efficiency of this approach
Set dicObjectMembers = CreateObject("Scripting.Dictionary")
Set objOU=GetObject("LDAP://" & strOU)
Set objGroup = GetObject("LDAP://" & strGroup)
For Each aObject In objGroup.Members
If aObject.Class = "user" Then
dicObjectMembers.Add UCase(aObject.ADsPath), "hmm"
End If
Next
For Each aObject In objOU
'check its a user object???
If aObject.Class = "user" Then
If Not dicObjectMembers.Exists(UCase(aObject.ADsPath)) Then
objGroup.Add aObject.ADsPath
End If
End If
Next
Set objGroup = Nothing
Set objOU = Nothing
i am just guessing to the efficiency of this approach
- Thread starter
- #32
Hi Mr. Movie and Tsuji,
First of all, i would like to congratulate ur binary minds for the contribution, i hope i did not create confusion between you guys, I really thank you guys for helping me get to the bottom line of this and whew!!! what a beautiful minds you guys have, Mr. Movie, the Dictionary thing work as a champ, and i will surely follow ur advice for reading scripting books, Tsuji and Mr.Movie Kudo's to you.! Thanks a lot and more power!
Solec
First of all, i would like to congratulate ur binary minds for the contribution, i hope i did not create confusion between you guys, I really thank you guys for helping me get to the bottom line of this and whew!!! what a beautiful minds you guys have, Mr. Movie, the Dictionary thing work as a champ, and i will surely follow ur advice for reading scripting books, Tsuji and Mr.Movie Kudo's to you.! Thanks a lot and more power!
Solec
- Status
Similar threads
