Question on Adding users to group via DSAdd and VBScript. 1

[windowsfan]

I want to add a user to multiple groups via dsadd I tried the below script and it will work fine if I add user to one group, will not work when I try to add it to multiple groups, may be I missing something. I used both comma and semicolon between two groups but it will still not work. what I am doing wrong?

-memberof "cn=BH Residents,ou=Existing Groups,ou=BH Application Groups,dc=zhc,dc=botsford,dc=org","cn=3 North,ou=Existing Groups,ou=BH Application Groups,dc=zhc,dc=botsford,dc=org"

Same question on how to add user to multiple groups via VBScript.
strMemberOf=strMemberOf=Trim(objExcel.Cells(intRow, 18).Value)
objUser.memberOf=strMemberOf

value in cell 18 in excel is :
CN=BH Externs,OU=Existing Groups,OU=BH Application Groups,DC=zhc,DC=botsford,DC=org;CN=BH Externs1,OU=Existing Groups,OU=BH Application Groups,DC=zhc,DC=botsford,DC=org

 

[kmcferrin]

It seems like there is a lot of info missing from your post, like the script that you are using. What I can say for sure though is that if you are using a VBScript to parse an Excel sheet to get a list of usernames and groups to add them to, then you can't add them to multiple groups simultaneously by putting multiple groups in the same spreadsheet cell.

Generally what you're doing is binding to an object that represents a group, then adding a member to a list of members. You'll have to bind multiple objects to add to multiple groups, which means looping through the add operation.

 

[windowsfan]

any sample script I can check?

how about adding users to multiple group using DSAdd?

Any sample script I can use to create a new user based on existing user?

 

[58sniper]

I don't think DSAdd will do it either. You could add the users using DSAdd, then go back and maybe use DSModify.

Pat Richard
Microsoft Exchange MVP

 

[markdmac]

you can't add them to multiple groups simultaneously by putting multiple groups in the same spreadsheet cell.

Really? Care to bet lunch on that one? ;-)

Read the contents of the cell. Use the vbscript Split function to make it into an array and then loop through the array to join the user to each group in the array.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[kmcferrin]

Well...OK, technically anything is possible. What I should have said is that you can't take a script that was written for one piece of data per cell and use the same command on two pieces of data in the same cell to make it work. You have to do each piece separately. You can split the data in the cell and do it that way, but you still have to loop through the items.

 

[windowsfan]

Hi Mark,
Any sample script I can check on how to loop?

 

[markdmac]

It is simple enough. In the below example, cellData represents text you would have read in from Excel with elements seperated by a comma. You can split on spaces or any other character as needed. Then where I have the Wscript.Echo you would do whatever work you really needed to do in your loop.

cellData = "One Fish, Two Fish, Three Fish, Blue Fish"
cellArray = Split(cellData,",")

For Each Entry In cellArray
	WScript.Echo Trim(Entry)
Next

You should probably take a look at my FAQ: faq329-4871.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[windowsfan]

sitll not working for me.

do I have to replace Entry with something else?
For Each Entry In cellArray
WScript.Echo Trim(Entry)
Next

Here's my script? I did declared variable celldata,cellarray and entry as it was giving me error that variable is not declared.
This is what I have in the memberOf cell in excel.
CN=BH Externs,OU=Existing Groups,OU=BH Application Groups,DC=zhc,DC=botsford,DC=org;
CN=BH Externs,OU=Existing Groups,OU=BH Application Groups,DC=zhc,DC=botsford,DC=org

Option Explicit
Dim objRootLDAP, objContainer, objUser, objShell
Dim strUser, strOU, strSheet
Dim objExcel, objSpread, intRow
dim strMemberOf,celldata, cellarray, entry

strOU = "OU=NewUsers," ' Note the comma
strSheet = "C:\NewUser1.xls"

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strOU & _
objRootLDAP.Get("defaultNamingContext"))

' Open the Excel spreadsheet
Set objExcel = CreateObject("Excel.Application")
Set objSpread = objExcel.Workbooks.Open(strSheet)
intRow = 3 'Row 1 often contains headings


Do Until objExcel.Cells(intRow,1).Value = ""

strMemberOf = Trim(objExcel.Cells(intRow, 18).Value)
cellArray = Split(cellData,";")

For Each Entry In cellArray
WScript.Echo Trim(Entry)
Next


intRow = intRow + 1
Loop
objExcel.Quit

 

[markdmac]

strMemberOf = Trim(objExcel.Cells(intRow, 18).Value)
cellArray = Split([red]cellDatastrMemberOf [/red],";")


I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[windowsfan]

Hi Mark,
how do I loop through and add user to multiple groups and how to set account expiration date. I tried the below code. I might not be using the right name for memberOf and AccountExpirationDate.

strAcctExp= 60 '[expires in 60 days]
strMemberOf = Trim(objExcel.Cells(intRow, 18).Value)
cellArray = Split(strMemberOf,";")
objUser.AccountExpirationDate = strAcctExp
For Each Entry In cellArray
'WScript.Echo Trim(Entry)
objUser.memberOf=Trim(Entry)
Next

 

[markdmac]

In order to add a user to a group you must bind to the group and add the user to that group. You can't add a group to a user.

Const ADS_PROPERTY_APPEND = 3
 
Set objGroup = GetObject _
    ("LDAP://cn=Atl-Users,cn=Users,dc=NA,dc=fabrikam,dc=com")
objGroup.PutEx ADS_PROPERTY_APPEND, _
    "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo

To set expiration date, you do it like this:

Set objUser = GetObject _
  ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")

objUser.AccountExpirationDate = "03/30/2005"
objUser.SetInfo

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[windowsfan]

I want to use the below script to add users. so, in order to add users to group, I cannot use memberOf?
if binding group is the only option than let's say if I want user to be member of 10 groups, that I have to bind 10 groups. I am not sure if there is a way I can make below script work by using

For Each Entry In cellArray
'WScript.Echo Trim(Entry)
objUser.memberOf=Trim(Entry)
Next

 

[markdmac]

Well windowsfan, I've given you sample code for how to join a user to a group. As I said before, the user must be joined to the group object. Membership is a property of the group, not the user. The memberOf property is read only.

IF what you propose even could work, then you would be removing all other group memberships because the memberOf is an Array that contains all group memberships.

To get this to work you need only loop through the groups and bind to each and add the user. Simply replace the WScript.Echo Trim(Entry) from my earlier post with the code needed to bind to the group and join the user.

If piecing it all together is over your head then you might want to consider bringing in an experienced scripter to do custom vbscript work for your project.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[windowsfan]

I am able to add user to a group by using memberOf property with dsadd.
is the memberOf property different for different type of script?

with dsadd I am not able to add user to more than one group,

-memberof "cn=BH Residents,ou=Existing Groups,ou=BH Application Groups,dc=zhc,dc=botsford,dc=org;cn=3 North,ou=Existing Groups,ou=BH Application Groups,dc=zhc,dc=botsford,dc=org

 

[markdmac]

Yes it is different.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[windowsfan]

MarkDmac,
with dsadd I am not able to add user to more than one group, what am I missing.

-memberof "cn=BH Residents,ou=Existing Groups,ou=BH Application Groups,dc=zhc,dc=botsford,dc=org;cn=3 North,ou=Existing Groups,ou=BH Application Groups,dc=zhc,dc=botsford,dc=org

 

[markdmac]

Don't use DSADD for this project. Use vbscript.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[windowsfan]

Hi Mark,
Every thing is working fine as except,

1)I am not able to read AccountExpirationDate from worksheet. It gives me mismatch error.
2)Is it something I can configure in the script for Password so they dont have to change it firs time they login.
3)After the script is ran, I can only open the worksheet I used in readonly mode. How can I fix this?

Option Explicit
Dim objRootLDAP,objContainer,objUser,objShell,FileServer
Dim objExcel, objSpread, intRow,FSO
Dim strUser, strOU, strSheet
Dim strCN, strSam, strFirst, strLast, strMI, strPWD, strDept, strDesc, strDispName
Dim strUPN,strAcctExp,strTitle, strHomeDrive,strHomeDirectory
Dim cellarray,entry, objGroup
Const ADS_PROPERTY_APPEND = 3
strOU = "OU=NewUsers," 'Note the comma
strSheet = "C:\Externs1.xls"
Set fso = CreateObject("Scripting.FileSystemObject")

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strOU & _
objRootLDAP.Get("defaultNamingContext"))

' Open the Excel spreadsheet
Set objExcel = CreateObject("Excel.Application")
Set objSpread = objExcel.Workbooks.Open(strSheet)
'Set FileServer = fso.GetFolder(\\ntuser\user)
intRow = 3 'Row 1 often contains headings

' Here is the 'DO...Loop' that cycles through the cells
' Note intRow, x must correspond to the column in strSheet

Do Until objExcel.Cells(intRow,1).Value = ""
strSam = Trim(objExcel.Cells(intRow, 1).Value)
strCN = Trim(objExcel.Cells(intRow, 2).Value)
strFirst = Trim(objExcel.Cells(intRow, 3).Value)
strLast = Trim(objExcel.Cells(intRow, 4).Value)
strMI=Trim(objExcel.Cells(intRow, 5).Value)
strDispName=Trim(objExcel.Cells(intRow, 6).Value)
strDesc = Trim(objExcel.Cells(intRow, 7).Value)
strDept = Trim(objExcel.Cells(intRow, 8).Value)
strTitle= Trim(objExcel.Cells(intRow,9).Value)
strUPN=Trim(objExcel.Cells(intRow, 10).Value)
strPWD = Trim(objExcel.Cells(intRow, 11).Value)
strHomeDrive = Trim(objExcel.Cells(intRow, 12).Value)
strHomeDirectory = Trim(objExcel.Cells(intRow,13).Value)
strAcctExp= Trim(objExcel.Cells(intRow,14).Value)

' Build the actual User from data in strSheet.
Set objUser = objContainer.Create("User", "cn=" & strCN)
objUser.sAMAccountName = strSam
objUser.givenName = strFirst
objUser.sn = strLast
objUser.initials=strMI
objUser.displayName=strDispName
objUser.description=strDesc
objUser.department=strDept
objUser.title=strTitle
objUser.userPrincipalName=strUPN
objUser.homeDrive=strHomeDrive
objUser.homeDirectory=strHomeDirectory

objUser.SetInfo
'Adds user to BH Residents Group
Set objGroup = GetObject("LDAP://CN=BH Externs,OU=Existing Groups,OU=BH Application Groups,DC=zhc,DC=botsford,DC=org")
objGroup.PutEx ADS_PROPERTY_APPEND,"member", Array("CN=" & strCN &",ou=NewUsers,dc=zhc,dc=botsford,dc=org")
objGroup.SetInfo

' Separate section to enable account with its password
objUser.userAccountControl = 512
objUser.pwdLastSet = 0
objUser.SetPassword strPWD
objUser.SetInfo

'Account Expiration
Set objUser = GetObject("LDAP://CN=" & strCN &",ou=NewUsers,dc=zhc,dc=botsford,dc=org")
objUser.AccountExpirationDate=strAcctExp
objUser.SetInfo

intRow = intRow + 1
Loop
'objExcel.Quit
objExcel.Application.Quit
WScript.Echo "Successfully created Users"

set objGroup=nothing
set objExcel=nothing
set objUser=nothing
set objRootLDAP=nothing
set objContainer=nothing
set objUser=nothing
set objShell=nothing
set objSpread=nothing
set intRow=nothing

 

[markdmac]

1)I am not able to read AccountExpirationDate from worksheet. It gives me mismatch error.
[blue]How have you entered the data?[/blue]

2)Is it something I can configure in the script for Password so they dont have to change it firs time they login.
[blue]
' Separate section to enable account with its password
objUser.SetPassword strPWD
objUser.AccountDisabled = FALSE
objUser.SetInfo
[/blue]

3)After the script is ran, I can only open the worksheet I used in readonly mode. How can I fix this?
[blue]
Save the document first before closing it.[/blue]


I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.