Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Scripting for a beginer

Status
Not open for further replies.

bgfs

Technical User
Apr 6, 2005
130
GB
I've been given a task where I have to copy users from an Active Directory OU to a global Group then schedule this to happen twice daily. I've never used scripts before and haven't got a clue where to start. Can someone show me a quick way to script this action. As I've never done this before I need to know what app to use and how. Thanks
 
I should add that this is an area root user OU so there will be a few thousand users.
 
for speed you would only want to attempt to add a user to the group if it wasnt already a member of the group.
i would go about it as follows:

+ populate a dictionary object of the current members of the target group
+ bind to the OU, enum the members, as you enum do a .Exists against the existing dictionary object, then issue the add only if its not already a member
 
i found this on the internet (it doesnt do a precheck to see that the user isnt already a member of the group,,,which i presume will result in a runtime or at least speed issues..)

' GroupAddLots.vbs
' Free example VBScript to add users to a group.
' Author Guy Thomas ' Version 2.3 - May 2005
' ---------------------------------------------------------------'
Option Explicit
Dim objRootLDAP, objGroup, objUser, objOU
Dim strOU, strGroup, strDNSDomain
Dim intCounter

' Check these objects referenced by strOU, strGroup exist in strOU
strOU = "OU=Newport,"
strGroup = "CN=Coal Porters,"

' Bind to Active Directory and get LDAP name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

' Prepare the OU and the Group
Set objGroup = GetObject("LDAP://"& strGroup _
& strOU & strDNSDomain)
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)

' On Error Resume next
intCounter = 1
For Each objUser In objOU
If objUser.Class = lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next
WScript.Echo strGroup & " has " & intCounter & " new members"

Wscript.Quit

End of Add lots of members to group VBScript
 
Thanks I'll give it a try
 
Does it matter that the OU is nested and that the target global group is else where in the AD? How would I phrase the code to accomodate this?
 
strOU = "OU=Newport,"
strGroup = "CN=Coal Porters,"

just change these to something which reflects the paths in your environment, e.g

strOU = "OU=Users,OU=France," etc
 
Thanks its getting clearer. Excuse my inexperience but is the strOU the source OU and strGroup the Target group? and should you include the full distinguished to the target group also?
 
yeap, thats it, those two strings are used to 'bind' to the object in AD using the LDAP provider.

the binds using the strings you define are:

Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)

!note the use of the strDNSDomain which completes the string,m this will be the full path to the objects. (the distinguished name i believe)

for clarity and testing it would be worth doing something like
Msgbox "will try to bind to " & "LDAP://" & strGroup & strOU & strDNSDomain
Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
Msgbox "will try and bind to " & "LDAP://" & strOU & strDNSDomain
Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)
 
Thanks for you help I'll try this
 
sorry just looked over the code and the two bind calls might not be the best for you...

perhaps change this one;
"LDAP://" & strGroup & strOU & strDNSDomain
to
"LDAP://" & strGroup & strDNSDomain
 
Sorry to be an absolute beginer but how and where do I run this script?
 
you can run this script on your workstation machine.
make sure the user account which launches the script has the appropriate rights
 
Getting an error:

Script: Move.vbs
Line: 15
Char: 1
Error: An invalid dn syntax has been specified
code: 80072032
Source: (null)

Any ideas what this means
 
Forget the last one, I'm now getting:

Script: Move.vbs
Line: 15
Char: 1
Error: There is no such object on the server
Code 800720030
(source(null)

I have checked both the source and target on the AD and both exist. This is the actual code I've used:

Option Explicit
Dim objRootLDAP, objGroup, objUser, objOU
Dim strOU, strGroup, strDNSDomain
Dim intCounter

' Check these objects referenced by strOU, strGroup exist in strOU
'source OU
strOU = "ou=test2,dc=****,dc=****,dc=***,dc=uk,"
'target global group
strGroup = "cn=testtarget,dc=***,dc=****,dc=***,dc=uk,"

' Bind to Active Directory and get LDAP name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

' Prepare the OU and the Group
Set objGroup = GetObject("LDAP://"& strGroup & strDNSDomain)
Set objOU =GetObject("LDAP://"& strOU & strDNSDomain)

' On Error Resume next
intCounter = 1
For Each objUser In objOU
If objUser.Class = lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next
WScript.Echo strGroup & " has " & intCounter & " new members"

Wscript.Quit

'End of Add lots of members to group VBScript

The group testtarget is in the root of the AD. Any ideas?
 
before calling

Set objGroup = GetObject("LDAP://"& strGroup & strDNSDomain)

put this infront of it

Msgbox "about to try and bind to " & "LDAP://"& strGroup & strDNSDomain

you will probably find that because you are putting the full ADsPath in your strGroup and strOU strings you dont need the strDNSDomain bit?
 
outstanding! that worked, thanks for your help on that, now for the next stage... When I added another user and ran the script again, the error reported that the object already exists. How do I code the script to check if the item already exists in the target global group then move on to the next account if it does.
 
there are lots of approaches, two of which are:

1. dont defensive program and just wrap your "objGroup.add(objUser.ADsPath)" in "On Error Resume Next" and "On Error Goto 0".

2. at the start of your script bind to the Group and enumerate its members. update a dictionary or array with each member name. before you issue the objGroup.Add later on check if the user is in your dictionary or array

personally i prefer the second approach, unfortunately it is harder to implement. either way you will do well to audit the results, or at least confirm that all the users in the OU are infact in the group
 
Thsnks for your continued help. The script does already include this statement:

' On Error Resume next
intCounter = 1
For Each objUser In objOU
If objUser.Class = lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next

However if the users already exist in the group then it displays an error "The object already exists". If I remove the users from the target group and run the script, the message always says that one more user than is actually added has been transferred, for example, if 3 were copied, then the message says 4?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top