Moving Users to Security Groups

Posted October 21, 2008 · October 21, 2008

Hi,

I am creating an Windows 2008 domain with 600 users.

I would like to know if anyone knows a script to add those users to 50

Security Groups previously created.

Thanks for while.

Luiz

Posted October 21, 2008 · October 21, 2008

Re: Moving Users to Security Groups

Hello Luiz,

See here for sample scripts:

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx?mfr=true

Best regards

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hi,

>

> I am creating an Windows 2008 domain with 600 users.

> I would like to know if anyone knows a script to add those users to 50

> Security Groups previously created.

> Thanks for while.

>

> Luiz

>

Posted October 22, 2008 · October 22, 2008

Re: Moving Users to Security Groups

Luiz wrote:

>

> I am creating an Windows 2008 domain with 600 users.

> I would like to know if anyone knows a script to add those users to 50

> Security Groups previously created.

>

> Thanks for while.

In a VBScript program the method I use to add a user to a security group is:

1. Bind to the user object

2. Bind to the group object.

3. Use the IsMember method of the group object to check if the user is

already a member (not required if you have just created the user).

3. Use the Add method of the group object to add the user to the group.

You pass the AdsPath of the user to both the IsMember and Add methods. For

example:

======

Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")

Set objGroup = GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com")

If (objGroup.IsMember(objUser.AdsPath) = False) Then

objGroup.Add(objUser.AdsPath)

End If

=======

If you are creating the 600 users in a script, you could add steps to make

them members of the groups. I would bind to the 50 groups once, then in the

loop where you create the users add 50 statements to add each new user to

the groups (invoking the Add method of each of the 50 groups and passing the

AdsPath of the new users).

If the 600 users already exist you need some way to bind to them. It would

help if they are all in an OU. Then you could bind to the OU and enumerate

all user objects in the OU. For example:

==========

' Bind to all groups (4 in this example).

Set objGroup1 = GetObject("LDAP://cn=TestGroup1,ou=East,dc=MyDomain,dc=com")

Set objGroup2 = GetObject("LDAP://cn=TestGroup2,ou=East,dc=MyDomain,dc=com")

Set objGroup3 = GetObject("LDAP://cn=TestGroup3,ou=East,dc=MyDomain,dc=com")

Set objGroup4 = GetObject("LDAP://cn=TestGroup4,ou=East,dc=MyDomain,dc=com")

' Bind to OU with 600 users.

Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")

' Filter on user objects.

objOU.Filter = Array("user")

' Enumerate all users.

For Each objUser In objOU

' Add each user to the groups.

If (objGroup1.IsMember(objUser.AdsPath) = False) Then

objGroup1.Add(objUser.AdsPath)

End If

If (objGroup2.IsMember(objUser.AdsPath) = False) Then

objGroup2.Add(objUser.AdsPath)

End If

If (objGroup3.IsMember(objUser.AdsPath) = False) Then

objGroup3.Add(objUser.AdsPath)

End If

If (objGroup4.IsMember(objUser.AdsPath) = False) Then

objGroup4.Add(objUser.AdsPath)

End If

Otherwise, you need some way to identify the users. I hope this helps.

--

Richard Mueller

MVP Directory Services

Hilltop Lab - http://www.rlmueller.net

--

Posted October 22, 2008 · October 22, 2008

Re: Moving Users to Security Groups

Thank you Meinolf.

Best Regards.

Luiz

"Meinolf Weber" wrote:

> Hello Luiz,

>

> See here for sample scripts:

> http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx?mfr=true

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and confers

> no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

> > Hi,

> >

> > I am creating an Windows 2008 domain with 600 users.

> > I would like to know if anyone knows a script to add those users to 50

> > Security Groups previously created.

> > Thanks for while.

> >

> > Luiz

> >

>

Posted October 22, 2008 · October 22, 2008

Re: Moving Users to Security Groups

Thank you Richard.

Best Regards.

Luiz

"Richard Mueller [MVP]" wrote:

> Luiz wrote:

>

> >

> > I am creating an Windows 2008 domain with 600 users.

> > I would like to know if anyone knows a script to add those users to 50

> > Security Groups previously created.

> >

> > Thanks for while.

>

> In a VBScript program the method I use to add a user to a security group is:

>

> 1. Bind to the user object

> 2. Bind to the group object.

> 3. Use the IsMember method of the group object to check if the user is

> already a member (not required if you have just created the user).

> 3. Use the Add method of the group object to add the user to the group.

>

> You pass the AdsPath of the user to both the IsMember and Add methods. For

> example:

> ======

> Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")

> Set objGroup = GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com")

> If (objGroup.IsMember(objUser.AdsPath) = False) Then

> objGroup.Add(objUser.AdsPath)

> End If

> =======

> If you are creating the 600 users in a script, you could add steps to make

> them members of the groups. I would bind to the 50 groups once, then in the

> loop where you create the users add 50 statements to add each new user to

> the groups (invoking the Add method of each of the 50 groups and passing the

> AdsPath of the new users).

>

> If the 600 users already exist you need some way to bind to them. It would

> help if they are all in an OU. Then you could bind to the OU and enumerate

> all user objects in the OU. For example:

> ==========

> ' Bind to all groups (4 in this example).

> Set objGroup1 = GetObject("LDAP://cn=TestGroup1,ou=East,dc=MyDomain,dc=com")

> Set objGroup2 = GetObject("LDAP://cn=TestGroup2,ou=East,dc=MyDomain,dc=com")

> Set objGroup3 = GetObject("LDAP://cn=TestGroup3,ou=East,dc=MyDomain,dc=com")

> Set objGroup4 = GetObject("LDAP://cn=TestGroup4,ou=East,dc=MyDomain,dc=com")

>

> ' Bind to OU with 600 users.

> Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")

> ' Filter on user objects.

> objOU.Filter = Array("user")

>

> ' Enumerate all users.

> For Each objUser In objOU

> ' Add each user to the groups.

> If (objGroup1.IsMember(objUser.AdsPath) = False) Then

> objGroup1.Add(objUser.AdsPath)

> End If

> If (objGroup2.IsMember(objUser.AdsPath) = False) Then

> objGroup2.Add(objUser.AdsPath)

> End If

> If (objGroup3.IsMember(objUser.AdsPath) = False) Then

> objGroup3.Add(objUser.AdsPath)

> End If

> If (objGroup4.IsMember(objUser.AdsPath) = False) Then

> objGroup4.Add(objUser.AdsPath)

> End If

> Next

> ==========

> Otherwise, you need some way to identify the users. I hope this helps.

>

> --

> Richard Mueller

> MVP Directory Services

> Hilltop Lab - http://www.rlmueller.net

> --

>

Sign In

Moving Users to Security Groups

Recommended Posts

Guest Luiz

Popular Days

Popular Days

Guest Meinolf Weber

Guest Richard Mueller [MVP]

Guest Luiz

Guest Luiz

Similar Content

Workgroup & Groups

My administrator user was removed from admin group and I need to reimage the laptop.

Temp User profile create in multiple device. how to stop this problem in group ?

Group Policy Object Question

ActiveDirectory user properties

Browse

Activity

Site Info