Jump to content

Moving Users to Security Groups

Guest Luiz

By Guest Luiz
in Windows 2003 Server

 Share

Recommended Posts

Guest Luiz

Guest Luiz

Posted
Posted

Hi,

 

I am creating an Windows 2008 domain with 600 users.

I would like to know if anyone knows a script to add those users to 50

Security Groups previously created.

 

Thanks for while.

 

Luiz

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Moving Users to Security Groups

 

Hello Luiz,

 

See here for sample scripts:

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx?mfr=true

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

> Hi,

>

> I am creating an Windows 2008 domain with 600 users.

> I would like to know if anyone knows a script to add those users to 50

> Security Groups previously created.

> Thanks for while.

>

> Luiz

>

Guest Richard Mueller [MVP]

Guest Richard Mueller [MVP]

Posted
Posted

Re: Moving Users to Security Groups

 

Luiz wrote:

>

> I am creating an Windows 2008 domain with 600 users.

> I would like to know if anyone knows a script to add those users to 50

> Security Groups previously created.

>

> Thanks for while.

 

In a VBScript program the method I use to add a user to a security group is:

 

1. Bind to the user object

2. Bind to the group object.

3. Use the IsMember method of the group object to check if the user is

already a member (not required if you have just created the user).

3. Use the Add method of the group object to add the user to the group.

 

You pass the AdsPath of the user to both the IsMember and Add methods. For

example:

======

Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")

Set objGroup = GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com")

If (objGroup.IsMember(objUser.AdsPath) = False) Then

objGroup.Add(objUser.AdsPath)

End If

=======

If you are creating the 600 users in a script, you could add steps to make

them members of the groups. I would bind to the 50 groups once, then in the

loop where you create the users add 50 statements to add each new user to

the groups (invoking the Add method of each of the 50 groups and passing the

AdsPath of the new users).

 

If the 600 users already exist you need some way to bind to them. It would

help if they are all in an OU. Then you could bind to the OU and enumerate

all user objects in the OU. For example:

==========

' Bind to all groups (4 in this example).

Set objGroup1 = GetObject("LDAP://cn=TestGroup1,ou=East,dc=MyDomain,dc=com")

Set objGroup2 = GetObject("LDAP://cn=TestGroup2,ou=East,dc=MyDomain,dc=com")

Set objGroup3 = GetObject("LDAP://cn=TestGroup3,ou=East,dc=MyDomain,dc=com")

Set objGroup4 = GetObject("LDAP://cn=TestGroup4,ou=East,dc=MyDomain,dc=com")

 

' Bind to OU with 600 users.

Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")

' Filter on user objects.

objOU.Filter = Array("user")

 

' Enumerate all users.

For Each objUser In objOU

' Add each user to the groups.

If (objGroup1.IsMember(objUser.AdsPath) = False) Then

objGroup1.Add(objUser.AdsPath)

End If

If (objGroup2.IsMember(objUser.AdsPath) = False) Then

objGroup2.Add(objUser.AdsPath)

End If

If (objGroup3.IsMember(objUser.AdsPath) = False) Then

objGroup3.Add(objUser.AdsPath)

End If

If (objGroup4.IsMember(objUser.AdsPath) = False) Then

objGroup4.Add(objUser.AdsPath)

End If

Next

==========

Otherwise, you need some way to identify the users. I hope this helps.

 

--

Richard Mueller

MVP Directory Services

Hilltop Lab - http://www.rlmueller.net

--

Guest Luiz

Guest Luiz

Posted
Posted

Re: Moving Users to Security Groups

 

Thank you Meinolf.

 

Best Regards.

 

Luiz

 

"Meinolf Weber" wrote:

> Hello Luiz,

>

> See here for sample scripts:

> http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx?mfr=true

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and confers

> no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>

> > Hi,

> >

> > I am creating an Windows 2008 domain with 600 users.

> > I would like to know if anyone knows a script to add those users to 50

> > Security Groups previously created.

> > Thanks for while.

> >

> > Luiz

> >

>

>

>

Guest Luiz

Guest Luiz

Posted
Posted

Re: Moving Users to Security Groups

 

Thank you Richard.

 

Best Regards.

 

Luiz

 

"Richard Mueller [MVP]" wrote:

> Luiz wrote:

>

> >

> > I am creating an Windows 2008 domain with 600 users.

> > I would like to know if anyone knows a script to add those users to 50

> > Security Groups previously created.

> >

> > Thanks for while.

>

> In a VBScript program the method I use to add a user to a security group is:

>

> 1. Bind to the user object

> 2. Bind to the group object.

> 3. Use the IsMember method of the group object to check if the user is

> already a member (not required if you have just created the user).

> 3. Use the Add method of the group object to add the user to the group.

>

> You pass the AdsPath of the user to both the IsMember and Add methods. For

> example:

> ======

> Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")

> Set objGroup = GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com")

> If (objGroup.IsMember(objUser.AdsPath) = False) Then

> objGroup.Add(objUser.AdsPath)

> End If

> =======

> If you are creating the 600 users in a script, you could add steps to make

> them members of the groups. I would bind to the 50 groups once, then in the

> loop where you create the users add 50 statements to add each new user to

> the groups (invoking the Add method of each of the 50 groups and passing the

> AdsPath of the new users).

>

> If the 600 users already exist you need some way to bind to them. It would

> help if they are all in an OU. Then you could bind to the OU and enumerate

> all user objects in the OU. For example:

> ==========

> ' Bind to all groups (4 in this example).

> Set objGroup1 = GetObject("LDAP://cn=TestGroup1,ou=East,dc=MyDomain,dc=com")

> Set objGroup2 = GetObject("LDAP://cn=TestGroup2,ou=East,dc=MyDomain,dc=com")

> Set objGroup3 = GetObject("LDAP://cn=TestGroup3,ou=East,dc=MyDomain,dc=com")

> Set objGroup4 = GetObject("LDAP://cn=TestGroup4,ou=East,dc=MyDomain,dc=com")

>

> ' Bind to OU with 600 users.

> Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")

> ' Filter on user objects.

> objOU.Filter = Array("user")

>

> ' Enumerate all users.

> For Each objUser In objOU

> ' Add each user to the groups.

> If (objGroup1.IsMember(objUser.AdsPath) = False) Then

> objGroup1.Add(objUser.AdsPath)

> End If

> If (objGroup2.IsMember(objUser.AdsPath) = False) Then

> objGroup2.Add(objUser.AdsPath)

> End If

> If (objGroup3.IsMember(objUser.AdsPath) = False) Then

> objGroup3.Add(objUser.AdsPath)

> End If

> If (objGroup4.IsMember(objUser.AdsPath) = False) Then

> objGroup4.Add(objUser.AdsPath)

> End If

> Next

> ==========

> Otherwise, you need some way to identify the users. I hope this helps.

>

> --

> Richard Mueller

> MVP Directory Services

> Hilltop Lab - http://www.rlmueller.net

> --

>

>

>

 Share
Go to topic listing
×
×
  • Create New...