Moving Users to Security Groups

  • Thread starter Thread starter Luiz
  • Start date Start date
L

Luiz

Guest
Hi,

I am creating an Windows 2008 domain with 600 users.
I would like to know if anyone knows a script to add those users to 50
Security Groups previously created.

Thanks for while.

Luiz
 
Re: Moving Users to Security Groups

Hello Luiz,

See here for sample scripts:
http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx?mfr=true

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> I am creating an Windows 2008 domain with 600 users.
> I would like to know if anyone knows a script to add those users to 50
> Security Groups previously created.
> Thanks for while.
>
> Luiz
>
 
Re: Moving Users to Security Groups

Luiz wrote:

>
> I am creating an Windows 2008 domain with 600 users.
> I would like to know if anyone knows a script to add those users to 50
> Security Groups previously created.
>
> Thanks for while.

In a VBScript program the method I use to add a user to a security group is:

1. Bind to the user object
2. Bind to the group object.
3. Use the IsMember method of the group object to check if the user is
already a member (not required if you have just created the user).
3. Use the Add method of the group object to add the user to the group.

You pass the AdsPath of the user to both the IsMember and Add methods. For
example:
======
Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")
Set objGroup = GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com")
If (objGroup.IsMember(objUser.AdsPath) = False) Then
objGroup.Add(objUser.AdsPath)
End If
=======
If you are creating the 600 users in a script, you could add steps to make
them members of the groups. I would bind to the 50 groups once, then in the
loop where you create the users add 50 statements to add each new user to
the groups (invoking the Add method of each of the 50 groups and passing the
AdsPath of the new users).

If the 600 users already exist you need some way to bind to them. It would
help if they are all in an OU. Then you could bind to the OU and enumerate
all user objects in the OU. For example:
==========
' Bind to all groups (4 in this example).
Set objGroup1 = GetObject("LDAP://cn=TestGroup1,ou=East,dc=MyDomain,dc=com")
Set objGroup2 = GetObject("LDAP://cn=TestGroup2,ou=East,dc=MyDomain,dc=com")
Set objGroup3 = GetObject("LDAP://cn=TestGroup3,ou=East,dc=MyDomain,dc=com")
Set objGroup4 = GetObject("LDAP://cn=TestGroup4,ou=East,dc=MyDomain,dc=com")

' Bind to OU with 600 users.
Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")
' Filter on user objects.
objOU.Filter = Array("user")

' Enumerate all users.
For Each objUser In objOU
' Add each user to the groups.
If (objGroup1.IsMember(objUser.AdsPath) = False) Then
objGroup1.Add(objUser.AdsPath)
End If
If (objGroup2.IsMember(objUser.AdsPath) = False) Then
objGroup2.Add(objUser.AdsPath)
End If
If (objGroup3.IsMember(objUser.AdsPath) = False) Then
objGroup3.Add(objUser.AdsPath)
End If
If (objGroup4.IsMember(objUser.AdsPath) = False) Then
objGroup4.Add(objUser.AdsPath)
End If
Next
==========
Otherwise, you need some way to identify the users. I hope this helps.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
 
Re: Moving Users to Security Groups

Thank you Meinolf.

Best Regards.

Luiz

"Meinolf Weber" wrote:

> Hello Luiz,
>
> See here for sample scripts:
> http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx?mfr=true
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hi,
> >
> > I am creating an Windows 2008 domain with 600 users.
> > I would like to know if anyone knows a script to add those users to 50
> > Security Groups previously created.
> > Thanks for while.
> >
> > Luiz
> >
>
>
>
 
Re: Moving Users to Security Groups

Thank you Richard.

Best Regards.

Luiz

"Richard Mueller [MVP]" wrote:

> Luiz wrote:
>
> >
> > I am creating an Windows 2008 domain with 600 users.
> > I would like to know if anyone knows a script to add those users to 50
> > Security Groups previously created.
> >
> > Thanks for while.
>
> In a VBScript program the method I use to add a user to a security group is:
>
> 1. Bind to the user object
> 2. Bind to the group object.
> 3. Use the IsMember method of the group object to check if the user is
> already a member (not required if you have just created the user).
> 3. Use the Add method of the group object to add the user to the group.
>
> You pass the AdsPath of the user to both the IsMember and Add methods. For
> example:
> ======
> Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")
> Set objGroup = GetObject("LDAP://cn=TestGroup,ou=East,dc=MyDomain,dc=com")
> If (objGroup.IsMember(objUser.AdsPath) = False) Then
> objGroup.Add(objUser.AdsPath)
> End If
> =======
> If you are creating the 600 users in a script, you could add steps to make
> them members of the groups. I would bind to the 50 groups once, then in the
> loop where you create the users add 50 statements to add each new user to
> the groups (invoking the Add method of each of the 50 groups and passing the
> AdsPath of the new users).
>
> If the 600 users already exist you need some way to bind to them. It would
> help if they are all in an OU. Then you could bind to the OU and enumerate
> all user objects in the OU. For example:
> ==========
> ' Bind to all groups (4 in this example).
> Set objGroup1 = GetObject("LDAP://cn=TestGroup1,ou=East,dc=MyDomain,dc=com")
> Set objGroup2 = GetObject("LDAP://cn=TestGroup2,ou=East,dc=MyDomain,dc=com")
> Set objGroup3 = GetObject("LDAP://cn=TestGroup3,ou=East,dc=MyDomain,dc=com")
> Set objGroup4 = GetObject("LDAP://cn=TestGroup4,ou=East,dc=MyDomain,dc=com")
>
> ' Bind to OU with 600 users.
> Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")
> ' Filter on user objects.
> objOU.Filter = Array("user")
>
> ' Enumerate all users.
> For Each objUser In objOU
> ' Add each user to the groups.
> If (objGroup1.IsMember(objUser.AdsPath) = False) Then
> objGroup1.Add(objUser.AdsPath)
> End If
> If (objGroup2.IsMember(objUser.AdsPath) = False) Then
> objGroup2.Add(objUser.AdsPath)
> End If
> If (objGroup3.IsMember(objUser.AdsPath) = False) Then
> objGroup3.Add(objUser.AdsPath)
> End If
> If (objGroup4.IsMember(objUser.AdsPath) = False) Then
> objGroup4.Add(objUser.AdsPath)
> End If
> Next
> ==========
> Otherwise, you need some way to identify the users. I hope this helps.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>
 

Similar threads

J
If you care about iPhone privacy, security researchers say uninstall Facebook immediately
Replies
0
Views
128
Joshua Hawkins
J
A
This nerve-shredding Netflix horror movie is finding new life ahead of Halloween
Replies
0
Views
122
Andy Meek
A
A
If you live in this city, you might get an extra $500 stimulus check on top of your $3,600 payment
Replies
0
Views
132
Andy Meek
A
B
Best smart security systems of 2021: Smart protection for your home
Replies
0
Views
127
Brittany Vincent
B
A
Netflix users are so angry about the price increase that’s hitting accounts now
Replies
0
Views
75
Andy Meek
A
Back
Top