Guy's Scripting Ezine 37 - Groups part 1

Contents for Guy's Scripting Ezine 37 - Groups. Part 1

• This week's secret
• Scripting for Groups
• Section 1 - Bind to Active Directory
• Section 2 - Create a Global Group
• Section 3 - Add strUsers to strNewGroup
• See more on Scripting Groups here
• Summary

This week’s secret

Firstly, many thanks to those of you who filled in my online survey.  However, I groaned when I saw how many of you wanted more on Group Membership.  I winced because scripting group membership is so complex. That said, I knuckled down to produce the longest ezine yet.

To begin with, here is my dilemma, whether to give you the entire script and then dissect it, or whether to build in stages to form the whole script.  In the end I favoured the 'best practice' technique of breaking the task into bite sized chunks, getting each section working, then bringing it all together to produce the finished script.  This method reminded me of building a jigsaw from 100 pieces.

Scripting for Groups

Scripting groups is a multi-faceted job.  The tasks are:

    a) Binding to Active Directory

    b) Creating a group

    c) Adding user accounts to a group.

The aim of this week's script is to add users to an existing Global Security group in a Windows 2003 domain.  As a bonus, and just in case you do not have a suitable group, the script will also create a group for you.  As ever, my goal is to get you started.  Then I pass the task over to you to expand the scope to include creating different types of group, for example: security, distribution and also their various scopes, Global, Domain Local or Universal.  Ultimately, you could have a series of .VBS files each to populate different groups in a variety of OUs.

Three Sections

1. Bind to Active Directory.
2. Creating (or setting) the Global group
3. The main event - adding users to the Global group

Section 1 - Binding to Active Directory

Instructions

1. Pre-requisites.  You need either a Windows 2000 or Server 2003 domain controller for this script to work.
2. Important: edit line 17: strOU ="OU=Droitwich,"  My point is do you have an OU called Droitwich?  If not then amend this line.  Note the comma at the end of the name.
3. Copy and paste the script below into notepad.
4. Save the file with .vbs extension e.g. AddToGroup.vbs
5. Double click and observe the message box.  Is this what you expected? If so carry on to Section 2.

Learning Points for Section 1

Note 1:  Dim is where we prepare or 'Dimension' variables.  This is essential if you use the 'Option Explicit' command.

Note 2:  strOU =.  Here on line 17 is where you set the name of your test OU (Organizational Unit).  Check in Active Directory Users and Computers for the name of your new OU.  (Press F5 to refresh if necessary)

Note 3:  All you need is one name, that of the OU on line 17.  Admire the way GetObject on line 13 and "DefaultNamingContext" on line 14, automatically bind to YOUR Active Directory domain.

Note 4:  Observe on line 20 how strPath is built by concatenating 3 sub parts, LDAP, OU and Domain.  Keep your eye on the speech marks and commas.

Section 2 - Create the Global group.

Remember that the objective here is just to create the Global group to house the users.  My choice of Global group name is 'Doctors', but feel free to amend.

Learning Points for Section 2

Note 0:  This section begins at line 20.

Note 1:  strNewGroup on line 21 is the key variable.  This is the name of the new group that we use later to hold the users.   My choice for a new group is Doctor, what name will be your choice?

Note 2:  On Error Resume Next.  You may notice that I do not use this command very often.  I regard 'On Error Resume Next' as last resort fix.  In truth I should have used clever error correcting code.  I could say that error catching code would clutter the code, the truth is I did not have time to develop error traps!

Note 3:  Those paying attention to detail will spot the "cn=" & prefixing the strNewGroup, this to generate the correct LDAP path.  See what happens if you omit "cn=" &.  The answer is error 80072032.  More seriously, without CN=, no group is created.  If you wanted to generate this error message rem out ' On Error Resume Next.

Section 3 - Add users to Global group strNewGroup

Here is the complete script to make all users in strOU members of strNewGroup.

Important: Check your OU.  I have not created any users in the OU, this is deliberate (as opposed to my idleness!)   The script is long and complex enough without extending it to create users.  Moreover creating users is easy.  Either just rustle up half a dozen user accounts manually, or else graft in another scripts which is purpose built to add users.

Learning Points for Section 3

Note 1:  The first job is to connect to the LDAP path GetObject(strPath)

Note 2:  Spot how we filter out just "user" accounts.  You do have some users in the OU?

Note 3:  One of the key features is the For Each... Next loop, take the time to understand its structure.

Note 4:  The script uses a three stage process for building group membership, Set objGroup, Set objUser and then add them together with: objGroup.Add  objUser.AdsPath

Note 5:  The WScript.Echo "strUser" is optional.  Many people would remove this line in a production script.

Summary

This week we are creating a beautiful script which will add users to a Global group in Active Directory.  For clarity, the main script is broken down into 3 sections.  Take the time to study each section and browse through its associated notes.

• See more on Scripting Groups - Whole Section here

Guy Thomas recommends Computer Training Software. 

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.