How VBScript Adds Users to a Group

Guy recommends:
VBScript Training Video on CD

Tutorial for Adding Users to a Group with VBScript

This page will show you how take a user and then add them to a named group.  I will also give you an example of adding all users in a named OU to a particular group.

Topics for Adding Users to a Group with VBScript

• Our Mission and Goal
• Example 1: Adding one User to a Named Group
• VBScript Tutorial - Learning Points for Adding One User to a Group
• Example 2: - Adding Lots of Users to a Group
• VBScript Tutorial - Learning Points for Adding Lots of Users to a Group
• Summary for Adding Members to Groups

Our Mission and Goal

Anything and everything to do with groups is tricky to script.  Fortunately, adding members to a group is relatively straightforward.

When you examine any Group in Active Directory Users and Computers, observe two similar tabs, Members (who is in this group) and Member Of, which shows other groups to which this group belongs.  It really is worth mastering this semantic difference.

We have two missions, firstly to add one user to a group of your choice.  Secondly, to add all the users who match our criteria, to a named group.

Example 1: Adding one User to a Named Group

Prerequisites

Recommended: that you logon as administrator, preferably at a domain controller.  If you are a long way from the server, Remote Desktop would be a suitable alternative.  If that is not possible, you could get these scripts to work from an XP machine as a non-administrator.  However, why introduce extra complications?  Especially at the beginning, you want easy success, with fewest obstacles.

Instructions for Adding one User to a Group

1. You should run this VBScript on a Windows Active Directory domain.
2. Copy and paste the example script below into notepad or a VBScript editor.
3. Decide upon your tactics.  Either create users, groups and OUs to match the script, or change the script to match your existing users, groups and OUs.
4. Save the file with a .vbs extension, for example: GroupAdd .vbs.
5. Double click GroupAdd .vbs and check the strOU for your new group.

Sample Script to Add one User to a Group

VBScript Tutorial - Learning Points

Special Note:

Peter C found a problem with strOU:.  Kindly, Peter discovered this solution to his problem.

Note 1:  The header section deals with the usual preamble of explaining the purpose of the script and declaring the variables.

Note 2:  This script does not create any objects.  Therefore, it is vital to check that the values for strOU, strUser and strGroup are what you expect.

Note 3:  Pay particular attention to commas with strOU.  Remember where to employ: CN= (common name).

Note 4:  During testing, the GetObject method gave me the most trouble.  I had to go back to basics and remind myself that what the script needs to do is get a handle on the full name of the object, for example:
"LDAP://CN=Len Murray,OU=Newport,DC=CP,DC=COM". 
Because of the many advantages of using variables, I built up the name like this :
"LDAP://" & strUser & strOU & strDNSDomain.
strUser converts to: CN=Len Murray,   Note the CN= also the comma at the end.
strOU converts to OU=Newport,  Note the use of OU=Newport but CN=Users (one is an OU, the other a container object).

Note 5: The key verb is .add.  If you make a script to undo your action you would substitute objGroup.remove for objGroup.add.

Note 6:  .ADsPath is a handy property of the objUser.  In this instance .ADsPath translates to CN=Len Murray,OU=Newport,DC=CP,DC=COM.  Clearly it is much more efficient to use .ADsPath (Active Directory Path).

Example 2: - Adding Lots of Users to a Group

The whole point of scripting is to make life easier.  We invest time in creating VBScripts which repay by saving time when it comes to boring repetitive tasks.  Example 1 shows you how to add a user to a group.  This second example builds on that method and adds a loop to add all the objects, which match a simple criteria, namely they are User objects and not computers or contacts.

Sample Script to Add Lots of Users to a Group

VBScript Tutorial - Learning Points

Note 1:  The key additional feature of this script is the simple but effective loop.  It starts with 'For Each', rather than plain 'For' it also includes the crucial word 'In'.  The reason for these extra words in the For....Next loop is because in this example, we have a collation (collection) of user objects in objOU.

Note 2:  If you compare the Set... GetObject statements with the first example, you will notice an extra statement which connects to a specific OU, this is what I mean, Set objOU =GetObject("LDAP://" & strOU & strDNSDomain).

Note 3:  At the outset I said scripting groups was tricky.  What nearly drove me mad with this script was "User".  The solution was to change it to: "user" - a rare case of case sensitivity.  This is the reason I left lcase("User") in the final script.

Summary of Adding Users to Groups

Compared with creating groups, adding new members is relatively straightforward.  Begin with a simple script, which adds just one user, then add a loop to automate adding lots of users to the named group.

Guy Thomas recommends Computer Training Software. 

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

See Also

● Enumerate Groups a User is a MemberOf         ● Enumerate a Group to Display its members