Group Management with ADSI in Windows 2000
ID: Q232241
|
The information in this article applies to:
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server
SUMMARY
The Active Directory Services Interface tool (ADSI) provides a single consistent set of interfaces that can be called in scripts using Microsoft Windows Script Host (WSH), or other scripting languages (VBScript and JScript are supported natively).
This article demonstrates how an administrator can use ADSI to script the
creation, deletion, and management of groups and group membership within Active Directory.
MORE INFORMATION
The following sample scripts are provided for demonstration purposes only.
NOTE: These scripts require the appropriate security context to operate. They must be run from a session in which the logged-on user has permission to create a group object, delete a group object, and add or remove members from groups.
Creating a Group
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' CREATEGROUP.VBS
''
'' Creates the specified group in the specified container
''
'' usage: CreateGroup PROVIDER: CONTAINERSUFFIX GROUPNAME ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit
Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)
WScript.Echo msg
fsOut.WriteLine msg
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szContainer
Dim szGroupName
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
Dim lngError
On Error Resume Next
'Stop
Set oArgs = WScript.Arguments
If (oArgs.Count <> 6) Then
WScript.Echo "usage: CreateGroup <Provider:> <ContainerSuffix> <GroupName> <Admin> <Password> <logfile>"
'"For example, CreateGroup LDAP: O=VBS_Org,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM \"\" creatgrp.log"
Else
szProvider = oArgs(0)
szContainer = oArgs(0) + "//" + oArgs(1)
szGroupName = oArgs(2)
szAdmin = oArgs(3)
szPassword = oArgs(4)
szLogfile = oArgs(5)
Set fs = CreateObject("Scripting.FileSystemObject")
Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)
'Stop
If (szProvider = "WinNT:") Then
Set oObject = GetObject(szContainer)
Else
Set oOpenDSObject = GetObject(szProvider)
Set oObject = oOpenDSObject.OpenDSObject(szContainer, szAdmin, szPassword, 1)
End If
Select Case (szProvider)
Case "LDAP:"
'LogMessage fsOut, "Creating group CN=" & szGroupName & " in Container " & szContainer
Set oGroup = oObject.Create("group", "CN="+szGroupName)
oGroup.sAMAccountName = szGroupName
Case "NDS:"
'LogMessage fsOut, "Creating group CN=" & szGroupName & " in Container " & szContainer
Set oGroup = oObject.Create("group", "CN="+szGroupName)
Case "NWCOMPAT:"
Case "WinNT:"
'LogMessage fsOut, "Creating group " & szGroupName & " in Container " & szContainer
Set oGroup = oObject.Create("globalGroup", szGroupName)
End Select
lngError = Err.Number
Err.Clear
If (lngError <> 0) Then
LogMessage fsOut, "Error 0x" + CStr(Hex(lngError)) + " occurred invoking Create()"
Else
oGroup.SetInfo
lngError = Err.Number
Err.Clear
If (lngError <> 0) Then
LogMessage fsOut, "Error 0x" + CStr(Hex(lngError)) + " occurred invoking SetInfo()"
End If
End If
If (lngError = 0) Then
LogMessage fsOut, "CreateGroup: PASS"
Else
LogMessage fsOut, "CreateGroup: FAIL Error 0x" & Hex(lngError)
LogMessage fsOut, " Provider = " & szProvider
LogMessage fsOut, " Container = " & szContainer
LogMessage fsOut, " GroupName = " & szGroupName
LogMessage fsOut, " Admin = " & szAdmin
LogMessage fsOut, " Password = " + Chr(34) + szPassword + Chr(34)
End If
fsOut.Close
WScript.Quit(lngError)
End If
Deleting a Group
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' DELETEGROUP.VBS
''
'' Deletes the specified group in the specified container
''
'' usage: deleteGroup PROVIDER: CONTAINERSUFFIX GROUPNAME ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit
Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)
WScript.Echo(msg)
fsOut.WriteLine(msg)
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szContainer
Dim szGroupName
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
Dim lngError
On Error Resume Next
'Stop
Set oArgs = WScript.Arguments
If (oArgs.Count <> 6) Then
WScript.Echo "usage: DeleteGroup <Provider:> <ContainerSuffix> <GROUPName> <Admin> <Password> <logfile>"
'"For example, DeleteGroup LDAP: O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM \"\" delgroup.log"
Else
szProvider = oArgs(0)
szContainer = oArgs(0) + "//" + oArgs(1)
szGroupName = oArgs(2)
szAdmin = oArgs(3)
szPassword = oArgs(4)
szLogfile = oArgs(5)
Set fs = CreateObject("Scripting.FileSystemObject")
Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)
Set oOpenDsObject = GetObject(szProvider)
Set oObject = oOpenDsObject.OpenDSObject(szContainer, szAdmin, szPassword, 1)
Select Case (szProvider)
Case "LDAP:"
'LogMessage fsOut, "Deleting Group CN=" & szGroupName & " from Container " & szContainer
oObject.Delete "group", "CN=" + szGroupName
Case "NDS:"
'LogMessage fsOut, "Deleting Group CN=" & szGroupName & " from Container " & szContainer
oObject.Delete "group", "CN=" + szGroupName
Case "NWCOMPAT:"
Case "WinNT:"
End Select
lngError = Err.Number
Err.Clear
If (lngError = 0) Then
LogMessage fsOut, "DeleteGroup: PASS"
Else
LogMessage fsOut, "DeleteGroup: FAIL Error 0x" & Hex(lngError)
LogMessage fsOut, " Provider = " & szProvider
LogMessage fsOut, " Container = " & szContainer
LogMessage fsOut, " GroupName = " & szGroupName
LogMessage fsOut, " Admin = " & szAdmin
LogMessage fsOut, " Password = " + Chr(34) + szPassword + Chr(34)
End If
fsOut.Close
WScript.Quit(lngError)
End If
Adding a User to a Group
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' GROUPUSERADD.VBS
''
'' Adds the specified user to the specified group
''
'' usage: CreateGroup PROVIDER: GROUPSUFFIX USERSUFFIX ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit
Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)
WScript.Echo msg
fsOut.WriteLine msg
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub BailOnFailure() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub BailOnFailure(fsOut, ErrNum, ErrText)
LogMessage fsOut, "GroupUserAdd: FAIL Error 0x" & Hex(ErrNum) & " " & ErrText
LogMessage fsOut, " Provider = " & szProvider
LogMessage fsOut, " Group = " & szGroupPath
LogMessage fsOut, " User = " & szUserPath
LogMessage fsOut, " Admin = " & szAdmin
LogMessage fsOut, " Password = " + Chr(34) + szPassword + Chr(34)
fsOut.Close
WScript.Quit
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szGroupPath
Dim szUserPath
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
On Error Resume Next
'Stop
Set oArgs = WScript.Arguments
If (oArgs.Count <> 6) Then
WScript.Echo "usage: GroupUserAdd <Provider:> <GroupSuffix> <UserSuffix> <Admin> <Password> <logfile>"
'"For example, GroupUserAdd LDAP: CN=VBS_GROUP,OU=VBS_ORGUNIT,O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM " + Chr$(34) + Chr$(34) + " grpusrad.log"
Else
szProvider = oArgs(0)
szGroupPath = oArgs(0) + "//" + oArgs(1)
szUserPath = oArgs(0) + "//" + oArgs(2)
szAdmin = oArgs(3)
szPassword = oArgs(4)
szLogfile = oArgs(5)
Set fs = CreateObject("Scripting.FileSystemObject")
Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)
Set oOpenDSObject = GetObject(szProvider)
Set oGroup = oOpenDSObject.OpenDSObject(szGroupPath, szAdmin, szPassword, 1)
If (Err.Number <> 0) Then
BailOnFailure fsOut, Err.Number, "binding to group object"
End If
'Stop
oGroup.Add szUserPath
If (Err.Number <> 0) Then
BailOnFailure fsOut, Err.Number, "invoking Add() method"
End If
LogMessage fsOut, "GroupUserAdd: PASS"
fsOut.Close
WScript.Quit(Err.Number)
End If
Deleting a User from a Group
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' GROUPUSERemove.VBS
''
''Remove the specified user from the specified group
''
'' usage: CreateGroup PROVIDER: GROUPSUFFIX USERSUFFIX ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit
Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)
WScript.Echo msg
fsOut.WriteLine msg
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub BailOnFailure() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub BailOnFailure(fsOut, ErrNum, ErrText)
LogMessage fsOut, "GroupUserRemove: FAIL Error 0x" & Hex(ErrNum) & " " & ErrText
LogMessage fsOut, " Provider = " & szProvider
LogMessage fsOut, " Group = " & szGroupPath
LogMessage fsOut, " User = " & szUserPath
LogMessage fsOut, " Admin = " & szAdmin
LogMessage fsOut, " Password = " + Chr(34) + szPassword + Chr(34)
fsOut.Close
WScript.Quit
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szGroupPath
Dim szUserPath
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
On Error Resume Next
'Stop
Set oArgs = WScript.Arguments
If (oArgs.Count <> 6) Then
WScript.Echo "usage: GroupUserAdd <Provider:> <GroupSuffix> <UserSuffix> <Admin> <Password> <logfile>"
'"For example, GroupUserAdd LDAP: CN=VBS_GROUP,OU=VBS_ORGUNIT,O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM " + Chr$(34) + Chr$(34) + " grpusrad.log"
Else
szProvider = oArgs(0)
szGroupPath = oArgs(0) + "//" + oArgs(1)
szUserPath = oArgs(0) + "//" + oArgs(2)
szAdmin = oArgs(3)
szPassword = oArgs(4)
szLogfile = oArgs(5)
Set fs = CreateObject("Scripting.FileSystemObject")
Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)
Set oOpenDSObject = GetObject(szProvider)
Set oGroup = oOpenDSObject.OpenDSObject(szGroupPath, szAdmin, szPassword, 1)
If (Err.Number <> 0) Then
BailOnFailure fsOut, Err.Number, "binding to group object"
End If
'Stop
oGroup.Remove szUserPath
If (Err.Number <> 0) Then
BailOnFailure fsOut, Err.Number, "invoking Remove() method"
End If
LogMessage fsOut, "GroupUserRemove: PASS"
fsOut.Close
WScript.Quit(Err.Number)
End If
Additional query words:
Keywords : kbtool kbWinOS2000
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo