Group Management with ADSI in Windows 2000

ID: Q232241


The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server


SUMMARY

The Active Directory Services Interface tool (ADSI) provides a single consistent set of interfaces that can be called in scripts using Microsoft Windows Script Host (WSH), or other scripting languages (VBScript and JScript are supported natively).

This article demonstrates how an administrator can use ADSI to script the creation, deletion, and management of groups and group membership within Active Directory.


MORE INFORMATION

The following sample scripts are provided for demonstration purposes only.

NOTE: These scripts require the appropriate security context to operate. They must be run from a session in which the logged-on user has permission to create a group object, delete a group object, and add or remove members from groups.

Creating a Group


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' CREATEGROUP.VBS
''
'' Creates the specified group in the specified container
''
'' usage: CreateGroup PROVIDER: CONTAINERSUFFIX GROUPNAME ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo msg
    fsOut.WriteLine msg

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szContainer
Dim szGroupName
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
Dim lngError

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: CreateGroup <Provider:> <ContainerSuffix> <GroupName> <Admin> <Password> <logfile>"
        '"For example, CreateGroup  LDAP:  O=VBS_Org,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP  CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  \"\" creatgrp.log"
    Else
        szProvider = oArgs(0)
        szContainer = oArgs(0) + "//" + oArgs(1)
        szGroupName = oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        'Stop

        If (szProvider = "WinNT:") Then
            Set oObject = GetObject(szContainer)
        Else
            Set oOpenDSObject = GetObject(szProvider)
            Set oObject = oOpenDSObject.OpenDSObject(szContainer, szAdmin, szPassword, 1)
        End If

        Select Case (szProvider)
            Case "LDAP:"
                'LogMessage fsOut, "Creating group CN=" & szGroupName & " in Container " & szContainer
                Set oGroup = oObject.Create("group", "CN="+szGroupName)
                oGroup.sAMAccountName = szGroupName

            Case "NDS:"
                'LogMessage fsOut, "Creating group CN=" & szGroupName & " in Container " & szContainer
                Set oGroup = oObject.Create("group", "CN="+szGroupName)

            Case "NWCOMPAT:"

            Case "WinNT:"
                'LogMessage fsOut, "Creating group " & szGroupName & " in Container " & szContainer
                Set oGroup = oObject.Create("globalGroup", szGroupName)

        End Select

        lngError = Err.Number
	Err.Clear

        If (lngError <> 0) Then
            LogMessage fsOut, "Error 0x" + CStr(Hex(lngError)) + " occurred invoking Create()"
        Else
            oGroup.SetInfo
            lngError = Err.Number
            Err.Clear

            If (lngError <> 0) Then
                LogMessage fsOut, "Error 0x" + CStr(Hex(lngError)) + " occurred invoking SetInfo()"
            End If
        End If


        If (lngError = 0) Then
            LogMessage fsOut, "CreateGroup: PASS"
        Else
            LogMessage fsOut, "CreateGroup: FAIL  Error 0x" & Hex(lngError)
            LogMessage fsOut, "   Provider = " & szProvider
            LogMessage fsOut, "   Container = " & szContainer
            LogMessage fsOut, "   GroupName = " & szGroupName
            LogMessage fsOut, "   Admin = " & szAdmin
            LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)
        End If

        fsOut.Close
	WScript.Quit(lngError)

    End If 

Deleting a Group


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' DELETEGROUP.VBS
''
'' Deletes the specified group in the specified container
''
'' usage: deleteGroup PROVIDER: CONTAINERSUFFIX GROUPNAME ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo(msg)
    fsOut.WriteLine(msg)

End Sub


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szContainer
Dim szGroupName
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
Dim lngError

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: DeleteGroup <Provider:> <ContainerSuffix> <GROUPName> <Admin> <Password> <logfile>"
        '"For example, DeleteGroup  LDAP:  O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP  CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  \"\" delgroup.log"
    Else
        szProvider = oArgs(0)
        szContainer = oArgs(0) + "//" + oArgs(1)
        szGroupName = oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        Set oOpenDsObject = GetObject(szProvider)
        Set oObject = oOpenDsObject.OpenDSObject(szContainer, szAdmin, szPassword, 1)

        Select Case (szProvider)
            Case "LDAP:"
                'LogMessage fsOut,  "Deleting Group CN=" & szGroupName & " from Container " & szContainer
                oObject.Delete "group", "CN=" + szGroupName

            Case "NDS:"
                'LogMessage fsOut,  "Deleting Group CN=" & szGroupName & " from Container " & szContainer
                oObject.Delete "group", "CN=" + szGroupName

            Case "NWCOMPAT:"

            Case "WinNT:"

        End Select

        lngError = Err.Number
        Err.Clear

        If (lngError = 0) Then
            LogMessage fsOut,  "DeleteGroup: PASS"
        Else
            LogMessage fsOut, "DeleteGroup: FAIL  Error 0x" & Hex(lngError)
            LogMessage fsOut, "   Provider = " & szProvider
            LogMessage fsOut, "   Container = " & szContainer
            LogMessage fsOut, "   GroupName = " & szGroupName
            LogMessage fsOut, "   Admin = " & szAdmin
            LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)
        End If

        fsOut.Close
	WScript.Quit(lngError)

    End If 

Adding a User to a Group


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' GROUPUSERADD.VBS
''
'' Adds the specified user to the specified group
''
'' usage: CreateGroup PROVIDER: GROUPSUFFIX USERSUFFIX ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo msg
    fsOut.WriteLine msg

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub BailOnFailure() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub BailOnFailure(fsOut, ErrNum, ErrText)


    LogMessage fsOut, "GroupUserAdd: FAIL  Error 0x" & Hex(ErrNum) & " " & ErrText
    LogMessage fsOut, "   Provider = " & szProvider
    LogMessage fsOut, "   Group    = " & szGroupPath
    LogMessage fsOut, "   User     = " & szUserPath
    LogMessage fsOut, "   Admin    = " & szAdmin
    LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)

    fsOut.Close
    WScript.Quit

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szGroupPath
Dim szUserPath
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: GroupUserAdd <Provider:> <GroupSuffix> <UserSuffix> <Admin> <Password> <logfile>"
        '"For example, GroupUserAdd  LDAP:  CN=VBS_GROUP,OU=VBS_ORGUNIT,O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM   CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  " + Chr$(34) + Chr$(34) + " grpusrad.log"
    Else
        szProvider = oArgs(0)
        szGroupPath = oArgs(0) + "//" + oArgs(1)
        szUserPath = oArgs(0) + "//" + oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        Set oOpenDSObject = GetObject(szProvider)
        Set oGroup = oOpenDSObject.OpenDSObject(szGroupPath, szAdmin, szPassword, 1)

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "binding to group object"
        End If

        'Stop

        oGroup.Add szUserPath

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "invoking Add() method"
        End If

        LogMessage fsOut, "GroupUserAdd: PASS"
        fsOut.Close
	WScript.Quit(Err.Number)

    End If 

Deleting a User from a Group


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' GROUPUSERemove.VBS
''
''Remove the specified user from the specified group
''
'' usage: CreateGroup PROVIDER: GROUPSUFFIX USERSUFFIX ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo msg
    fsOut.WriteLine msg

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub BailOnFailure() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub BailOnFailure(fsOut, ErrNum, ErrText)


    LogMessage fsOut, "GroupUserRemove: FAIL  Error 0x" & Hex(ErrNum) & " " & ErrText
    LogMessage fsOut, "   Provider = " & szProvider
    LogMessage fsOut, "   Group    = " & szGroupPath
    LogMessage fsOut, "   User     = " & szUserPath
    LogMessage fsOut, "   Admin = " & szAdmin
    LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)

    fsOut.Close
    WScript.Quit

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szGroupPath
Dim szUserPath
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: GroupUserAdd <Provider:> <GroupSuffix> <UserSuffix> <Admin> <Password> <logfile>"
        '"For example, GroupUserAdd  LDAP:  CN=VBS_GROUP,OU=VBS_ORGUNIT,O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP  CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  " + Chr$(34) + Chr$(34) + " grpusrad.log"
    Else
        szProvider = oArgs(0)
        szGroupPath = oArgs(0) + "//" + oArgs(1)
        szUserPath = oArgs(0) + "//" + oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        Set oOpenDSObject = GetObject(szProvider)
        Set oGroup = oOpenDSObject.OpenDSObject(szGroupPath, szAdmin, szPassword, 1)

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "binding to group object"
        End If

        'Stop

        oGroup.Remove szUserPath

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "invoking Remove() method"
        End If

        LogMessage fsOut, "GroupUserRemove: PASS"
        fsOut.Close
	WScript.Quit(Err.Number)

    End If 

Additional query words:

Keywords : kbtool kbWinOS2000
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: December 30, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.