Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBSCript for adding multiple groups to one user


  • Please log in to reply
5 replies to this topic

#1 MarcusMaximus

MarcusMaximus

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 08 August 2011 - 01:54 AM

I've been writing some VBScripts lately to map network drives based on security groups and to create new users in AD based on a spreadsheet which I've managed to get working fine.

The next step to to assign security groups to users also but I can't seem to get this test script below to work. Script source here
It is telling me there is no such object on the server. The user "Test User" exists in "OU=General ,OU=Users ,OU=Active ,OU=TOP_OU ," and the groups I want to assign from Groups.txt are in "OU=Groups ,OU=Active ,OU=TOP_OU,"

' 
' VBScript to create Groups
' AUTHOR: Guy Thomas
' COMPANY: Computer Performance
' Version 3.5 - May 2006
' ----------------------------------------------------------'
Option Explicit
'On Error Resume next
Dim strOU, strGroup, strTextGroup, strUser, strFile
Dim strDNSDomain, objRootDSE, objFSO, objTextFile, intCounter
Dim objOU, objUser, objGroup

Const ForReading = 1
Const ADS_PROPERTY_APPEND = 3
intCounter = 0

'  strUser ("CN=Test User,") must exist in your OU.
'  Set the Name of the OU which holds the user and groups
'  NB introduce another variable if user and group are in different OUs
strUser = "CN=Test User,"
'strOU = "OU=Generic ,OU=Users ,OU=Active ,OU=TOP ,"
strOU = "OU=Groups ,OU=Active ,OU=TOP,"
strFile = "C:\Users\user.name\Documents\Scripts\CreateUser\Groups.txt"

'  Open the file For Reading your Group Names
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strFile, ForReading)

'  Here is the loop
Do
     strTextGroup = objTextFile.ReadLine
     strGroup = "CN=" & strTextGroup & " ,"

     '  Bind to Active Directory and get LDAP name
     Set objRootDSE = GetObject("LDAP://RootDSE")
     strDNSDomain = objRootDSE.Get("DefaultNamingContext")

     '  Prepare the OU and the Group
     Set objOU =GetObject("LDAP://" & strOU & strDNSDomain)
 Msgbox "about to try and bind to " & "LDAP://"& strGroup & strOU & strDNSDomain
     Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)

     '  On Error Resume next
     '  Add user to Group with .PutEx (put extended)
     'Set objGroup = GetObject ("LDAP://"& strGroup & strOU & strDNSDomain)
     objGroup.PutEx ADS_PROPERTY_APPEND, _
     "member", Array(strUser & strOU & strDNSDomain)
     
	 WScript.Echo "member", strUser & strOU & strDNSDomain
	 
	 objGroup.SetInfo

     intCounter = intCounter +1
     WScript.Echo strUser & " has " & intCounter & " new groups"

Loop Until objTextFile.AtEndOfLine = true
objTextFile.Close

'  End of add Groups VBScript

Groups.txt

Management Users
TechUsers
Artists Users


Any help appreciated. From what I can tell it can't find the user.

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 08 August 2011 - 08:05 AM

On what line do you get that error?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 MarcusMaximus

MarcusMaximus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 08 August 2011 - 06:09 PM

Sorry, The error is on objGroup.SetInfo

The error message is There is no such object on the server.
Code: 80072030
Source: Active Directory

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 09 August 2011 - 04:54 AM

First idea is that your script s doesn't find the group in AD. Are you sure you made no typos in the group names?
Because "TechUsers" has no space character while the other 2 groups do have a space character.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 MarcusMaximus

MarcusMaximus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 10 August 2011 - 12:39 AM

Thanks for your help and patients. I went back to the drawing board and got a script working that adds one user to one group and modified that to fit with my other script and it works fine now.

The code is.

' VBScript to create Groups
' AUTHOR: Guy Thomas
' COMPANY: Computer Performance
' Version 3.5 - May 2006
' ----------------------------------------------------------'
Option Explicit
'On Error Resume next
Dim strOU, strGroup, strTextGroup, strUser, strFile
Dim strDNSDomain, objRootDSE, objFSO, objTextFile, intCounter
Dim objOU, objUser, objGroup, strUserOU

Const ForReading = 1
Const ADS_PROPERTY_APPEND = 3
intCounter = 0

' strUser ("CN=Pete ,") must exist in your OU.
' Set the Name of the OU which holds the user and groups
' NB introduce another variable if user and group are in different OUs
strUser = "CN=test2 user2,"
strUserOU = "OU=General ,OU=Users ,OU=Active ,OU=Top_OU ,"
strOU = "OU=Groups ,OU=Active ,OU=Top_OU ,"
strFile = "C:\Users\user.name\Documents\Scripts\CreateUser\TechOpsGroups.txt" 

' Open the file For Reading your Group Names
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strFile, ForReading)

' Here is the loop
Do
   strTextGroup = objTextFile.ReadLine
   strGroup = "CN=" & strTextGroup & " ,"

   ' Bind to Active Directory and get LDAP name
   Set objRootDSE = GetObject("LDAP://RootDSE")
   strDNSDomain = objRootDSE.Get("DefaultNamingContext")

	 'Add (str)User to (str)Group
	 Set objUser = GetObject("LDAP://"& strUser & strUserOU & strDNSDomain)
	 Set objGroup = GetObject("LDAP://"& strGroup & strOU & strDNSDomain)
	 objGroup.add(objUser.ADsPath)

   intCounter = intCounter +1
   WScript.Echo strUser & " has " & intCounter & " new groups"

Loop Until objTextFile.AtEndOfLine = true
objTextFile.Close

' End of add Groups VBScript


Thanks for the help again. Moving onwards and upwards for me now, wrote a script to create users fro an excel spreadsheet and assign groups provided in a comma separated cell in the spreadsheet.

cheers

#6 MarcusMaximus

MarcusMaximus
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 10 August 2011 - 12:52 AM

Is there a way to mark the thread as resolved. Below is my code to create users from an excel spreadsheet and assign groups provided in a comma separated cell in the spreadsheet

This is the content an the excel spreadsheet used for the import, in csv format. So you will need to copy to a text file and import to excel and save as CreateUser.xls in your location for it to work.

sAMAccountNaem,CN,givenName,sn,Password,physicalDeliveryOfficeName,email,phone,description,displayName,userPrincipalName,title,department,Groups
1,2,3,4,5,6,7,8,9,10,11,12,13,14
joe.bloggs,joe bloggs,Joe,Bloggs,password,Test Office Location for Jooe Bloggs,joe.bloggs@test.com,595959595,IT Test,Joe Bloggs,joe.bloggs@test.com,IT Test,IT,"General Staff, ITStaff"


'
' Sample VBScript to create User accounts from a spreadsheet
' Author Guy Thomas http://computerperformance.co.uk/
' Version 4.6 - June 2010
' ------------------------------------------------------'
Option Explicit
Dim objRootLDAP, objContainer, objUser, objShell, objGroup, strDNSDomain
Dim objExcel, objSpread, intRow
Dim strUser, strUserOU, strSecurityOU, strSheet 
Dim strCN, strSam, strFirst, strLast, strPWD, strDelivery, strEmail, strPhone, strDecrip, strDisplayName, strGroup
Dim strUserPrincipleName, strTitle, strDepartment, strMemberOf

' -----------------------------------------------'
' Important change OU= and strSheet to reflect your domain
' -----------------------------------------------'

strUserOU = "OU=General ,OU=Staff ,OU=Active ,OU=Top_OU ,"' Note the comma
strSecurityOU = "OU=SecGroups ,OU=Active ,OU=Top_OU ,"
strSheet = "C:\Users\user.name\Documents\Scripts\CreateUser\CreateUser.xls"

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://" & strUserOU & _
objRootLDAP.Get("defaultNamingContext"))

strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

' Open the Excel spreadsheet
Set objExcel = CreateObject("Excel.Application")
Set objSpread = objExcel.Workbooks.Open(strSheet)
intRow = 3 'Row 1 often contains headings

' Here is the 'DO...Loop' that cycles through the cells
' Note intRow, x must correspond to the column in strSheet
Do Until objExcel.Cells(intRow,1).Value = ""
	strSam = Trim(objExcel.Cells(intRow, 1).Value)
	strCN = Trim(objExcel.Cells(intRow, 2).Value)
	strFirst = Trim(objExcel.Cells(intRow, 3).Value)
	strLast = Trim(objExcel.Cells(intRow, 4).Value)
	strPWD = Trim(objExcel.Cells(intRow, 5).Value)

	strDelivery = Trim(objExcel.Cells(intRow, 6).Value)
	strEmail = Trim(objExcel.Cells(intRow, 7).Value)
	strPhone = Trim(objExcel.Cells(intRow, 8).Value)
	strDecrip = Trim(objExcel.Cells(intRow, 9).Value)
	strDisplayName = Trim(objExcel.Cells(intRow, 10).Value)

	strUserPrincipleName = Trim(objExcel.Cells(intRow, 11).Value)
	strTitle = Trim(objExcel.Cells(intRow, 12).Value)
	strDepartment = Trim(objExcel.Cells(intRow, 13).Value)
	strGroup = Trim(objExcel.Cells(intRow, 14).Value)

	' Build the actual User from data in strSheet.
	Set objUser = objContainer.Create("User", "cn=" & strCN)
	objUser.sAMAccountName = strSam
	objUser.givenName = strFirst
	objUser.sn = strLast

	objUser.physicalDeliveryOfficeName = strDelivery
	objUser.mail = strEmail
	objUser.telephoneNumber = strPhone   
	objUser.description = strDecrip
	objUser.displayName = strDisplayName

	objUser.userPrincipalName = strUserPrincipleName   
	objUser.title = strTitle
	objUser.department = strDepartment

	objUser.SetInfo

	SetPassword objUser, strPWD
	SetGroups strUser, objUser, strGroup, objRootLDAP, objGroup
		
	intRow = intRow + 1

Loop

Function SetPassword(objUser, strPWD)
   ' Separate section to enable account with its password
   objUser.userAccountControl = 512
   objUser.pwdLastSet = 0
   objUser.SetPassword strPWD
   objUser.SetInfo
End Function

Function SetGroups(strUser, objUser, strGroup, objRootLDAP, objGroup)
	strUser = "CN=" & objUser.cn &","
		
	Dim arrGroupArray 
	arrGroupArray = Split(strGroup,",")
	
	Dim counter
	 
	for counter = 0 to UBound(arrGroupArray)
		wscript.echo arrGroupArray(counter) 
		strGroup = "CN=" & arrGroupArray(counter) &","
		
		wscript.echo strGroup
		Set objUser = GetObject("LDAP://"& strUser & strUserOU & strDNSDomain)
		Set objGroup = GetObject("LDAP://"& strGroup & strSecurityOU & strDNSDomain)
		objGroup.add(objUser.ADsPath)
	
	next

End Function

objExcel.Quit
WScript.Quit
' End of Script





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users