Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: ADSI create groups
Note: Starting in WinBatch 2001A, see the ADSI Extender
The WinBatch ADSI extender provides access to the powerful functionality of Microsoft’s Active Directory Service Interfaces (ADSI) in a style familiar to WinBatch users. With the ADSI extender, you can manage network resources in several directory services with a single, easy to use, set of functions. These functions can be used within WIL scripts or can be compiled into WIL executables
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ; ;A few caveats: ; ;You must have administrator privileges to run this script successfully. ;This script assumes that you are already logged on to the domain tree with ;an administrator equivalent account. If you aren't logged on with an administrator ;equivalent account, you need to use IADsOpenDSObject's OpenDSObject method. ; ;For this script to work: ;Your username and password on your client machine MUST match the username and password ;on your server side, otherwise the SetInfo method won't work (you'll get an OLE exception ;1261 error in that case, OR you'll also see the 1261 error if the container or organizational ;unit already exist on the server). ; ;This script will work the first time through only. Then it'll error out the 2nd time thru on ;all the objects/containers when the script tries to do the SetInfo, since they will already exist. ;You'll notice throughout the script that there are several goto's commented out. That is because ;in the process of developing this script, if a certain part of the code had already executed ;the SetInfo, I had to then skip to the next piece of code so as to avoid the 1261 error. ; ;Once the code is run, you can view the changes on the server with the Active Directory browser, ;adsvw.exe, which is distributed with the ADSI SDK. Start up the browser and choose ;ObjectViewer, then enter the ADS path (something like: LDAP://TESTWIN2000), and hit OK. ;You'll see the DC in the window to the left, with a plus sign next to it to expand and ;view your new entries. The view is a handy way to see the properties of classes. ;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ;Set the path of the directory server you want to bind to ADsPath="LDAP://TESTWIN2000/DC=techsupt,DC=windowware,DC=com" dom=ObjectAccess(ADsPath,@false) adsYokelsOU=dom.Create("organizationalUnit", "ou=Yokels") TimeDelay(0.5) adsYokelsOU.Put("description", "A Unit for Lokel Yokels") adsYokelsOU.Put("wwwHomePage","http://whiskey-a-go-go.com/backroom") ;goto groupset adsYokelsOU.SetInfo ;commmit above changes to the ADSI directory on server :groupset ;~~~~~~~~~~~~~~~~~~~Create the Lokel Group, within the Yokels organizational unit adsGroup=adsYokelsOU.Create("group", "cn=Lokel") ;can't use the group name, "Local" adsGroup.Put("sAMAccountName", "Lokel");set mandatory attribute TimeDelay(0.5) ;goto setusers adsGroup.SetInfo :setusers ;~~~~~~~~~~~~~~~~~~~Get a Pointer to the Users Container~~~~~~~~~~~~~~~~~~~ adsUsersContainer=ObjectAccess("LDAP://TESTWIN2000/cn=Users,DC=techsupt,DC=windowware,DC=com",@false) ;~~~~~~~~~~~~~~~~~~~Add Users to the Users Container~~~~~~~~~~~~~~~~~~~ adsUser1=adsUsersContainer.Create("user", "cn=Flem Snopes") adsUser1.Put("sAMAccountName", "FlemS");set mandatory attribute for the user class adsUser1.Put("userPrincipalName", "flem@windowware.com") adsUser1.Put("title", "Chief Bottle Washer") TimeDelay(0.5) ;goto nextuser adsUser1.SetInfo :nextuser ;~~~~~~~~~~~~~~~~~~~Create the Second New User~~~~~~~~~~~~~~~~~~~ adsUser2=adsUsersContainer.Create("user", "cn=Eula Varner") adsUser2.Put("sAMAccountName", "EulaV");set mandatory attribute for the user class adsUser2.Put("userPrincipalName", "eula@windowware.com") adsUser2.Put("title", "Assistant Bottle Washer") TimeDelay(0.5) ;goto moveusers adsUser2.SetInfo :moveusers ;~~~~~~~~~~~~~~~~~~~Move from Users to the Yokels OU~~~~~~~~~~~~~~~~~~~ adsUser1=adsYokelsOU.MoveHere("LDAP://TESTWIN2000/CN=Flem Snopes,CN=Users,DC=techsupt,DC=windowware,DC=com","") adsUser2=adsYokelsOU.MoveHere("LDAP://TESTWIN2000/CN=Eula Varner,CN=Users,DC=techsupt,DC=windowware,DC=com","") :addtogroup ;~~~~~~~~~~~~~~~~~~~Add Users to a Group~~~~~~~~~~~~~~~~~~~ ;First grab the group named "Lokel" adsGroup=ObjectAccess("LDAP://TESTWIN2000/CN=Lokel,OU=Yokels,DC=techsupt,DC=windowware,DC=com",@false) ;next add the following users to that group adsGroup.Add("LDAP://TESTWIN2000/CN=Flem Snopes,OU=Yokels,DC=techsupt,DC=windowware,DC=com") adsGroup.Add("LDAP://TESTWIN2000/CN=Eula Varner,OU=Yokels,DC=techsupt,DC=windowware,DC=com") ;~~~~~~~~~~~~~~~~~~~Test Users of the Yokels OU~~~~~~~~~~~~~~~~~~~ adsGroup=ObjectAccess("LDAP://TESTWIN2000/cn=Lokel,ou=Yokels,DC=techsupt,DC=windowware,DC=com",@false) flem="Flem Snopes" If adsGroup.IsMember("LDAP://TESTWIN2000/cn=%flem%,cn=Lokel,ou=Yokels,DC=techsupt,DC=windowware,DC=com") Message(flem, "Is a Member of the Lokel Group") Else Message(flem, "Is NOT a Member of the Lokel Group") Endif ;~~~~~~~~~~~~~~~~~~~Count the Members of the Lokel Yokels Group~~~~~~~~~~~~~~~~~~~ ;adsGroup=ObjectAccess("LDAP://TESTWIN2000/cn=Users,DC=techsupt,DC=windowware,DC=com",@false) adsGroup=ObjectAccess("LDAP://TESTWIN2000/cn=Lokel,ou=Yokels,DC=techsupt,DC=windowware,DC=com",@false) adscount=adsGroup.Members Message("Number of members of the group:", adscount.Count) exit
Article ID: W14347
Filename: ADSI Create Groups and Users Example.txt
File Created: 2001:01:03:12:40:12
Last Updated: 2001:01:03:12:40:12