WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WinBatch
OLE COM ADO CDO ADSI LDAP
ADO DAO
ADSI LDAP CDO
plus
CDO
plus
Samples from Users

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

ADSI Create Groups and Users Example Code 

Keywords: 	 ADSI create groups

Note: Starting in WinBatch 2001A, see the ADSI Extender

The WinBatch ADSI extender provides access to the powerful functionality of Microsoft’s Active Directory Service Interfaces (ADSI) in a style familiar to WinBatch users. With the ADSI extender, you can manage network resources in several directory services with a single, easy to use, set of functions. These functions can be used within WIL scripts or can be compiled into WIL executables 

;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;
;A few caveats:
;
;You must have administrator privileges to run this script successfully.
;This script assumes that you are already logged on to the domain tree with
;an administrator equivalent account.  If you aren't logged on with an administrator 
;equivalent account, you need to use IADsOpenDSObject's OpenDSObject method.
;
;For this script to work:
;Your username and password on your client machine MUST match the username and password
;on your server side, otherwise the SetInfo method won't work (you'll get an OLE exception
;1261 error in that case, OR you'll also see the 1261 error if the container or organizational 
;unit already exist on the server).
;
;This script will work the first time through only.  Then it'll error out the 2nd time thru on
;all the objects/containers when the script tries to do the SetInfo, since they will already exist.
;You'll notice throughout the script that there are several goto's commented out.  That is because
;in the process of developing this script, if a certain part of the code had already executed
;the SetInfo, I had to then skip to the next piece of code so as to avoid the 1261 error.
;
;Once the code is run, you can view the changes on the server with the Active Directory browser, 
;adsvw.exe, which is distributed with the ADSI SDK.  Start up the browser and choose
;ObjectViewer, then enter the ADS path (something like: LDAP://TESTWIN2000), and hit OK.
;You'll see the DC in the window to the left, with a plus sign next to it to expand and
;view your new entries.  The view is a handy way to see the properties of classes.
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


;Set the path of the directory server you want to bind to
ADsPath="LDAP://TESTWIN2000/DC=techsupt,DC=windowware,DC=com"

dom=ObjectAccess(ADsPath,@false)


adsYokelsOU=dom.Create("organizationalUnit", "ou=Yokels")  
TimeDelay(0.5)
adsYokelsOU.Put("description", "A Unit for Lokel Yokels")
adsYokelsOU.Put("wwwHomePage","http://whiskey-a-go-go.com/backroom")

;goto groupset

adsYokelsOU.SetInfo ;commmit above changes to the ADSI directory on server

:groupset
;~~~~~~~~~~~~~~~~~~~Create the Lokel Group, within the Yokels organizational unit
adsGroup=adsYokelsOU.Create("group", "cn=Lokel") ;can't use the group name, "Local"
adsGroup.Put("sAMAccountName", "Lokel");set mandatory attribute
TimeDelay(0.5)

;goto setusers


adsGroup.SetInfo

:setusers
;~~~~~~~~~~~~~~~~~~~Get a Pointer to the Users Container~~~~~~~~~~~~~~~~~~~
adsUsersContainer=ObjectAccess("LDAP://TESTWIN2000/cn=Users,DC=techsupt,DC=windowware,DC=com",@false)

;~~~~~~~~~~~~~~~~~~~Add Users to the Users Container~~~~~~~~~~~~~~~~~~~
adsUser1=adsUsersContainer.Create("user", "cn=Flem Snopes")
adsUser1.Put("sAMAccountName", "FlemS");set mandatory attribute for the user class
adsUser1.Put("userPrincipalName", "flem@windowware.com")
adsUser1.Put("title", "Chief Bottle Washer")
TimeDelay(0.5)

;goto nextuser

adsUser1.SetInfo

:nextuser
;~~~~~~~~~~~~~~~~~~~Create the Second New User~~~~~~~~~~~~~~~~~~~
adsUser2=adsUsersContainer.Create("user", "cn=Eula Varner")
adsUser2.Put("sAMAccountName", "EulaV");set mandatory attribute for the user class
adsUser2.Put("userPrincipalName", "eula@windowware.com")
adsUser2.Put("title", "Assistant Bottle Washer")
TimeDelay(0.5)


;goto moveusers
adsUser2.SetInfo

:moveusers
;~~~~~~~~~~~~~~~~~~~Move from Users to the Yokels OU~~~~~~~~~~~~~~~~~~~
adsUser1=adsYokelsOU.MoveHere("LDAP://TESTWIN2000/CN=Flem Snopes,CN=Users,DC=techsupt,DC=windowware,DC=com","")
adsUser2=adsYokelsOU.MoveHere("LDAP://TESTWIN2000/CN=Eula Varner,CN=Users,DC=techsupt,DC=windowware,DC=com","")

:addtogroup
;~~~~~~~~~~~~~~~~~~~Add Users to a Group~~~~~~~~~~~~~~~~~~~
;First grab the group named "Lokel"
adsGroup=ObjectAccess("LDAP://TESTWIN2000/CN=Lokel,OU=Yokels,DC=techsupt,DC=windowware,DC=com",@false)

;next add the following users to that group
adsGroup.Add("LDAP://TESTWIN2000/CN=Flem Snopes,OU=Yokels,DC=techsupt,DC=windowware,DC=com")
adsGroup.Add("LDAP://TESTWIN2000/CN=Eula Varner,OU=Yokels,DC=techsupt,DC=windowware,DC=com")

;~~~~~~~~~~~~~~~~~~~Test Users of the Yokels OU~~~~~~~~~~~~~~~~~~~
adsGroup=ObjectAccess("LDAP://TESTWIN2000/cn=Lokel,ou=Yokels,DC=techsupt,DC=windowware,DC=com",@false)

flem="Flem Snopes"
If adsGroup.IsMember("LDAP://TESTWIN2000/cn=%flem%,cn=Lokel,ou=Yokels,DC=techsupt,DC=windowware,DC=com")
  Message(flem, "Is a Member of the Lokel Group")
Else
  Message(flem, "Is NOT a Member of the Lokel Group")
Endif

;~~~~~~~~~~~~~~~~~~~Count the Members of the Lokel Yokels Group~~~~~~~~~~~~~~~~~~~
;adsGroup=ObjectAccess("LDAP://TESTWIN2000/cn=Users,DC=techsupt,DC=windowware,DC=com",@false)
adsGroup=ObjectAccess("LDAP://TESTWIN2000/cn=Lokel,ou=Yokels,DC=techsupt,DC=windowware,DC=com",@false)

adscount=adsGroup.Members
Message("Number of members of the group:", adscount.Count)

exit









Article ID:   W14347

Filename:   ADSI Create Groups and Users Example.txt
File Created: 2001:01:03:12:40:12
Last Updated: 2001:01:03:12:40:12