Vista - How can I find a group in AD if I just know the Group Name

02-13-2009

Hello all

I've spent two days Googling and found nothing on what I'm trying to
accomplish. I've emailed the "Scripting GUy" and had no response.
Hopefully someone here can assist me.
I would have thought what I am trying to accomplish was done many
times over, as it is a very common issue for me in Admin functions of
AD.
I'm trying to create a "Copy User" type script in VB Script. So many
times I've had to create new users that exactly replace the
functionality of a departing user, and creating new users is simple,
however copying an existing user, and all their group memberships, and
then placing the new user account in the right OU, apparently has
never been scripted before if my Google searches tell me anything.

I have successfully written a script to take a username entered into
a text box and then using that name, queried AD and returned a list of
all groups the user belongs to. This results in a text file listing
the groupnames Now, I want to take that information and add a new
user to the same group list. Problem I'm having is my current script
which returns the group names, doesn't provide me any indication of
the groups AD location for binding purposes. How would I take a
groupname like "Treasury users" and add a user to it without this
information?

Any assistance would be greatly appreciated

Stumped

02-13-2009

"SecurityGuy" <epettinger@xxxxxx> wrote in message
news:3dafae7a-96a1-400d-9523-2038d03d8543@xxxxxx

Quote:

> Hello all
>
> I've spent two days Googling and found nothing on what I'm trying to
> accomplish. I've emailed the "Scripting GUy" and had no response.
> Hopefully someone here can assist me.
> I would have thought what I am trying to accomplish was done many
> times over, as it is a very common issue for me in Admin functions of
> AD.
> I'm trying to create a "Copy User" type script in VB Script. So many
> times I've had to create new users that exactly replace the
> functionality of a departing user, and creating new users is simple,
> however copying an existing user, and all their group memberships, and
> then placing the new user account in the right OU, apparently has
> never been scripted before if my Google searches tell me anything.
>
> I have successfully written a script to take a username entered into
> a text box and then using that name, queried AD and returned a list of
> all groups the user belongs to. This results in a text file listing
> the groupnames Now, I want to take that information and add a new
> user to the same group list. Problem I'm having is my current script
> which returns the group names, doesn't provide me any indication of
> the groups AD location for binding purposes. How would I take a
> groupname like "Treasury users" and add a user to it without this
> information?
>
> Any assistance would be greatly appreciated
>
> Stumped

If the name of the groups you are dealing with does not indicate where in AD
the object resides, then you are dealing with NetBIOS name (pre-Windows 2000
logon name) of the group, which is the value of the sAMAccountName
attribute. That's your mistake. Only work with the Distinguished Name (the
value of the distinguishedName attribute). The same can be said of the user
names, use distinguishedName not sAMAccountName.

We probably need to see your code to help more. If you need to prompt for
sAMAccountName (say of the user), you can use the NameTranslate object to
convert this to the distinguishedName. See this link for details:

http://www.rlmueller.net/NameTranslateFAQ.htm

NameTranslate can be used to convert sAMAccountNames of users or groups to
distinguishedNames. Make sure you use the LDAP provider (not the WinNT). You
can get the groups a user is a direct member of from the memberOf attribute
of the user. To add a user to a group, bind to the group (using the
Distinguished Name of the group) and use the Add method of the group object.
You pass the AdsPath of the user to the Add method.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

02-13-2009	#1 (permalink)
SecurityGuy n/a posts	How can I find a group in AD if I just know the Group Name Hello all I've spent two days Googling and found nothing on what I'm trying to accomplish. I've emailed the "Scripting GUy" and had no response. Hopefully someone here can assist me. I would have thought what I am trying to accomplish was done many times over, as it is a very common issue for me in Admin functions of AD. I'm trying to create a "Copy User" type script in VB Script. So many times I've had to create new users that exactly replace the functionality of a departing user, and creating new users is simple, however copying an existing user, and all their group memberships, and then placing the new user account in the right OU, apparently has never been scripted before if my Google searches tell me anything. I have successfully written a script to take a username entered into a text box and then using that name, queried AD and returned a list of all groups the user belongs to. This results in a text file listing the groupnames Now, I want to take that information and add a new user to the same group list. Problem I'm having is my current script which returns the group names, doesn't provide me any indication of the groups AD location for binding purposes. How would I take a groupname like "Treasury users" and add a user to it without this information? Any assistance would be greatly appreciated Stumped
My System Specs

02-13-2009	#2 (permalink)
Richard Mueller [MVP] n/a posts	Re: How can I find a group in AD if I just know the Group Name "SecurityGuy" <epettinger@xxxxxx> wrote in message news:3dafae7a-96a1-400d-9523-2038d03d8543@xxxxxx Quote: > Hello all > > I've spent two days Googling and found nothing on what I'm trying to > accomplish. I've emailed the "Scripting GUy" and had no response. > Hopefully someone here can assist me. > I would have thought what I am trying to accomplish was done many > times over, as it is a very common issue for me in Admin functions of > AD. > I'm trying to create a "Copy User" type script in VB Script. So many > times I've had to create new users that exactly replace the > functionality of a departing user, and creating new users is simple, > however copying an existing user, and all their group memberships, and > then placing the new user account in the right OU, apparently has > never been scripted before if my Google searches tell me anything. > > I have successfully written a script to take a username entered into > a text box and then using that name, queried AD and returned a list of > all groups the user belongs to. This results in a text file listing > the groupnames Now, I want to take that information and add a new > user to the same group list. Problem I'm having is my current script > which returns the group names, doesn't provide me any indication of > the groups AD location for binding purposes. How would I take a > groupname like "Treasury users" and add a user to it without this > information? > > Any assistance would be greatly appreciated > > Stumped If the name of the groups you are dealing with does not indicate where in AD the object resides, then you are dealing with NetBIOS name (pre-Windows 2000 logon name) of the group, which is the value of the sAMAccountName attribute. That's your mistake. Only work with the Distinguished Name (the value of the distinguishedName attribute). The same can be said of the user names, use distinguishedName not sAMAccountName. We probably need to see your code to help more. If you need to prompt for sAMAccountName (say of the user), you can use the NameTranslate object to convert this to the distinguishedName. See this link for details: http://www.rlmueller.net/NameTranslateFAQ.htm NameTranslate can be used to convert sAMAccountNames of users or groups to distinguishedNames. Make sure you use the LDAP provider (not the WinNT). You can get the groups a user is a direct member of from the memberOf attribute of the user. To add a user to a group, bind to the group (using the Distinguished Name of the group) and use the Add method of the group object. You pass the AdsPath of the user to the Add method. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net --
My System Specs

Similar Threads
Thread	Forum
add user to group /group scope - Global /Group type - Security	PowerShell
Messenger Group â€“ Enjoy the group chat on your Windows Live Messen	Live Messenger
Windows Mail Contact Group option GROUP ONLY	Vista mail
Find Contact group ?	Vista mail
How to find group members of a OU	PowerShell