Add users to Domain group based on attribute

Printable View

Aug 25th, 2008, 09:42 AM
vbs-Noob

Add users to Domain group based on attribute

I'm looking for a way to help automate mundane tasks. I have written some fairly basic scripts in VBS but I'm getting stumped on this project.

Some brief background; We have new contractors starting fairly often and we want to ensure they added to the correct groups. All contractors have only Contractor listed in their Title attribute.

Occasionally contractors are hired and become full-time employees and as a result their title changes.

I'd like a script that can read every user (we only 900 or so) and if their title is Contractor they should be added to the group. If their title is not contractor the should not be placed in the group. If they are currently in the group but the title is not contractor they should be removed.

I've found a code snippet that can remove all users from the group, but I'm having trouble enumerating AD and checking the attribute and if it matches adding it to the group.

Any help would be appreciated immensely
Aug 26th, 2008, 01:32 PM
mendhak

Re: Add users to Domain group based on attribute

It usually helps to show the code you're working with and pointing out the areas you're failing in.
Aug 26th, 2008, 01:33 PM
mendhak

Re: Add users to Domain group based on attribute

Also, look here.

http://activexperts.com/activmonitor...ectory/groups/
Aug 28th, 2008, 09:49 AM
vbs-Noob

Re: Add users to Domain group based on attribute

OK I've cobbled together a little script that starts to do what I need.

I figure I need to enumerate all users in the domain and check the title value of each user to see if it matches. When it does add it to the appropriate group. I'm not correctly binding to the user object it seems.

Help please?

Code:

Dim strTitle, strUser, strGroup, strDomainDN, strGroupName strGroupName = "Contractors" strGroupDN = "LDAP://" & strGroupName & ",OU=Groups," & strDomainDN ' ------ SCRIPT CONFIGURATION ------ Set WshShl = Wscript.CreateObject("Wscript.Shell") WshShl.LogEvent 0, "contractors-group.vbs - Beginning script execution" strDomainDN = "dc=ad,dc=domain,dc=com" ' ------ END CONFIGURATION --------- strBase = "<LDAP://" & strDomainDN & ">;" strFilter = "(&(objectclass=user)(objectcategory=person));" strAttrs = "name;" strScope = "subtree" Wscript.echo (strdomaindn) set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) objRS.MoveFirst while Not objRS.EOF Wscript.Echo objRS.Fields(0).Value strUser = objRS.Fields(0).Value Set objUser = struser Wscript.Echo objUser.Title ' I want to see that title attribute is seen ' add function to add user to group here objRS.MoveNext wend WshShl.LogEvent 0, "Contractors-group.vbs - Completed script execution"