Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: Multiple Secuirty group
Re: Multiple Secuirty group [message #158944] Tue, 21 July 2009 14:38
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
Ezakial wrote:

>
> I'm looking for tool or script which can create multiple security groups
> either Domain Local ,Global, or Universal. The script should read the test
> file and create multiple groups.
>
> Let me know if anyone has come across such scripts or tool. Thanks

When you create local groups, you need to know the computer name (or know
that the group is to be created on the computer running the script) and the
NetBIOS name (NT name) of the new group. You must use the WinNT provider.
Typical code would be similar to:
==========
Option Explicit
Dim objNetwork, strComputer, strGroup, objComputer, objGroup

' Retrieve NetBIOS name of local computer.
' If the computer is remote, assign NetBIOS name to strComputer.
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

' Specify NetBIOS name of new group.
strGroup = "NewGroupName"

' Bind to computer.
Set objComputer = GetObject("WinNT://" & strComputer)

' Create local group.
Set objGroup = objComputer.Create("Group", strGroup)
objGroup.SetInfo
============
For domain groups, you need to know the container/OU where the group object
will be created, the Common Name of the new group, the NetBIOS name
(pre-Windows 2000 name) of the new group, and the group type. You should use
the LDAP provider. For example, to create a global security group.
=============
Option Explicit
Dim strOU, strCN, strNTName, objOU, objGroup

Const ADS_GROUP_TYPE_GLOBAL = &H2
Const ADS_GROUP_TYPE_UNIVERSAL = &H8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

' Specify Common name of new group.
strCN = "New Group"

' Specify NetBIOS name of new group.
strNTName = "NewGroup"

' Specify the Distinguished Name (DN) of the container/OU
' where the group will be created.
strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com"

' Bind the container/OU.
Set objOU = GetObject("LDAP://" & strOU)

' Create global security group.
Set objGroup = objOU.Create("Group", "cn=" & strCN)

' Assign attributes.
objGroup.sAMAccountName = strNTName
objGroup.groupType = ADS_GROUP_TYPE_GLOBAL Or
ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo
========
For universal security groups, use the appropriate constant. For
distribution groups, simply remove the "Or" operator and the constant for
security enabled groups.

You can write a script to create groups in bulk from the information in a
text file. You don't say what is in the file you anticipate. If the script
is just for local groups, and you assume the local computer, the file can
contain one group name per line. For Active Directory groups, the file would
need to specify the Distinguished Name (DN) of the container/OU, the Common
Name, the NetBIOS name, and the group type.

If you hard code the DN of the container/OU and the group type in the
script, and you assume that the Common Name and NetBIOS names of each group
are the same (assuming the names are unique in the domain), you can simply
read names from the file. You can use the FileSystemObject to read the
names. For example, to create global security groups in bulk from a text
file, the script could be similar to below:
========
Option Explicit
Dim strOU, strGroup, objOU, objGroup
Dim strFile, objFile, objFSO

Const ADS_GROUP_TYPE_GLOBAL = &H2
Const ADS_GROUP_TYPE_UNIVERSAL = &H8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000
Const ForReading = 1

' Specify the file of group names.
strFile = "c:\Scripts\GroupNames.txt"

' Specify the Distinguished Name (DN) of the container/OU
' where all groups will be created.
strOU = "ou=Sales,ou=West,dc=MyDomain,dc=com"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

' Read the file.
Do Until objFile.AtEndOfStream
strGroup = Trim(objFile.ReadLine)
' Skip blank lines.
If (strGroup <> "") Then
' Create global security group.
Set objGroup = objOU.Create("Group", "cn=" & strGroup)

' Assign attributes.
objGroup.sAMAccountName = strGroup
objGroup.groupType = ADS_GROUP_TYPE_GLOBAL _
Or ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo
End If
Loop

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Previous Topic:Urgent Please: Returnung Incorrect Attributes Value
Next Topic:Least permissions to update Manager field in AD
Goto Forum:
  


Current Time: Wed Oct 18 01:35:37 EDT 2017

Total time taken to generate the page: 0.02940 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software