Announcement

Collapse
No announcement yet.

Using DSQUERY and DSMOD to copy group membership

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using DSQUERY and DSMOD to copy group membership

    Hello,

    Is it possible to use these tools to copy the memberof from one user to the another. I am trying to find the easiest way to do this since manually doing it through AD takes a while. I can get the memberof list to display piping DSQUERY to DSGET, would it worked the same way for DSMOD?

    Thanks in advance.

  • #2
    Re: Using DSQUERY and DSMOD to copy group membership

    Here is an example I have just written and it worked for me:
    Code:
    :: CpGroups.CMD - Guy Teverovsky - December 2006
    :: 
    :: Copies group membership between user accounts
    
    @echo off
    
    setlocal ENABLEDELAYEDEXPANSION
    setlocal ENABLEEXTENSIONS
    
    if "%1"=="" goto :SYNTAX
    if "%1"=="/?" goto :SYNTAX
    
    echo/
    
    :: Define initial environment
    set source_usr=%1
    set target_usr=%2
    set scriptname=CpGroups
    
    
    :: Determine if supplied arguments were sufficient
    if "%source_usr%"=="" (
    	echo/
    	echo ERROR - Insufficient arguments
    	goto :SYNTAX
    )
    
    if "%target_usr%"=="" (
    	echo/
    	echo ERROR - Insufficient arguments
    	goto :SYNTAX
    )
    
    
    :: Locate critical executables
    for %%e in (dsquery.exe dsget.exe) do (
    	set where="%%~$PATH:e"
    	if "!where!"=="""" (
    		echo ERROR - Required executable, "%%e", not located within the path
    		goto :END
    	)
    )
    
    
     
    for /f "delims=" %%i in ('dsquery user -samid %source_usr%') do ( 
    	setlocal DISABLEEXTENSIONS
    	set source_usr_dn=%%i
    	setlocal ENABLEEXTENSIONS
    )
    
    if %source_usr_dn%=="" (
    	echo/
    	echo ERROR - Source user account not found
    	goto :END
    )
    
    for /f "delims=" %%i in ('dsquery user -samid %target_usr%') do (
    	setlocal DISABLEEXTENSIONS
    	set target_usr_dn=%%i
    	setlocal ENABLEEXTENSIONS
    )
    
    if %target_usr_dn%=="" (
    	echo/
    	echo ERROR - Target user account not found
    	goto :END
    )
    
    
    
    
    for /f "delims=" %%i in ('dsget user %source_usr_dn% -memberof') do (
    	dsmod group %%i -addmbr %target_usr_dn%
    )
    
    goto :END
    
    :SYNTAX
    echo/
    echo SYNTAX - %scriptname% [source account samid] [target account samid]
    echo/
    echo   * [source account samid] is the account to copy the group membership from
    echo   * [target account samid] is the account to copy the group membership to
    echo/
    echo     e.g. - %scriptname%  jdoe bsmith
    echo/
    
    :END

    Example:
    Code:
    C:\>CpGroups.cmd guy test3
    
    dsmod succeeded:CN=Exchange Organization Administrators,CN=Users,DC=c-dom,DC=est
    
    dsmod succeeded:CN=Exchange Services,CN=Users,DC=c-dom,DC=est
    dsmod succeeded:CN=Exchange Domain Servers,CN=Users,DC=c-dom,DC=est
    dsmod succeeded:CN=Group Policy Creator Owners,CN=Users,DC=c-dom,DC=est
    dsmod succeeded:CN=Domain Admins,CN=Users,DC=c-dom,DC=est
    dsmod succeeded:CN=Enterprise Admins,CN=Users,DC=c-dom,DC=est
    dsmod succeeded:CN=Schema Admins,CN=Users,DC=c-dom,DC=est
    dsmod succeeded:CN=Remote Desktop Users,CN=Builtin,DC=c-dom,DC=est
    dsmod succeeded:CN=Administrators,CN=Builtin,DC=c-dom,DC=est
    dsmod failed:CN=Domain Users,CN=Users,DC=c-dom,DC=est:Either the specified user
    account is already a member of the specified group, or the specified group canno
    t be deleted because it contains a member.
    type dsmod /? for help.
    Attached Files
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: Using DSQUERY and DSMOD to copy group membership

      Thanks for your help.

      I am getting an error with this script: ( was unexpected at this time I put echo on and it seems to be happening here. I can't seem to figure it out.

      C:\util>for /F "delims=" %i in ('dsquery user -samid Test') do (
      setlocal DISABLEEXTENSIONS
      set source_usr_dn=%i
      setlocal ENABLEEXTENSIONS
      )
      ( was unexpected at this time.

      Comment


      • #4
        Re: Using DSQUERY and DSMOD to copy group membership

        Stupid question: have you copy&pasted the script or have you downloaded the attached file ?

        Have double checked and the syntax is correct as long as it's part of a .bat or .cmd file. Can you please post the full output of the script after setting echo to on ?
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Using DSQUERY and DSMOD to copy group membership

          Thanks for the reply.

          I downloaded the txt file and saved it as cpgroups.cmd and ran from the command-prompt. I have attaced the echo output.

          Thanks again.
          Attached Files

          Comment


          • #6
            Re: Using DSQUERY and DSMOD to copy group membership

            Have tried to reproduce the error, but had no luck. What OS are you running the script on ? Can you try on W2K3 SP1 or R2 ?

            If that still does not work, I have found that someone had already done something like this: http://windowsitpro.com/MicrosoftExc...471/94471.html. You might want to test the script from the link.
            Last edited by guyt; 26th December 2006, 00:23.
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: Using DSQUERY and DSMOD to copy group membership

              Thanks again for the help. I am having issues with that script too. Maybe it's a rights issue--not sure. I am actually using Windows XP with the 2003 SP1 Admin tools installed. I will keep plugging away though.

              Thanks again.

              EDIT: Hmm, I am wondering now it this has to do with command extensions not being enabled. Seems I am getting my error on the "if" or "for" command. Just a thought.
              Last edited by BigA; 26th December 2006, 18:58.

              Comment


              • #8
                Re: Using DSQUERY and DSMOD to copy group membership

                Finally got it to work. I had to change some of the code for the second link that you posted. I just hard coded some stuff, so it' s not universal, but it works great. Will save me a lot of time setting up users.

                Thanks

                Comment


                • #9
                  Re: Using DSQUERY and DSMOD to copy group membership

                  Originally posted by BigA View Post
                  Hmm, I am wondering now it this has to do with command extensions not being enabled. Seems I am getting my error on the "if" or "for" command. Just a thought.
                  Thats what I suspect too, hence I asked about the OS you are running the script from. I have seen slightly different behavior between XP and W2K3 cmd

                  Glad you finally worked it out
                  Guy Teverovsky
                  "Smith & Wesson - the original point and click interface"

                  Comment

                  Working...
                  X