Announcement

Collapse
No announcement yet.

Creating multiple AD groups from a CSV file.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating multiple AD groups from a CSV file.

    I have a CSV file named "GroupsToCreate.csv" which contains:

    Global,gShr_TEN-SRVLN_TEST=,Members have Change access to the Share/Folder,scl\JMilano

    Eventually it will contain a number of AD groups which need to be created by the script.

    The script keeps erroring at the line:

    objRecordSet2.MoveFirst

    The error is:

    Exception: Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    Here's is the script:
    Code:
    'Sample INPUT
    'universal,Grpname,This is a test grp,Ownername
    'Script Start
    Const ADS_GROUP_TYPE_GLOBAL = &H2
    Const ADS_GROUP_TYPE_LOCAL = &H4
    Const ADS_GROUP_TYPE_UNIVERSAL = &H8
    Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &h5
    Const ADS_FLAG_OBJECT_TYPE_PRESENT = &h1
    Const ADS_RIGHT_DS_WRITE_PROP = &h20
    Const MEMBER_ATTRIBUTE = "{bf9679c0-0de6-11d0-a285-00aa003049e2}"
    
    ' Generate a random number for the file name for testing only:
    intHighNumber = 9999
    intLowNumber = 1
    
    '
    '
     
    strCSVFile = Replace(WScript.ScriptFullName, WScript.ScriptName, "") & "GroupsToCreate.csv"
    strInternetDomain = "scl.signet.com.au"
    strOU = "ou=TEN-SRVLN,ou=Global Share Groups,ou=SCL Groups,"
    If strOU <> "" Then
    	If Right(strOU, 1) <> "," Then strOU = strOU & ","
    End If
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strLDAPPath = "LDAP://" & strOU & objRootDSE.Get("defaultNamingContext")
     
    Set objConnection2 = CreateObject("ADODB.Connection")
    Set objCommand2 = CreateObject("ADODB.Command")
    objConnection2.Provider = "ADsDSOObject"
    objConnection2.Open "Active Directory Provider"
    Set objCommand2.ActiveConnection = objConnection2
     
    Set ObjFSO = createobject("Scripting.FilesystemObject")
    Set ObjTextfile = ObjFSO.Opentextfile(strCSVFile)
     
    Do Until ObjTextfile.AtEndofStream
    	StrGet = ObjTextfile.ReadLine
    	StrInput = Split(strGet,",")
    	'wscript.echo strLdappath & " " & strInput(1)
    	Set objOU = GetObject(strLdappath)
    	
    	Randomize
    	intNumber = Int((intHighNumber - intLowNumber + 1) * Rnd + intLowNumber)
    	Wscript.Echo "Random Number: " & intNumber
    	strInput(1)=strInput(1) & LPAD(intNumber,"0",4)
    	
    	Select Case StrInput(0)
    		Case "universal"
    			StrGrpName = strInput(1) 
    			Set objGroup = objOU.Create("Group", "cn=" & strGrpName )
    			objGroup.groupType = ADS_GROUP_TYPE_UNIVERSAL
    			objGroup.SetInfo
    		case Else
    			StrGrpName = strInput(1) 
    			Set objGroup = objOU.Create("Group", "cn=" & strGrpName )
    			objGroup.groupType = ADS_GROUP_TYPE_GLOBAL
    			objGroup.SetInfo	 
    	End Select
    	 
    	objGroup.sAMAccountName = strInput(1) 
    	objGroup.SetInfo
    	objGroup.description = strInput(2)
    	objGroup.SetInfo
     
    	objGroup.mail = strGrpName & "@" & strInternetDomain
    	' The following line produces the error:
    	' Exception: Object doesn't support this property or method: 'objGroup.MailEnable'
    	' objGroup.MailEnable
    	objGroup.Put "ProxyAddresses", "SMTP:" & "##-" & strInput(1) & "@" & strInternetDomain
    	objGroup.SetInfo
    	 
    	wscript.echo "Owner Name: " & strInput(3)
    ' 	objCommand2.CommandText ="SELECT Userprincipalname,adspath,distinguishedName FROM '" & strLDAPPath & _
    ' 		"' WHERE objectCategory='User' " & "AND CN='" & strInput(3) & "'"
    ' 	Set objRecordSet2 = objCommand2.Execute
    ' 	objRecordSet2.MoveFirst
    ' 	wscript.echo objRecordSet2.Fields("Adspath").Value
    ' 	If Not objRecordSet2.EOF Then
    ' 		objGroup.Put "managedby" , Trim(Replace(objRecordSet2.Fields("adspath").Value,"LDAP://"," "))
    ' 		objGroup.SetInfo
    ' 		Set objSD = objGroup.Get("ntSecurityDescriptor")
    ' 		Set objDACL = objSD.DiscretionaryAcl
    ' 		Set objACE = CreateObject("AccessControlEntry")
    ' 		objACE.Trustee = objRecordSet2.Fields("UserprincipalName").Value
    ' 		objACE.AccessMask = ADS_RIGHT_DS_WRITE_PROP
    ' 		objACE.AceFlags = 0
    ' 		objACE.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
    ' 		objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
    ' 		objACE.ObjectType = MEMBER_ATTRIBUTE
    ' 		objDACL.AddAce objACE
    ' 		objSD.DiscretionaryAcl = objDACL
    ' 		objGroup.Put "ntSecurityDescriptor", objSD
    ' 		objGroup.SetInfo
    ' 	End If
     
    	wscript.echo "Group named " & strinput(1) & " is created" & vbNewLine
    Loop
     
    Wscript.echo "***** Script End *****"
    WScript.Quit 
    '
    '
    '
    '
    Function Lpad (MyValue, MyPadChar, MyPaddedLength)
    	Lpad = string(MyPaddedLength - Len(MyValue),MyPadChar) & MyValue
    End Function
    
    'Script End
    Does anyone know why this error is ocurring and how to fix it?

    Thanks for your help!
    Last edited by JDMils; 18th November 2008, 02:24.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Creating multiple AD groups from a CSV file.

    Bump anyone?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

    Comment


    • #3
      Re: Creating multiple AD groups from a CSV file.

      where did you got the script ?
      Last edited by largo; 24th November 2008, 10:53.
      Any advice is given in good faith and without warranty.
      Please give reputation points where appropriate.

      Comment


      • #4
        Re: Creating multiple AD groups from a CSV file.

        The error indicates that there is a problem with this query
        Code:
        "SELECT Userprincipalname,adspath,distinguishedName FROM '" & strLDAPPath & "' WHERE objectCategory='User' " & "AND CN='" & strInput(3) & "'"
        And there is one or two...
        First of all, are you sure that input(3) (from the example: scl\JMilano) contains the "common name" value of the userobject? note that the value of this attribute don't have to be a unique value in the active directory domain!!
        If it is the common name, then in this case you'll have to escape the backslash in the name that is used in the example (with a backslash). Also, you must ensure the value is an unique one in your AD domain.

        FYI
        The sAMAccountName attribute of any object must be unique in the domain.
        The userPrincipalName must be unique in the forest.
        The cn attribute (common name) must only be unique in the container or organizational unit.


        Actually, I assume and hope that scl\JMilano here is a composite of the NetBIOS name of the domain and the NT name of the user (???).
        in that case JMilano would infact be the "pre-Windows 2000 logon name" (sAMAccount name) that you like to have translated to the Distinguished Name of the object to be able to create the ADSPath for the connection. More about ' name translation' http://www.rlmueller.net/NameTranslateFAQ.htm


        \Rems

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Creating multiple AD groups from a CSV file.

          ok it's something like this:

          for the script to work you need 2 things:

          1. csv format :

          group scope,group name,group description,group manager full name(not user name and without any prefixes, e.g: paris hilton )

          to fix\not see the error message you you need step 2

          2. the user name your going to use as a manager even a demo user need to be in the same ou you creating the groups(you filling inside the script) !!!
          Any advice is given in good faith and without warranty.
          Please give reputation points where appropriate.

          Comment


          • #6
            Re: Creating multiple AD groups from a CSV file.

            I got the script from here.

            The line:
            Code:
            	objCommand2.CommandText ="SELECT Userprincipalname,adspath,distinguishedName FROM '" & strLDAPPath & _
            		"' WHERE objectCategory='User' " & "AND CN='" & strInput(3) & "'"
            Contains the value:
            "SELECT Userprincipalname,adspath,distinguishedName FROM 'LDAP://ou=TEN-SRVLN,ou=Local Share Groups,ou=SCL Groups,DC=scl,DC=signet,DC=com,DC=au' WHERE objectCategory='User' AND CN='Julian Milano'"
            User accounts in the SCL domain are stored in the OU:

            scl.signet.com.au\<Site Name>\Lightly Managed\Users

            .... where <Site Name> is the geographical site. The groups being created are created in the OU:

            scl.signet.com.au\SCL Groups\Local Share Groups\TEN-SRVLN

            "Julian Milano" is the "User Logon Name" and the "pre-Windows 2000 User Logon Name" is "SCL\" & "jmilano".

            The sAMAccountName attribute of any object must be unique in the domain.
            The userPrincipalName must be unique in the forest.
            The cn attribute (common name) must only be unique in the container or organizational unit.
            The sAMAccountName is definately unique. That's why I have the random number gen which I tack onto the end of the group name for testing ONLY. When, *IF*, the name is not unique, I get a hard error when the script tries to create the group so I definately know it is OK.

            The group names listed in the CSV file are being created OK, that's not a problem. My problem is that when the code tries to set the Manager's name, that the query above, which is pivotal to setting this value, fails and the Manager's name is not set. If I can fix the query I'm sure I can get the Managed By property populated. This is what I need help with.
            Last edited by JDMils; 26th November 2008, 02:31.
            |
            +-- JDMils
            |
            +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
            |

            Comment


            • #7
              Re: Creating multiple AD groups from a CSV file.

              I changed the code to the following line:
              Code:
              	objCommand2.CommandText ="SELECT Userprincipalname,adspath,distinguishedName FROM 'LDAP://ou=Users,ou=Lightly Managed,ou=Clayton,DC=scl,DC=signet,DC=com,DC=au' WHERE objectCategory='User' AND CN='Julian Milano'"
              	'
              	' This is the good line.
              ' 	objCommand2.CommandText ="SELECT Userprincipalname,adspath,distinguishedName FROM '" & strLDAPPath & _
              ' 		"' WHERE objectCategory='User' " & "AND CN='" & strInput(3) & "'"
              Note that I put in the actual OU of the username, the OU where I *know* the user object exists and it now runs OK upto the following line:
              Code:
              		objSD.DiscretionaryAcl = objDACL
              		objGroup.Put "ntSecurityDescriptor", objSD
              '
              ' It now fails on the following line:
              '
              		objGroup.SetInfo
              The error is:
              Exception: Unknown Exception
              So how am I supposed to fix that??
              |
              +-- JDMils
              |
              +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
              |

              Comment


              • #8
                Re: Creating multiple AD groups from a CSV file.

                jdmils you read my post ?

                to know that the script wrote by robsampson from ee his enough to know there no problem with it.

                just do what i wrote and the script will run with no problems.
                Any advice is given in good faith and without warranty.
                Please give reputation points where appropriate.

                Comment


                • #9
                  Re: Creating multiple AD groups from a CSV file.

                  Still does not work. Here's my CSV file:

                  Code:
                  Local,_lShr_TEN-SRVLN_NCPOS_Change,Members have Change access to the Share/Folder,Julian Milano
                  Local,_lShr_TEN-SRVLN_ArtWork_Control_Change,Members have Change access to the Share/Folder,Julian Milano
                  This matches your specs.

                  I put my user account in the same OU as the groups being created, but I still get the error:

                  "Exception: Unknown Exception"

                  on the line:

                  objGroup.SetInfo

                  Although, with the account in the same OU as the new group I now have the ManagedBy property populated on the group. We're getting there!
                  Last edited by JDMils; 27th November 2008, 05:29.
                  |
                  +-- JDMils
                  |
                  +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                  |

                  Comment


                  • #10
                    Re: Creating multiple AD groups from a CSV file.

                    in the script you post half of the script start with : '

                    in each line i thought you tryed something to test does it's still there ?
                    Any advice is given in good faith and without warranty.
                    Please give reputation points where appropriate.

                    Comment

                    Working...
                    X