Announcement

Collapse
No announcement yet.

need move 150 users from one group to another

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • need move 150 users from one group to another

    Hello,
    I need to move 150 users from one group to another.
    Any tool or script?

    Thanks.
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: need move 150 users from one group to another

    DSGET piped to DSMOD would do it
    Alternatively, for a one off, create a query in ADUC to grab the 150 users (using whatever criteria you can) and "add to group"
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: need move 150 users from one group to another

      can you please provide a syntax to make the job
      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

      Comment


      • #4
        Re: need move 150 users from one group to another

        Not knowing your AD structure, no, but you could adapt this:

        dsget user "cn=User1,ou=West,dc=MyDomain,dc=com" -memberOf | dsmod
        group -addmbr "cn=User2,ou=West,dc=MyDomain,dc=com"

        Also found this link where there is a VBS script that may do it:
        http://www.vistax64.com/vb-script/23...via-dsadd.html
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: need move 150 users from one group to another

          I found one script. Want to try it...
          And also your syntax added to LDFIDE.

          Thanks a lot.
          "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

          Comment


          • #6
            Re: need move 150 users from one group to another

            Hi,

            You can check the following powershell script. This is from my blogpost
            http://exchadtech.blogspot.com/2010/...er-of-new.html

            This however will not delete or remove group from old group. Please test the script in you env. It worked well in client's env.
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: need move 150 users from one group to another

              Ossian,
              1. used your syntax (just shortenned real names here, so didn't touch the syntax)
              The error is clear: Directory object not found. Looks like I misspelled... will triple check.

              Microsoft Windows [Version 6.1.7600]
              Copyright (c) 2009 Microsoft Corporation. All rights reserved.
              C:\Users\ma1>dsget user "cn=Group1,ou=HM,dc=cs,d
              c=rt,dc=qc,dc=ca" -memberOf | dsmod group -addmbr "cn=Group2,ou=Lab,dc=cs,dc=rt,dc=qc,dc=ca"
              dsget failedirectory object not found.
              type dsget /? for help.dsmod failed:'Target object for this command' is missing.
              type dsmod /? for help.

              2. I found the script it gives the error on the line that I didn't touch (the changes where made on 2 lines in the beginning. The error is on line 75)
              Can you pls take a look at the script or I have to post this question on Scripting .
              Forgot who is SCRIPT GURU here

              Just in case, the script and error attached:

              =====================
              Option Explicit

              Dim objRootDSE, strDNSDomain, adoCommand
              Dim adoConnection, strBase, strAttributes
              Dim strFilter, strQuery, adoRecordset
              Dim strDN, intCount, blnLast, intLowRange
              Dim intHighRange, intRangeStep, objField
              Dim strSourceGroup, strTargetGroup, objTargetGroup

              ' Specify DN of "source" group, the group whose members are to
              ' be copied into another group.
              strSourceGroup = "cn=Sales1,ou=West,dc=MyDomain,dc=com"

              ' Specify DN of "target" group, the group that will have
              ' members added.
              strTargetGroup = "cn=Sales2,ou=East,dc=MyDomain,dc=com"

              ' Bind to the "target" group.
              Set objTargetGroup = GetObject("LDAP://" & strTargetGroup)

              ' Determine DNS [COLOR=blue !important][COLOR=blue !important]domain [COLOR=blue !important]name[/COLOR][/COLOR][/COLOR]

              .
              Set objRootDSE = GetObject("LDAP://RootDSE")
              strDNSDomain = objRootDSE.Get("DefaultNamingContext")

              ' Use ADO to search Active Directory.
              Set adoCommand = CreateObject("ADODB.Command")
              Set adoConnection = CreateObject("ADODB.Connection")
              adoConnection.Provider = "ADsDSOObject"
              adoConnection.Open = "Active Directory Provider"
              adoCommand.ActiveConnection = adoConnection
              adoCommand.Properties("Page Size") = 100
              adoCommand.Properties("Timeout") = 30
              adoCommand.Properties("Cache Results") = False

              ' Specify base of search.
              strBase = "<LDAP://" & strDNSDomain & ">"
              ' Specify the attribute values to retrieve.
              strAttributes = "member"
              ' Filter on objects of class "group" and specified DN of "source" group.
              strFilter = "(&(ObjectCategory=group)" _
              & "(distinguishedName=" & strSourceGroup & "))"

              ' Enumerate direct group members.
              ' Use range limits to handle more than 1000/1500 members.
              ' Setup to retrieve 1000 members at a time.
              blnLast = False
              intRangeStep = 999
              intLowRange = 0
              IntHighRange = intLowRange + intRangeStep

              Do While True

              If (blnLast = True) Then
              ' If last query, retrieve remaining members.
              strQuery = strBase & ";" & strFilter & ";" _
              & strAttributes & ";range=" & intLowRange _
              & "-*;subtree"
              Else
              ' If not last query, retrieve 1000 members.
              strQuery = strBase & ";" & strFilter & ";" _
              & strAttributes & ";range=" & intLowRange & "-" _
              & intHighRange & ";subtree"
              End If
              adoCommand.CommandText = strQuery
              Set adoRecordset = adoCommand.Execute
              intCount = 0
              Do Until adoRecordset.EOF
              For Each objField In adoRecordset.Fields
              If (VarType(objField) = (vbArray + vbVariant)) _
              Then
              For Each strDN In objField.Value
              ' Escape any forward slash characters, "/", with the
              backslash
              ' escape character. All other characters that should be
              escaped are.
              strDN = Replace(strDN, "/", "\/")
              ' Check if already a member of "target" group.
              If (objTargetGroup.IsMember("LDAP://" & strDN) = False)
              Then
              ' Add to "target" group.
              objTargetGroup.Add("LDAP://" & strDN)
              End If
              intCount = intCount + 1
              Next
              End If
              Next
              adoRecordset.MoveNext
              Loop
              adoRecordset.Close
              ' If this is the last query, exit the Do While loop.
              If (blnLast = True) Then
              Exit Do
              End If
              ' If the previous query returned no members, then the previous
              ' query for the next 1000 members failed. Perform one more
              ' query to retrieve remaining members (less than 1000).
              If (intCount = 0) Then
              blnLast = True
              Else
              ' Setup to retrieve next 1000 members.
              intLowRange = intHighRange + 1
              intHighRange = intLowRange + intRangeStep
              End If
              Loop


              =============================
              Error attached
              Attached Files
              "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

              Comment


              • #8
                Re: need move 150 users from one group to another

                Hi,

                Just curious have you tried PScode.
                Thanks & Regards
                v-2nas

                MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                Sr. Wintel Eng. (Investment Bank)
                Independent IT Consultant and Architect
                Blog: http://www.exchadtech.blogspot.com

                Show your appreciation for my help by giving reputation points

                Comment


                • #9
                  Re: need move 150 users from one group to another

                  v-2nas, the target group has users. So I cannot use your script.

                  Thanks!

                  The script that I attached worked for somebody on web. But give me an error in area that I didn't touch...
                  We can find workaround but ideally would like to move 150 users in one shot.
                  "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

                  Comment


                  • #10
                    Re: need move 150 users from one group to another

                    Originally posted by mla View Post
                    v-2nas, the target group has users. So I cannot use your script.

                    Thanks!

                    The script that I attached worked for somebody on web. But give me an error in area that I didn't touch...
                    We can find workaround but ideally would like to move 150 users in one shot.
                    Hi,

                    It will work even if the target group has user. Probably you can simulate with test group with few users. It will skip those users which are already present.
                    It's your freewill to use it or not
                    Thanks & Regards
                    v-2nas

                    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                    Sr. Wintel Eng. (Investment Bank)
                    Independent IT Consultant and Architect
                    Blog: http://www.exchadtech.blogspot.com

                    Show your appreciation for my help by giving reputation points

                    Comment


                    • #11
                      Re: need move 150 users from one group to another

                      the first remark in your script says:

                      *The script will work only when there are no members present in new group otherwise script fails. I haven't added thelogic where it checks for member present in both groups and skip them.

                      That is why I doubt...
                      I guess I found another way to do this.

                      Thanks.
                      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

                      Comment


                      • #12
                        Re: need move 150 users from one group to another

                        Hi,

                        Sorry about the confusion.
                        Thanks & Regards
                        v-2nas

                        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                        Sr. Wintel Eng. (Investment Bank)
                        Independent IT Consultant and Architect
                        Blog: http://www.exchadtech.blogspot.com

                        Show your appreciation for my help by giving reputation points

                        Comment


                        • #13
                          Re: need move 150 users from one group to another

                          Here is a simple script.
                          If the member already exist in the other group it will not removed from the first group. If the first group happen to be the primary group of the member this member cannot be added to the other group by this script and will not be removed from the first group. In any other case the member is added to the other group and removed from the first group.

                          Code:
                          Const ADS_PROPERTY_DELETE = 4
                          Const ADS_PROPERTY_APPEND = 3
                          
                          Set objGroup1 = GetObject _
                            ("LDAP://cn=Sales1,ou=West,dc=MyDomain,dc=com") 
                          
                          Set objGroup2 = GetObject _
                            ("LDAP://cn=Sales2,ou=East,dc=MyDomain,dc=com") 
                          
                          On Error Resume Next
                          
                          ' enum group1
                          objGroup1.GetInfo: arrMemberOf1 = objGroup1.GetEx("member")
                          For Each strMember in arrMemberOf1
                             Err.Clear
                             '''''''''''''''''
                             ' Add this member to other group (group2)
                             objGroup2.PutEx ADS_PROPERTY_APPEND, "member", Array(strMember)
                             objGroup2.SetInfo
                             '''''''''''''''''
                             ' Remove from previous group (group1), only if copy was successful
                             If Err.number = 0 then
                               objGroup1.PutEx ADS_PROPERTY_DELETE, _
                                 "member", Array(strMember)
                                objGroup1.SetInfo
                                rem wsh.echo "Moved", strMember
                             End If
                             '''''''''''''''''
                          Next
                          \Rems

                          This posting is provided "AS IS" with no warranties, and confers no rights.

                          __________________

                          ** Remember to give credit where credit's due **
                          and leave Reputation Points for meaningful posts

                          Comment


                          • #14
                            Re: need move 150 users from one group to another

                            Who else if not Rems?

                            I logged in today to ask a question on other section of forum and found your answer...
                            Will try tomorrow and will let know the result.

                            Should I run it by OU? (I will check I guess users are in 4 OUs)
                            It is VBS. Yes?

                            Thanks!
                            "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

                            Comment


                            • #15
                              Re: need move 150 users from one group to another

                              Originally posted by mla View Post
                              Who else if not Rems?

                              I logged in today to ask a question on other section of forum and found your answer...
                              Will try tomorrow and will let know the result.

                              Should I run it by OU? (I will check I guess users are in 4 OUs)
                              It is VBS. Yes?

                              Thanks!
                              It is *.vbs.
                              Just provide the two distinguished names of the groups. The attribute "member" of the groupobject contains the distinguished names of the members.

                              \Rems

                              This posting is provided "AS IS" with no warranties, and confers no rights.

                              __________________

                              ** Remember to give credit where credit's due **
                              and leave Reputation Points for meaningful posts

                              Comment

                              Working...
                              X