vbscript to write to AD department field for multipe users

Home Forums Scripting Windows Script Host vbscript to write to AD department field for multipe users

This topic contains 8 replies, has 4 voices, and was last updated by  tonysax 2 months, 2 weeks ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts

  • Goozer16
    Member
    #167725

    Hi there. I am new to vbscript and I already have been advised to change this script to Powershell, but I must make this work as I’ve inherited this not working script.

    This script looks to a group in AD, and if users are in that (security) group, then proceeds to change the department variable on users in designated sections in our organization, base on their memberships in those section’s security groups. It is not working and I need to get it working…

    {

    On Error Resume Next

    Set objGroup = GetObject _
    (“LDAP://CN=livetimecustomers,OU=service accounts,DC=domain,DC=com”)
    ‘ WScript.Echo objGroup.Name

    For Each objMember In objGroup.Members
    ‘ WScript.Echo vbCrlf & ” Name: ” & objMember.Name
    arrGroups = objMember.GetEx(“member”)
    If (Err.Number = 0) Then
    On Error GoTo 0
    strGroups = LCase(Join(arrGroups))

    ‘ Update Department attribute for COMMUNITY members

    If InStr(strGroups, “cn=community,ou=community,dc=domain,dc=com”) Then
    ‘ WScript.Echo vbCrlf & ” Name: ” & objMember.Name & ” is member of COMMUNITY”
    Set objUser = GetObject(objMember.ADsPath)
    objUser.department = “COMMUNITY”
    objUser.SetInfo
    End If

    ‘ Update Department attribute for ARTS members

    If InStr(strGroups, “cn=arts,ou=arts,ou,dc=domain,dc=com”) Then
    ‘ WScript.Echo vbCrlf & ” Name: ” & objMember.Name & ” is member of ARTS”
    Set objUser = GetObject(objMember.ADsPath)
    objUser.department = “ARTS”
    objUser.SetInfo
    End If

    }


    tonysax
    Member
    #392104

    Any guidance is greatly appreciated!


    Ossian
    Moderator
    #192131

    Can you give us some examples of the output you get, particularly any errors?


    tonysax
    Member
    #392105

    I’m getting no errors on execution on the domain controller, but it is not writing to the user’s Department fields…
    I also debugged script with vbsedit with no errors….end of script has another EndIf Next


    tonysax
    Member
    #392106

    …as there are multiple sections/security groups to write to


    tonysax
    Member
    #392107

    The following script works to edit the section, but I cannot get it to repeat for other sections:

    OnErrorResumeNext

    Set objGroup = GetObject _
        (“LDAP://cn=livetimecustomers,ou=service accounts,dc=domain,dc=com” ,group)
        objGroup.GetInfo
        strGrpAdsPath = “cn=community,ou=community,dc=domain,dc=com”

    ForEach objMemberIn objGroup.Members
        If (objMember.IsMember(strGrpAdsPath) = True) Then
            objMember.department = “COMMUNITY”
            objMember.SetInfo
        EndIf


    tonysax
    Member
    #392108

    Basically I want to get everyone in AD which exist in the ‘livetimecustomers’ sec group to edit their Department based on their existence in their ‘Primary’ Security Group for their section


    wullieb1
    Moderator
    #245830

    Where is the rest of your script? Can you post a santised version?

    If you remove the On Error Resume Next part you’ll see the errors as they occur.

    From what i can see you are looking to update the description of the user based on the primary group memberships they have? Based on your example and code

    If Person is a member of Arts then description equals arts
    If person is a member of Community then description equals community

    Does this look right?


    wullieb1
    Moderator
    #245831

    Here’s something i’ve quickly, very quickly i might add, that will search for the Domain Admins group members and then get the primary group after that. This is done in PowerShell

    Import-Module ActiveDirectory

    $GrpMem = Get-ADGroupMember -Identity “Domain Admins” -Recursive | Get-AdUser -Property SamAccountName, Description | Select SamAccountName, Description

    ForEach ($Mem in $GrpMem) {

    $PriGrp = Get-AdUser -identity $Mem.SamAccountName -Properties PrimaryGroupID

    If($PriGrp = ‘513’){
    write-host “Primary Group is Domain Users”
    } Else {
    write-host “Something else”
    }

    }[/CODE][CODE]Import-Module ActiveDirectory

    $GrpMem = Get-ADGroupMember -Identity “Domain Admins” -Recursive | Get-AdUser -Property SamAccountName, Description | Select SamAccountName, Description

    ForEach ($Mem in $GrpMem) {

    $PriGrp = Get-AdUser -identity $Mem.SamAccountName -Properties PrimaryGroupID

    If($PriGrp = ‘513’){
    write-host “Primary Group is Domain Users”
    } Else {
    write-host “Something else”
    }

    }[/CODE]

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.