#143503 - 2005-07-13 06:10 PM
Groups
|
Maik
Getting the hang of it
Registered: 2003-01-14
Posts: 87
|
Hello,
I got a textfile in which I stored the some names of groups in my domain. Due to reconstructing tasks I must copy the members of the stored groups in new created ones.
Renaming of the groups does not work because there was a complete change and re-ACL of the networking resources.
Mainly it is a kind of parsing, enumerating and copying of the objects but I don't know how to get this to work. 
Maik
|
|
Top
|
|
|
|
#143505 - 2005-07-14 10:07 AM
Re: Groups
|
Maik
Getting the hang of it
Registered: 2003-01-14
Posts: 87
|
Quote:
Active Directory? Do have the new group names as well in the text file? This should be a relatively easy task, just need some more info...
Yes and No, it is an Active Directory with some Windows NT BDC in it. The names are stored each in a separate line like:
group1
group2
group3
.
.
.
Maik
|
|
Top
|
|
|
|
|
#143507 - 2005-07-14 01:47 PM
Re: Groups
|
Maik
Getting the hang of it
Registered: 2003-01-14
Posts: 87
|
Quote:
Are the new groups already created or do you need to create them in your script?
It depends... most of them still exist but some must be created.
Maik
|
|
Top
|
|
|
|
|
#143509 - 2005-07-14 02:12 PM
Re: Groups
|
Maik
Getting the hang of it
Registered: 2003-01-14
Posts: 87
|
I "redesigned" my textfile to fit this purpose. It know reads like this:
Quote:
group1old;group1new
group2old;group2new
group3old;group3new
|
|
Top
|
|
|
|
|
#143511 - 2005-07-14 03:51 PM
Re: Groups
|
Maik
Getting the hang of it
Registered: 2003-01-14
Posts: 87
|
Quote:
much better. one last question (hopefully), are these groups scattered throughout your AD or are they in one OU. And if scattered, I'm assuming the new group, if it does not exist, should be created in the same OU as the current group, right?
They are scattered in the AD and yes, they schould be created in the same OU.
Maik
|
|
Top
|
|
|
|
|
#143512 - 2005-07-14 04:44 PM
Re: Groups
|
maciep
Korg Regular
Registered: 2002-06-14
Posts: 947
Loc: Pittsburgh
|
Ok. I did some very basic testing on this here, but it should definitely be tested a lot more. It makes use of fnLDAPQuery() from Chris S.
It's also kind of sloppy, i didn't dim any of my vars or do a lot of error checking, so you should probably tweak it to make more robust.
Let me know if you have any questions/problems.
Code:
break on
$ = setoption('wrapateol','on')
; get the defautl naming context
; open the source file for reading
; loop through the file
$sADsPath = "LDAP://"+GetObject("LDAP://rootDSE").Get("defaultNamingContext")
$ = open(1,'c:\Groups.txt')
$curLine = trim(readline(1))
while @error = 0
; split the line to grab the new and old group
$curGroup = split($curLine,';')[0]
$newGroup = split($curLine,';')[1]
; using the fnLDAPQuery function, try to get the
; adsPath of the new group
$strFilter = "(&(objectClass=group)(Name=" + $newGroup + "))"
$aAttributes ="adsPath"
$grpAdsPath = ""
$aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter)
For Each $Result in $aResults
$grpAdsPath = $Result
Next
; If the group does not exist (adsPath not found), then create it
if not $grpAdsPath
;get the adsPath of the current Group
$strFilter = "(&(objectClass=group)(Name=" + $curGroup + "))"
$aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter)
For Each $Result in $aResults
$grpAdsPath = $Result
Next
; from the adsPath of the current group
; get the adsPath of its container
$grpOU= 'LDAP://' + substr($grpAdsPath,instr($grpAdsPath,',') + 1)
; create new group by getting the OU object and using the create method
; pass it the name of the new group
; (creates a global security group by default i think)
$objNewGroup = getobject($grpOU).Create("group", "cn=" + $newGroup)
$objNewGroup.SetInfo()
else
; if the group already exists, get that group object
$objNewGroup = getobject($grpAdsPath)
endif
; using the fnLDAPQuery function, get the members of the current group
; Add those memebers to the new group (using the object from above)
$strFilter = "(&(objectClass=group)(Name=" + $curGroup + "))"
$aAttributes ="member"
$aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter)
for each $aRes in $aResults
for each $res in $aRes
$objNewGroup.Add('LDAP://' + $res)
get $some
next
next
$curLine = trim(readline(1))
loop
Function fnLDAPQuery($What,$From,Optional $Filter,Optional $OrderBy,Optional $Scope,Optional $User,Optional $Pswd)
Dim $oCon,$oCMD,$oRS,$sQ,$sF,$sGV,$R,$vP,$aR[0],$nul
If $Scope <> "base" AND $Scope <> "onelevel" AND $Scope <> "subtree" $Scope = "subtree" EndIf
$sQ = "<"+$From+">;"+$Filter+";"+Iif(VarType($What)>8192,Join($What,','),$What)+";"+$Scope
If VarType($What)>8192
For Each $sF in $What $sGV=$sGV+'$'+'oRS.Fields("'+$sF+'").Value,' Next
$sGV=Substr($sGV,1,Len($sGV)-1)
Else
$sGV='$'+'oRS.Fields("'+$What+'").Value'
EndIf
$oCon=CreateObject("ADODB.Connection")
$oCon.Provider = "ADsDSOObject"
$oCon.Properties("Encrypt Password").Value=1
$oCon.Properties("ADSI Flag").Value=1
If $User AND $Pswd
$oCon.Properties("User ID").Value=$User
$oCon.Properties("Password").Value=$Pswd
EndIf
$oCon.Open("Active Directory Provider")
$oCMD=CreateObject("ADODB.Command")
$oCMD.ActiveConnection=$oCon
$oCMD.CommandText=$sQ
$oCMD.Properties("Page Size").Value=1000
$oCMD.Properties("Timeout").Value=30
$oCMD.Properties("Cache Results").Value=0
If $OrderBy="distinguishedName"
$oRS = CreateObject("ADODB.Recordset")
$oRS.CursorLocation=3
$oRS.Sort=$OrderBy
$oRS.Open($sQ,$oCon,0,1,1)
Else
If $OrderBy
$oCMD.Properties("Sort On").Value=$OrderBy
EndIf
$oRS = $oCMD.Execute
EndIf
If @ERROR Exit @ERROR EndIf
If $oRS.BOF AND $oRS.EOF Exit @ERROR EndIf
Do
$nul=Execute('$'+'vP='+$sGV)
$aR[$R]=$vP
$oRS.MoveNext
$R=$R+1
ReDim Preserve $aR[$R]
Until $oRS.EOF
ReDim Preserve $aR[$R-1]
$fnLDAPQuery=$aR
EndFunction
|
|
Top
|
|
|
|
|
#143513 - 2005-07-14 06:17 PM
Re: Groups
|
Maik
Getting the hang of it
Registered: 2003-01-14
Posts: 87
|
Many thanks! 
|
|
Top
|
|
|
|
|
#143515 - 2005-07-14 10:40 PM
Re: Groups
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
Nice one, m. This is exactly the kind of advanced function I had in mind when I created this. As an aside, you are using an outdated version of fnLDAPQuery(). After reviewing your script, it should work with the "official" version in the UDF forum.
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 1198 anonymous users online.
|
|
|
