Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD security group creation

Status
Not open for further replies.
Trekk

Trekk

Programmer
Aug 16, 2001
66
US
I am trying to create a security group in AD, the code below will create the group at the top OU level which is the domain, but I need the code to go 2 Ous deeper. We have an Ou called departments under the domain OU, and then under departments we have the actual departments like HR for example

Any help would be appreciated

Thanks

Option Explicit

Dim objContainer, objGroup,strGroupDescr
Dim ou
Dim cn
ou = InputBox ("Enter Domain")
cn = InputBox ("Enter Security Group")
strGroupDescr = ou & ":"& cn & ":" &"group"
ou=UCase (ou)
cn=UCase (cn)
strGroupDescr=UCase (strGroupDescr)
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &H2
Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = &H4
Const ADS_GROUP_TYPE_LOCAL_GROUP = &H4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &H8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set objContainer = GetObject("LDAP://OU=" & ou & ",DC=TEST,DC=lan")
Set objGroup = objContainer.Create("group", "CN=" & cn)
Call objGroup.Put("sAMAccountName", cn)
Call objGroup.Put("groupType", ADS_GROUP_TYPE_GLOBAL_GROUP + _
ADS_GROUP_TYPE_SECURITY_ENABLED)
call objGroup.Put ("description", strGroupDescr)

objGroup.SetInfo
 
Sort by date Sort by votes
Hello Trekk,

OU can be nested and it is sufficient to bind to the target ou where the group be immediately contained. The only extra work is to make sure the user at the keyboard specify the ou chain. How?, it is to your imagination to put into the input box message. A very inflexible example is this where the user needs to input the target ou out of an acceptable ou list.
[tt]
bAccepted=false
do while not bAccepted
ou = InputBox ("Enter Organizational Unit")
ou=trim(UCase(ou))
select case ou
case "INVESTMENT"
sbinding="OU=INVESTMENT,OU=FINANCE,OU=HEADQTR"
bAccepted=true
case "FINANCE"
sbinding="OU=FINANCE,OU=HEADQTR"
bAccepted=true
case "HEADQTR"
sbinding="OU=HEADQTR"
bAccepted=true
case ""
bAccepted=false
'or you can put a msgbox to let user decide yes or no to quit and/or add some cleanup job before quitting
wscript.echo "Operation aborted. The script will quit."
wscript.quit
case else
bAccepted=false
end select
loop
Set objContainer = GetObject("LDAP://"&sbinding &",DC=TEST,DC=lan")
[/tt]
This is fairly rigidly coded option. You may think of a more flexible alternative if needed.

regards - tsuji
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Locked
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
1K
SoftwareRT
SoftwareRT
Z3braa
  • Locked
  • Question
Remove specific computer name in Logon Workstation from from all users in AD, with VBScript
Replies
0
Views
343
Z3braa
Z3braa
GessWurker1
  • Locked
  • Question
problem with AD query, empty values and form field population
Replies
0
Views
224
GessWurker1
GessWurker1
Stevehewitt
  • Locked
  • Question
Update AD attribute using current user
Replies
0
Views
142
Stevehewitt
Stevehewitt
BernLap
  • Locked
  • Question
Add XML Node with VBS
Replies
0
Views
307
BernLap
BernLap

Part and Inventory Search

Sponsor

Back
Top