add user to group 2

[holidayIT]

I am starting a new thread as the old one is kinda long.
Here is my script, i am trying to add a user to the domain admins group in ADS. it doesn't work. Any help would be much appreciated.

On Error Resume Next

Dim conADS, rstADS, cmdADS, strADS, strDefaultDomainNC
Dim strCN, strGivenN, strLastN, strFullN, strDesc, strLocation, strEmail, strMsg
Dim strAdmin, strDomAdmin
Dim sErrDesc, sErrNumb, errDict, strErrMsg, strErrYes
Dim sUser, userDict, stUser

'Get Default namaing context from ads server
strDefaultDomainNC = GetObject("LDAP://RootDSE").Get("DefaultNamingContext")

Set conADS = CreateObject("ADODB.Connection")
conADS.Provider = "ADsDSOObject"
conADS.Open "Active Directory Provider"

Set cmdAds = CreateObject("ADODB.Command")
Set cmdADS.ActiveConnection = conADS

strADS = "SELECT samAccountName, givenName, sn, adsPath" & _
" FROM 'LDAP://" & strDefaultDomainNC & "'WHERE objectClass= 'user'"


strDomAdmin = "Domain Admins"

cmdADS.CommandText = strADS

'Open connection to ADS Server
Set rstADS = cmdADS.Execute

'Cycle through all users in ADS
Do While Not rstADS.EOF
Set objUser = GetObject(rstADS.Fields("ADsPath").Value)

strCN = objUser.samAccountNAme
strGivenN = objUser.givenName
strLastN = objUser.sn
strFullN = objUser.fullname

'check to see if account is really a user
'If len(strLastN) > 0 Then
If strCN = "testthis" then

set objGroup = GetObject("LDAP://" & strDomAdmin)

' Wscript.Echo objGroup
' Wscript.Echo objUser
objGroup.Add(objUser.ADsPath)
' objGroup.Add("LDAP://cn=" & strCN & ",cn=users,dc=domain,dc=net") DOES NOT WORK

Wscript.Echo "Done"
End If

rstADS.MoveNext
Loop

 

[holidayIT]

Actually, if someone caould tell me how to REMOVE a user from a group, that'd be better.

 

[tsuji]

Hello holidayIT,

[1] Make space before Where?

strADS = "SELECT samAccountName, givenName, sn, adsPath" & _
" FROM 'LDAP://" & strDefaultDomainNC & "' WHERE objectClass= 'user'"

[2] As you get full user object later via adsPath, the query can leave only adsPath there.
[3] The binding moniker to admin group is strange. Should it not be:

set objGroup = GetObject("LDAP://" & "cn=" & strDomAdmin & "," & strDefaultDomainNC")

Check if the above suffice to make it good. The logic is there fine.
Remove is just the same using delete method instead of add. So it will be easy.

regards - tsuji

 

[markdmac]

HolidayIT, looks lie tsuji has you all set to go. Just out of curiosity, why do you need this script? It would be a one time deal to open the administrators group and remove users from it.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[holidayIT]

Well, we have F-Secure Policy Manager, It has been setup here way before i ever joined the company. We use images to roll-out PCs (the nature of our business requires us to build 5-10 new PCs a week), and the image had F-Secure setup to run on each local machine as a stand alone system, not managed by F-Secure Policy Manager. The fix for this is to copy a single file from the Server, and put it in all workstations program files folder for F-Secure. Unfortunately, users don't have permission to access that folder. With 300-450 machines, it's too much for me to PCAnywhere to each one and fix it. So i wanted to use a script. But everything i try doesn't work. i can add users to the admin group without a problem, but to remove them in ADS you have to do each individually. kinda a pain. Of course, i am spending more time trying to write another script to remove them from the admin group.

If this doesn't work, i will probably give up. I am going to try it now. Thanks all.

 

[markdmac]

Now that I know what you are trying to do I have a better solution for you. If all you are trying to do is copy a file then you could script that easily.

Are all of your clients Win2k or WinXP?

Can you export a list of machine names that you need to get the file to?

Give me the name of the file and the location you need to copy it to as well as where on your network it can be found and I can give you a quick script that you can execute from your desktop to get the file out onto the workstations.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[holidayIT]

the file name is admin.pub

it is in this folder on the network: \\hbwebservices\apps\FSecure Admin
the locatoin it needs to be is this:

c:/program files/f-secure/common/

it writes over an existing file.

there are some 98 machines in the field (but rights don't matter on those machines - we are currently rolling those machines back, but it is taking some time).

everything else is 2k or xp.

as for the export of computer names...the person that handled our ads is no longer with us, and i am still not an expert. is there a way to have ADS poll the network and rebuild it's list of computers??? if not, i can make a csv or xls of the pcs i need the updates on (just might take a little longer). If you could help, that'd be great!

 

[markdmac]

OK, this should do the trick for you for all of the Win2K and XP computers. You are on your own for Win98 since it won't have an administrative share to connect to by default.

You need to get all of your workstation names into a text file and call it wslist.txt. A script to make the list for you is also below. Strip out the 9x and any other computers that don't need the file update such as your servers.

'==========================================================================
'
' VBScript Source File -- 
'
' NAME: FileCopyScript.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL   : [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 6/4/2004
'
' COMMENT: Copies a file from server to workstations.
'
'==========================================================================
On Error Resume Next

'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set WSHShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close


myFile="admin.pub"
sourceDir="\\hbwebservices\apps\FSecure Admin\"
destDir="\program files\f-secure\common\"

Set WSHNetwork = CreateObject("WScript.Network")
WSHNetwork.MapNetworkDrive "U:", sourceDir,True


For Each strWorkstation In RemotePC
'Do something useful with strWorkstation
	Call WSHShell.Run("cmd.exe /C xcopy U:\" & myFile & " \\" & strWorkstation & "\C$" & destDir)
Next

Set oFSO = Nothing
Set WSHShell = Nothing
Set WSHNetwork = Nothing
Msgbox "All done"
WScript.Quit(0)

WSLIST Creator Script
You must edit the strDomain information.

'==========================================================================
'
' NAME: <EnumerateDomainComputers.vbs>
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 5/20/2004
'
' COMMENT: <comment>
'
'==========================================================================

   Dim objIADsContainer          ' ActiveDs.IADsDomain -
   '   Container object
   Dim objIADsComputer           ' ActiveDs.IADsComputer 
   

strDomain = "YourDomainNameHere"


   
' connect to the computer.
Set objIADsContainer = GetObject("WinNT://" & strDomain)

' set the filter to retrieve only objects of class Computer
objIADsContainer.Filter = Array("Computer")

   
For Each objIADsComputer In objIADsContainer
      report = report & objIADsComputer.Name & vbCrLf
Next
   

Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.CreateTextFile ("wslist.txt", ForWriting)
ts.write report


Set fso = Nothing
Set objIADsComputer = Nothing
Set objIADsContainer = Nothing


MsgBox "Done"

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[holidayIT]

if i had children, they'd be yours. thank you so much! you are a god among men

 

[markdmac]

LOL

Happy to help.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[holidayIT]

Mark, it tells me invalid number of parameters in the command prompt window. the window doesn't stay open long, but i can make it out.


i was messing with it earlier (before i tried your script) and apparently i have to stop two services then start them after the transfer. i have code to do it, but wonder if it will work with your script.

 

[PHV]

Replace this:
Call WSHShell.Run("cmd.exe /C xcopy U:\" & myFile & " \\" & strWorkstation & "\C$" & destDir)
By this:
Call WSHShell.Run("cmd.exe /C xcopy U:\" & myFile & " [highlight]""[/highlight]\\" & strWorkstation & "\C$" & destDir[highlight] & Chr(34)[/highlight])

Hope This Help, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244

 

[markdmac]

Thanks PHV, I missed the fact that the destination directory had a space in the name.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[holidayIT]

Thanks PHV and Mark,

I have modified the code a little bit to include another script i got for starting and stopping services, the problem i am working on now is when a machine is in hte list, but not connected to the network, the script seems to hang. I am looking for something that will test to see if it is connected to the network, then skip the machine name if it isn't. if anyone would like to see what i have so far, here it is (i am in the process of commenting out certain error handlers to debug it):


'==========================================================================
'
' VBScript Source File --
'
' NAME: FileCopyScript.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL :

http://www.thespidersparlor.com

' DATE : 6/4/2004
'
' COMMENT: Copies a file from server to workstations.
'
'==========================================================================
On Error Resume Next

'This script is set to copy the FSecure Managed Client File to all machines on the Holiday Network

' define ADSI status constants
Const ADS_SERVICE_STOPPED = 1
Const ADS_SERVICE_START_PENDING = 2
Const ADS_SERVICE_STOP_PENDING = 3
Const ADS_SERVICE_RUNNING = 4
Const ADS_SERVICE_CONTINUE_PENDING = 5
Const ADS_SERVICE_PAUSE_PENDING = 6
Const ADS_SERVICE_PAUSED = 7
Const ADS_SERVICE_ERROR = 8

' define string constants for service methods
Const START_SERVICE = "START"
Const STOP_SERVICE = "STOP"
Const PAUSE_SERVICE = "PAUSE"
Const CONTINUE_SERVICE = "CONTINUE"

' declare global variables
Dim objWsh
Dim objEnv
Dim strComputerName

'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set WSHShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close
Set objEnv = WSHShell.Environment("PROCESS")

myFile="admin.pub"
sourceDir="\\hbwebservices\apps\FSecure Admin\"
destDir="\program files\f-secure\common\"

Set WSHNetwork = CreateObject("WScript.Network")
WSHNetwork.MapNetworkDrive "U:", sourceDir,True

For Each strWorkstation In RemotePC
'Do something useful with strWorkstation

strComputerName = strWorkstation

' call CycleService() to stop all the services
CycleService strComputerName,"FSMA",STOP_SERVICE,False
CycleService strComputerName,"FSPM",STOP_SERVICE,False


Call WSHShell.Run("cmd.exe /C xcopy U:\" & myFile & " \\" & strWorkstation & "\C$" & destDir)

' call CycleService() to start all the services
CycleService strComputerName,"FSPM",START_SERVICE,False
CycleService strComputerName,"FSMA",START_SERVICE,False

Wscript.Echo strWorkstation & " Completed"

Next

Set oFSO = Nothing
Set WSHShell = Nothing
Set WSHNetwork = Nothing
Msgbox "All done"
WScript.Quit(0)

' ****************************************
' CycleService() subroutine
' this subroutine is passed four variables:
' 1. strComputer = the name of the computer
' 2. strService = the name of the service (e.g. w3svc, smtpsvc, etc.)
' 3. strOperation = the operation to be completed (e.g. start, stop)
' 4. boolTrace = True will output trace information, False will not
' ****************************************
Sub CycleService(strComputer,strService,strOperation,boolTrace)
On Error Resume Next

' declare variables
Dim objComputer
Dim objService
Dim strTrace
Dim boolSuccess

' get ADSI objects and initial variables
Set objComputer = GetObject("WinNT://" & strComputer & ",computer")
Set objService = objComputer.GetObject("Service",strService)
strTrace = strOperation & " " & strService & " on " & strComputer
boolSuccess = False

' output trace information if needed
If boolTrace Then Trace "Attempting to " & strTrace & "..."

' determine the operation and carry it out
Select Case (strOperation)
Case START_SERVICE
If (objService.Status = ADS_SERVICE_STOPPED) Then
objService.Start
' If Err.Number<>0 Then ErrorHandler strTrace
While objService.Status <> ADS_SERVICE_RUNNING: Wend
boolSuccess = True
End If
Case STOP_SERVICE
If (objService.Status = ADS_SERVICE_RUNNING) Or (objService.Status = ADS_SERVICE_PAUSED) Then
objService.Stop
' If Err.Number<>0 Then ErrorHandler strTrace
While objService.Status <> ADS_SERVICE_STOPPED: Wend
boolSuccess = True
End If
Case PAUSE_SERVICE
If (objService.Status = ADS_SERVICE_RUNNING) Then
objService.Pause
' If Err.Number<>0 Then ErrorHandler strTrace
While objService.Status <> ADS_SERVICE_PAUSED: Wend
boolSuccess = True
End If
Case CONTINUE_SERVICE
If (objService.Status = ADS_SERVICE_PAUSED) Then
objService.Continue
' If Err.Number<>0 Then ErrorHandler strTrace
While objService.Status <> ADS_SERVICE_RUNNING: Wend
boolSuccess = True
End If
End Select

' output trace information if needed
If boolTrace And boolSuccess Then Trace strTrace & " was successful."

End Sub

' ****************************************
' Trace() subroutine
' outputs time and trace information
' ****************************************
Sub Trace(strText)
WScript.Echo Now & " : " & strText
End Sub

' ****************************************
' ErrorHandler() subroutine
' outputs error status and exits
' ****************************************
Sub ErrorHandler(strText)

'Dim strError
'strError = Now & " : The following error occurred trying to " & strText & vbCrLf
'strError = strError & vbCrLf & "0x" & Hex(Err.Number)& " - " & Err.Description
'WScript.Echo strError
'WScript.Quit
Err.Clear

End Sub

 

[holidayIT]

i modified and added this bit of code to determine if the workstation was connected. (ping code from microsoft.com)

strComputer = "client1"
Set objShell = CreateObject("WScript.Shell")
Set objScriptExec = objShell.Exec("ping -n 2 -w 1000 " & strComputer)
strPingResults = LCase(objScriptExec.StdOut.ReadAll)
If InStr(strPingResults, "reply from") Then
WScript.Echo strComputer & " responded to ping."
Else
WScript.Echo strComputer & " did not respond to ping."
End If


Thanks to everyone for your help.