Article ID: 232241 - Last Review: February 22, 2007 - Revision: 3.2

Group Management with ADSI in Windows 2000

View products that this article applies to.
This article was previously published under Q232241

On This Page

Expand all | Collapse all

SUMMARY

The Active Directory Services Interface tool (ADSI) provides a single consistent set of interfaces that can be called in scripts using Microsoft Windows Script Host (WSH), or other scripting languages (VBScript and JScript are supported natively).

This article demonstrates how an administrator can use ADSI to script the creation, deletion, and management of groups and group membership within Active Directory.
Back to the top

MORE INFORMATION

The following sample scripts are provided for demonstration purposes only.

NOTE: These scripts require the appropriate security context to operate. They must be run from a session in which the logged-on user has permission to create a group object, delete a group object, and add or remove members from groups.
Back to the top

Creating a Group

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' CREATEGROUP.VBS
''
'' Creates the specified group in the specified container
''
'' usage: CreateGroup PROVIDER: CONTAINERSUFFIX GROUPNAME ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo msg
    fsOut.WriteLine msg

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szContainer
Dim szGroupName
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
Dim lngError

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: CreateGroup <Provider:> <ContainerSuffix> <GroupName> <Admin> <Password> <logfile>"
        '"For example, CreateGroup  LDAP:  O=VBS_Org,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP  CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  \"\" creatgrp.log"
    Else
        szProvider = oArgs(0)
        szContainer = oArgs(0) + "//" + oArgs(1)
        szGroupName = oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        'Stop

        If (szProvider = "WinNT:") Then
            Set oObject = GetObject(szContainer)
        Else
            Set oOpenDSObject = GetObject(szProvider)
            Set oObject = oOpenDSObject.OpenDSObject(szContainer, szAdmin, szPassword, 1)
        End If

        Select Case (szProvider)
            Case "LDAP:"
                'LogMessage fsOut, "Creating group CN=" & szGroupName & " in Container " & szContainer
                Set oGroup = oObject.Create("group", "CN="+szGroupName)
                oGroup.sAMAccountName = szGroupName

            Case "NDS:"
                'LogMessage fsOut, "Creating group CN=" & szGroupName & " in Container " & szContainer
                Set oGroup = oObject.Create("group", "CN="+szGroupName)

            Case "NWCOMPAT:"

            Case "WinNT:"
                'LogMessage fsOut, "Creating group " & szGroupName & " in Container " & szContainer
                Set oGroup = oObject.Create("globalGroup", szGroupName)

        End Select

        lngError = Err.Number
	Err.Clear

        If (lngError <> 0) Then
            LogMessage fsOut, "Error 0x" + CStr(Hex(lngError)) + " occurred invoking Create()"
        Else
            oGroup.SetInfo
            lngError = Err.Number
            Err.Clear

            If (lngError <> 0) Then
                LogMessage fsOut, "Error 0x" + CStr(Hex(lngError)) + " occurred invoking SetInfo()"
            End If
        End If


        If (lngError = 0) Then
            LogMessage fsOut, "CreateGroup: PASS"
        Else
            LogMessage fsOut, "CreateGroup: FAIL  Error 0x" & Hex(lngError)
            LogMessage fsOut, "   Provider = " & szProvider
            LogMessage fsOut, "   Container = " & szContainer
            LogMessage fsOut, "   GroupName = " & szGroupName
            LogMessage fsOut, "   Admin = " & szAdmin
            LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)
        End If

        fsOut.Close
	WScript.Quit(lngError)

    End If
Back to the top

Deleting a Group

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' DELETEGROUP.VBS
''
'' Deletes the specified group in the specified container
''
'' usage: deleteGroup PROVIDER: CONTAINERSUFFIX GROUPNAME ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo(msg)
    fsOut.WriteLine(msg)

End Sub


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szContainer
Dim szGroupName
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut
Dim lngError

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: DeleteGroup <Provider:> <ContainerSuffix> <GROUPName> <Admin> <Password> <logfile>"
        '"For example, DeleteGroup  LDAP:  O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP  CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  \"\" delgroup.log"
    Else
        szProvider = oArgs(0)
        szContainer = oArgs(0) + "//" + oArgs(1)
        szGroupName = oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        Set oOpenDsObject = GetObject(szProvider)
        Set oObject = oOpenDsObject.OpenDSObject(szContainer, szAdmin, szPassword, 1)

        Select Case (szProvider)
            Case "LDAP:"
                'LogMessage fsOut,  "Deleting Group CN=" & szGroupName & " from Container " & szContainer
                oObject.Delete "group", "CN=" + szGroupName

            Case "NDS:"
                'LogMessage fsOut,  "Deleting Group CN=" & szGroupName & " from Container " & szContainer
                oObject.Delete "group", "CN=" + szGroupName

            Case "NWCOMPAT:"

            Case "WinNT:"

        End Select

        lngError = Err.Number
        Err.Clear

        If (lngError = 0) Then
            LogMessage fsOut,  "DeleteGroup: PASS"
        Else
            LogMessage fsOut, "DeleteGroup: FAIL  Error 0x" & Hex(lngError)
            LogMessage fsOut, "   Provider = " & szProvider
            LogMessage fsOut, "   Container = " & szContainer
            LogMessage fsOut, "   GroupName = " & szGroupName
            LogMessage fsOut, "   Admin = " & szAdmin
            LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)
        End If

        fsOut.Close
	WScript.Quit(lngError)

    End If
Back to the top

Adding a User to a Group

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' GROUPUSERADD.VBS
''
'' Adds the specified user to the specified group
''
'' usage: CreateGroup PROVIDER: GROUPSUFFIX USERSUFFIX ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo msg
    fsOut.WriteLine msg

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub BailOnFailure() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub BailOnFailure(fsOut, ErrNum, ErrText)


    LogMessage fsOut, "GroupUserAdd: FAIL  Error 0x" & Hex(ErrNum) & " " & ErrText
    LogMessage fsOut, "   Provider = " & szProvider
    LogMessage fsOut, "   Group    = " & szGroupPath
    LogMessage fsOut, "   User     = " & szUserPath
    LogMessage fsOut, "   Admin    = " & szAdmin
    LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)

    fsOut.Close
    WScript.Quit

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szGroupPath
Dim szUserPath
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: GroupUserAdd <Provider:> <GroupSuffix> <UserSuffix> <Admin> <Password> <logfile>"
        '"For example, GroupUserAdd  LDAP:  CN=VBS_GROUP,OU=VBS_ORGUNIT,O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM   CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  " + Chr$(34) + Chr$(34) + " grpusrad.log"
    Else
        szProvider = oArgs(0)
        szGroupPath = oArgs(0) + "//" + oArgs(1)
        szUserPath = oArgs(0) + "//" + oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        Set oOpenDSObject = GetObject(szProvider)
        Set oGroup = oOpenDSObject.OpenDSObject(szGroupPath, szAdmin, szPassword, 1)

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "binding to group object"
        End If

        'Stop

        oGroup.Add szUserPath

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "invoking Add() method"
        End If

        LogMessage fsOut, "GroupUserAdd: PASS"
        fsOut.Close
	WScript.Quit(Err.Number)

    End If
Back to the top

Deleting a User from a Group

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' GROUPUSERemove.VBS
''
''Remove the specified user from the specified group
''
'' usage: CreateGroup PROVIDER: GROUPSUFFIX USERSUFFIX ADMIN PASSWORD LOGFILE
''
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Option Explicit

Public Const ForReading = 1
Public Const ForWriting = 2
Public Const ForAppending = 8

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub LogMessage() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub LogMessage(fsOut, Msg)


    WScript.Echo msg
    fsOut.WriteLine msg

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' Sub BailOnFailure() - writes a message to the screen and logfile
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub BailOnFailure(fsOut, ErrNum, ErrText)


    LogMessage fsOut, "GroupUserRemove: FAIL  Error 0x" & Hex(ErrNum) & " " & ErrText
    LogMessage fsOut, "   Provider = " & szProvider
    LogMessage fsOut, "   Group    = " & szGroupPath
    LogMessage fsOut, "   User     = " & szUserPath
    LogMessage fsOut, "   Admin = " & szAdmin
    LogMessage fsOut, "   Password = " + Chr(34) + szPassword + Chr(34)

    fsOut.Close
    WScript.Quit

End Sub

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'' main()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim oArgs
Dim oOpenDsObject
Dim oObject
Dim oGroup
Dim szProvider
Dim szGroupPath
Dim szUserPath
Dim szAdmin
Dim szPassword
Dim szLogFile
Dim fs
Dim fsOut

    On Error Resume Next

    'Stop

    Set oArgs = WScript.Arguments
    If (oArgs.Count <> 6) Then
        WScript.Echo "usage: GroupUserAdd <Provider:> <GroupSuffix> <UserSuffix> <Admin> <Password> <logfile>"
        '"For example, GroupUserAdd  LDAP:  CN=VBS_GROUP,OU=VBS_ORGUNIT,O=VBS_ORG,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM ADSGROUP  CN=Administrator,CN=Users,DC=NW01T1DOM,DC=NTDEV,DC=MICROSOFT,DC=COM  " + Chr$(34) + Chr$(34) + " grpusrad.log"
    Else
        szProvider = oArgs(0)
        szGroupPath = oArgs(0) + "//" + oArgs(1)
        szUserPath = oArgs(0) + "//" + oArgs(2)
        szAdmin = oArgs(3)
        szPassword = oArgs(4)
        szLogfile = oArgs(5)

        Set fs = CreateObject("Scripting.FileSystemObject")
        Set fsOut = fs.OpenTextFile(szLogFile, ForAppending, True)

        Set oOpenDSObject = GetObject(szProvider)
        Set oGroup = oOpenDSObject.OpenDSObject(szGroupPath, szAdmin, szPassword, 1)

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "binding to group object"
        End If

        'Stop

        oGroup.Remove szUserPath

        If (Err.Number <> 0) Then
            BailOnFailure fsOut, Err.Number, "invoking Remove() method"
        End If

        LogMessage fsOut, "GroupUserRemove: PASS"
        fsOut.Close
	WScript.Quit(Err.Number)

    End If
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Datacenter Server
Back to the top
Keywords: 
kbinfo KB232241
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations