drop-down security groups from OU and add/remove user to the chosen group - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » drop-down security groups from OU and add/remove user to the chosen group

Page 1 of 1

Topic Options

#199064 - 2010-07-22 04:04 AM drop-down security groups from OU and add/remove user to the chosen group
jvd626 jvd626 Fresh Scripter Registered: 2010-07-22 Posts: 6 Loc: Springfield, VA	Hello Kix Scripters, I have been searching through the forum of a script that will do the following: Have a box with a drop down list of security groups queried from an OU then type a user in an input box to be added/removed (using checkboxes) to the group chosen from the drop down. I'm thinking of using kixforms but not sure which one is easier. I'll try to use ldap query to OU for a list of groups in that OU then use an input box for the username. Maybe use groupadd() and groupremove() in combination of inputbox and drop down list query. Any help would be appreciated. Thank you Edited by jvd626 (2010-07-22 04:15 AM)
Top

#199066 - 2010-07-22 09:08 AM Re: drop-down security groups from OU and add/remove user to the chosen group [Re: jvd626]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	If you want to do form processing you will need both KiXtart and KiXforms. KiXtart provides the script interpreter that executes your code and KiXforms provides an API that allows KiXtart to manage forms and a few other very useful functions. KiXforms has a small overhead in that the DLL which provides the API must be copied to each machine that will use it and then registered. For support tasks like the one you are talking about this is rarely a problem, and is certainly much easier than the alternatives for providing form handling. If you are new to scripting you should break down the requirement into small parts and get each of them working - start with the LDAP query, then get the add/remove group code working with a fixed group name. The forms/GUI part you will do right at the end when you have everything. Start small and post when you get stuck. Don't worry if the script is mangled, ugly and completely non-functional. You can post here or on the KiXforms board for KiXtart help queries, but you're better posting to the KiXforms board for KiXforms queries.
Top

#199788 - 2010-09-09 12:36 AM Re: drop-down security groups from OU and add/remove user to the chosen group [Re: Richard H.]
jvd626 jvd626 Fresh Scripter Registered: 2010-07-22 Posts: 6 Loc: Springfield, VA	Thanks Richard, I have been working on the code base using kixforms. I'm thinking of using dsquery and dsmod for adding and removing users to the groups using a checkbox of some sort and hitting apply. Is there an alternate to using the \| pipe command in kixtart? I seem to be having a problem. I'm going to try to incorporate this: Code: dsquery user OU=Marketing,DC=Contoso,DC=Com -samid test.user \| dsmod group "CN=Marketing Staff,OU=Marketing,DC=Contoso,DC=Com" -addmbr Edited by jvd626 (2010-09-09 12:37 AM)
Top

#199789 - 2010-09-09 01:40 AM Re: drop-down security groups from OU and add/remove user to the chosen group [Re: jvd626]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	The ADSIUserInfo() UDF can get or set user attributes directly from kix without calling an external process. AdGroupMember() can add, remove, or modify a group or membership. Both should be posted here on KORG, but the latest are available from the Resources / Kix Library section of my web site. Both were developed and used extensively to sync AD data from an external HR database. The best way for getting output from an external command into Kix is the WSHPipe UDF. Chris S posted the original here, and I have a modified version on my web site that returns a 2-dimensional array of arrays. This is done to separate STDOUT from STDERR, with one line per inner array. Chris' version combined all of the output into a single large string, which I found difficult to deal with, especially when I wanted just output or error text. Either way, the output is delivered directly to a Kix variable. Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#199796 - 2010-09-09 10:28 PM Re: drop-down security groups from OU and add/remove user to the chosen group [Re: Glenn Barnas]
jvd626 jvd626 Fresh Scripter Registered: 2010-07-22 Posts: 6 Loc: Springfield, VA	Hello Glenn, thank you for your input. This will definitely come helpful. Does the ADSIUSRinfo() and ADGroupMember require the full CN format? if so do I need to use fnldapquery() or run this: Code: dsquery user domainroot -name "last, first" or use fnldapquery like this: Code: $aAttributes = "adspath" ; "Name", "AdsPath", "member" $sADsPath = "LDAP://"+GetObject("LDAP://RootDSE").Get("defaultNamingContext") $strFilter = "(&(objectClass=user)(cn=))" $aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter) For $c = 0 to Ubound($aResults) $x = TRIM(SUBSTR($aResults[$c,$r], 8, 20000)) ? $x Next Edited by jvd626 (2010-09-09 11:04 PM)*
Top

#199804 - 2010-09-10 03:32 PM Re: drop-down security groups from OU and add/remove user to the chosen group [Re: jvd626]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	Looking back at my code, I use the LDAPQuery() UDF. This is basically the fnLDAPQuery() UDF but updated to our internal coding standards. (mostly comments and standardized var names.) Here are some snippets from the app: Code: ; return the DN for the specified user $sADsPath = 'LDAP://' + GetObject("LDAP://rootDSE").Get("defaultNamingContext") $sFilter = '(&(objectClass=User)(userPrincipalName=' + $aData[8] + '@))' $aResults = LDAPQuery('AdsPath', $sADsPath, $sFilter) If Ubound($aResults) + Ubound($aResults, 2) > 0 Left('ERROR: Multiple elements returned from query for user ' + $aData[8] + '!' + ' ============================================================================', 70) ? Else 'Updating ' $aData[8] ? For Each $Field in $aSourceFields $ = ADSIUserInfo(SubStr($aResults[0,0], 8), $aFields[$Field], $aData[$Field]) Next EndIf Note that "$aData[8]" represents the variable containing the user ID - change it accordingly. I've included some of the error trapping as well. I've also removed some code that clouds the concept - the important thing to recognize is how the data from $aResults is used in the ADSIUserInfo UDF. The original script had an array of AD field names ($aFields) that mapped to the data exported from the HR system. Each record in the HR system was read into an array ($aData) which the ADSIUserInfo UDF used to update the parameter. That should help you understand what's going on in this code so you can extract what you need for your own. One of the tricky things is remembering that fnLDAPQuery returns an array, and the "LDAP://" prefix must be stripped before using the results in ADSIUserInfo. Glenn _________________________ Actually* I am a Rocket Scientist! $\:D$
Top

#199815 - 2010-09-10 11:48 PM

Re: drop-down security groups from OU and add/remove user to the chosen group [Re: Glenn Barnas]

jvd626 Offline

Fresh Scripter

Registered: 2010-07-22
Posts: 6
Loc: Springfield, VA

Glenn, I'm getting an error code of '0' zero which means its not working. I should be getting an error of '1' correct? Check the code below and see if there is an error here:

Code:

$userinfo = 'testuser'
 $aAttributes = "adspath" ; "Name", "AdsPath", "member"
 $sADsPath = "LDAP://"+GetObject("LDAP://RootDSE").Get("defaultNamingContext")
 $strFilter = "(&(objectClass=user)(cn=*$userinfo*))"
 $aResults = fnLDAPQuery($aAttributes,$sADsPath,$strFilter)

 For $c = 0 to Ubound($aResults) 
		$x = TRIM(SUBSTR($aResults[$c,$r], 8, 20000))
	$GroupDN = 'CN=SecurityGroup,OU=Admins,DC=test,DC=com'
	 AdGroupMember('ADD', $GroupDN, $x)
 Next

Top

#199820 - 2010-09-12 03:04 PM Re: drop-down security groups from OU and add/remove user to the chosen group [Re: jvd626]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	OK - some issues that I see.. For your requirement, the sASsPath should be empty - try this snippet: Code: $userinfo = 'testuser' $aAttributes = 'AdsPath' $sADsPath = '' $sFilter = '(&(objectClass=user)(userPrincipalName=' + $userinfo + '))' $aResults = LDAPQuery($aAttributes, $sADsPath, $sFilter) UBound($aResults) ' / ' UBound($aResults,2) @CRLF If UBound($aResults) >= 0 $aResults[0, 0] ? EndIf In the second part of your code, I'm not sure why you specify 20000 (I have a good guess), but it's not necessary. The entire substring process isn't necessary because the ADsPath is now empty - the "LDAP://" no longer needs to be trimmed. I should have read more of my original source before posting that example. Anyway - the other issue is that LDAPquery returns a 2-dimensaional array, which you aren't really processing. You're getting results by accident, actually. Think of it like this - if you search for TestUser and have TestUser, TestUser1, and TestUser2, all 3 will be returned. Thus, the returning array will contain TestUser:attribute... TestUSer1:attributes... etc.. That is why $aResults[$C, $R] is there - it is referencing the 2 dimension array. I'm not sure where you got $R and $C from, but you aren't controlling them. If you're sure that there is only one ID being retuned, just use [0, 0] as in my example. Glenn _________________________ Actually* I am a Rocket Scientist! $\:D$
Top

#199835 - 2010-09-13 09:22 PM Re: drop-down security groups from OU and add/remove user to the chosen group [Re: Glenn Barnas]
jvd626 jvd626 Fresh Scripter Registered: 2010-07-22 Posts: 6 Loc: Springfield, VA	How about the AdGroupmember() integration? I tried adding this parameter and the adgroupmember() udf and came back with no result: $GroupDN = 'CN=SecurityGroup,OU=Admins,DC=test,DC=com' AdGroupMember('ADD', $GroupDN, $aResults[0, 0])
Top

Page 1 of 1

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org