| Gargoyle |
| (MM club member) |
| 2008-06-18 06:17 PM |
|
Add Users to Groups Via LDAP provider
|
I have tried several variants on this and can't seem to find the exact syntax needed. I continually get error -2147352567 for both @error printouts. $User is passed earlier in the code I know that it is getting translated correctly.
Using KiX 4.60
Windows Server 2003 SP2
KiXForms .Net
Version 1
Code:
$WS = GetObject("LDAP://CN=UPM_Test,OU=Login Script,OU=!Development,DC=MyDomain,DC=SubDomain,DC=SubDomain2,DC=TopLevel")
$Nul = TranslateName(3,"",3,@domain+"\"+$User,1)[0]
$WS.add ($nul.ADsPath)
@ERROR + @SERROR + @CRLF
$WS.Setinfo
@ERROR + @SERROR
Version 2
Code:
$WS = GetObject("LDAP://CN=UPM_Test,OU=Login Script,OU=!Development,DC=MyDomain,DC=subdomain,DC=subdomain2,DC=toplevel")
$Nul = TranslateName(3,"",3,@domain+"\"+$User,1)[0]
$WS.PutEx (3,"member",$Nul)
$WS.Setinfo
| Kdyer |
| (KiX Supporter) |
| 2008-06-18 11:18 PM |
|
|
Re: Add Users to Groups Via LDAP provider
|
I think I remember seeing a post or two from Shawn saying that there are COM issuses with 4.60.. Can you try 4.53?
Thanks,
Kent
Allen
|
| (KiX Supporter) |
| 2008-06-18 11:47 PM |
|
Re: Add Users to Groups Via LDAP provider
|
I've not done this so this may be off base, but doesn't the group and the user have to be an object? Maybe this will work?
Code:
$WS = GetObject("LDAP://CN=UPM_Test,OU=Login Script,OU=!Development,DC=MyDomain,DC=SubDomain,DC=SubDomain2,DC=TopLevel")
$User =Getobject(TranslateName(3,"",3,@domain+"\"+$User,1)[0])
$WS.add ($User.ADsPath)
@ERROR + @SERROR + @CRLF
$WS.Setinfo
@ERROR + @SERROR
I don't know what Translatename returns, so its possible you will need something like $User=getobject("LDAP://" + TranslateName... )
|
NTDOC
|
| (KiX Master) |
| 2008-06-19 12:38 AM |
|
|
Re: Add Users to Groups Via LDAP provider
|
Not sure that you need translate name do you?
Here is the Microsoft VB rendition of it. I went and looked and I don't currently have any KiX code for it either. I've always used the WinNT for most user/group management.
Code:
Set objOU = GetObject("LDAP://OU=Management,dc=fabrikam,dc=com")
Set objGroup = objOU.Create("Group", "cn=atl-users")
objGroup.Put "sAMAccountName", "atl-users"
objGroup.SetInfo
objGroup.Add objUser.ADSPath
|
NTDOC
|
| (KiX Master) |
| 2008-06-19 12:44 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Or perhaps this link
Add a User to Two Security Groups
| Gargoyle |
| (MM club member) |
| 2008-06-19 01:19 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
@ Doc,
As to the link you provided, that is what I started with, and what lead to the second version. However if you could give me an example with WinNT I am open to using it as well, just everything that I found had to do with LDAP.
@ Allen / Kyder - I will try those solutions and see what happens. I will update probably tomorrow.
| Gargoyle |
| (MM club member) |
| 2008-06-19 02:20 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
4.53 Did not make a diffence. Declaring both as Objects worked for the ADD, but what is the command for delete.
WS.ADD - This worked as expected
WS.Delete - Not so well same error as before. I am sure it is just me.
|
Allen
|
| (KiX Supporter) |
| 2008-06-19 02:43 AM |
|
Re: Add Users to Groups Via LDAP provider
|
See
How Can I Remove Group Members Whose User Accounts Reside in a Specific OU?
http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan08/hey0102.mspx
Below is probably the important part... just not sure how the user/array part would go without some testing
Code:
$ADS_PROPERTY_DELETE=4 $objGroup.PutEx $ADS_PROPERTY_DELETE, "member", array(strUser) $objGroup.SetInfo
| Gargoyle |
| (MM club member) |
| 2008-06-19 04:01 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Allen as you can tell I tried that with Version 2 of my code (exchange the 3 and 4) I got the syntax from other examples I found here.
Who knows....
|
NTDOC
|
| (KiX Master) |
| 2008-06-19 11:04 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Can't promise, but if I get some time tomorrow I'll try and see if I can get it to work Garg.
|
Allen
|
| (KiX Supporter) |
| 2008-06-19 02:38 PM |
|
Re: Add Users to Groups Via LDAP provider
|
Garg, so what did the final "add" code look like?
| Gargoyle |
| (MM club member) |
| 2008-06-19 04:32 PM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Here is the entire snippet
Code:
If $Checks[2] = -1
;VPN ADD
$Nul = WriteLine($FH,"Function Requested = VPN ADD"+@CRLF)
UpdateProgress(25)
$Label3.Text = "Adding VPN - Telecommute to user "+$User
$WS = GetObject("LDAP://CN=UPM_Test,OU=Login Script,OU=!Development,DC=Fabrikom,DC=Microsoft,DC=Com")
$Usr = GetObject("LDAP://"+ TranslateName(3,"",3,@domain+"\"+$User,1)[0])
$WS.add ($Usr.ADsPath)
$WS.Setinfo
If @Error = 0
$Nul = WriteLine($FH,"Added user "+$user+" to TermTelecom "+@Date+"-"+@Time+@CRLF)
Else
$Label3.Text = "Add User failed, please open a ticket!"
EndIf
ClearForm()
EndIf
Just have to get the delete to work now.
|
Allen
|
| (KiX Supporter) |
| 2008-06-20 05:49 PM |
|
Re: Add Users to Groups Via LDAP provider
|
I havent tried the following code, but based on the examples from MS
Code:
dim $usr[0]
$WS = GetObject("LDAP://CN=UPM_Test,OU=Login Script,OU=!Development,DC=MyDomain,DC=subdomain,DC=subdomain2,DC=toplevel")
$usr[0] = TranslateName(3,"",3,@domain+"\"+$User,1)[0]
$WS.PutEx (4,"member",$usr)
$WS.Setinfo
| Gargoyle |
| (MM club member) |
| 2008-06-21 08:23 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Thanks Allen, I will look into this on Monday.
|
Allen
|
| (KiX Supporter) |
| 2008-06-25 07:26 AM |
|
Re: Add Users to Groups Via LDAP provider
|
Hey Garg, I just finished working on a couple of UDFs and I'm pretty sure the code I posted previously was wrong on the split. So... I updated my code above to what I think will work. Let me know.
| Gargoyle |
| (MM club member) |
| 2008-06-25 08:00 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Thanks Allen, haven't had a chance to get back to this as of yet. So many projects, so little people to work on them.
| Gargoyle |
| (MM club member) |
| 2008-06-26 04:39 PM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Allen,
I am very happy to report that did the trick. So the big change was to convert the $usr to an Array? I appreciate all the help. Now on to more added features for this.
|
Allen
|
| (KiX Supporter) |
| 2008-06-26 06:11 PM |
|
Re: Add Users to Groups Via LDAP provider
|
Cool... I learned quite a bit about LDAP between your's and Mart's requests this week. Thanks.
| Gargoyle |
| (MM club member) |
| 2008-06-27 04:08 AM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
When I get done with this script I am going to attempt the clean up / sanitization of it and will post it here for those that want to play with some of the same features.
Once I have the GUI flushed out I will post it so everone gets the idea of what I have done as well. But it is a ways off as it is project 12 of 32 that I am assigned to right now.
| Arend_ |
| (MM club member) |
| 2008-06-27 01:52 PM |
|
|
Re: Add Users to Groups Via LDAP provider
|
I know I am late to react but this I used for the longest time and always works (2000,2003 and even in 2008)
Code:
$WS = GetObject("LDAP://CN=UPM_Test,OU=Login Script,OU=!Development,DC=MyDomain,DC=SubDomain,DC=SubDomain2,DC=TopLevel")
$Nul = TranslateName(3,"",3,@domain+"\"+$User,1)
$Nul = GetObject("LDAP://"+$Nul[0])
$WS.Add($nul.ADsPath)
@ERROR + @SERROR + @CRLF
$WS.Setinfo
@ERROR + @SERROR
| Gargoyle |
| (MM club member) |
| 2008-06-27 02:06 PM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Apronk, that is basically the code that I used for ADDING, and the stuff that Allen helped devolop was to DELETE (that was a bit trickier). I will convert my code to an UDF and post it in the future.
| Arend_ |
| (MM club member) |
| 2008-06-27 03:51 PM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
What is trickier ? replace .Add with .Remove
| Gargoyle |
| (MM club member) |
| 2008-06-27 04:50 PM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
Ah see there is the issue, I did not know what the method was, I tried .Delete and few other variants of that, but not .Remove When searching the MS site, I did not find anything other than the use of putex.
| Arend_ |
| (MM club member) |
| 2008-06-27 04:55 PM |
|
|
|
Re: Add Users to Groups Via LDAP provider
|
PutEx in LDAP scripting is basically by rule of thumb (not neccesarily true) only used when you the the value "nothing". For instance remove a description, can only be done by PutEx.