Re: Script to populate Distribution list

From: Brian B (BrianB_at_discussions.microsoft.com)
Date: 11/20/04

Next message: Ragnar Heil: "Re: DateFormat - String Manipulating"
Previous message: Richard Mueller [MVP]: "Re: Script to populate Distribution list"
In reply to: Richard Mueller [MVP]: "Re: Script to populate Distribution list"
Messages sorted by: [ date ] [ thread ]

Date: Sat, 20 Nov 2004 10:09:02 -0800

Richard everything is working great, but i noticed that i have some users
that list several diffrent zip codes for the same location is there a way to
have this script search for multiple zip codes ?

"Richard Mueller [MVP]" wrote:

> Hi,
>
> The group object has a Remove method. Your "Do Until" loop could look
> similar to:
>
> ' Enumerate the recordset.
> Do Until objRecordSet.EOF
> ' For each user, retrieve DN and zip.
> strDN = objRecordSet.Fields("distinguishedName").Value
> strOffice = objRecordset.Fields("postalCode").Value
> ' Check if zip is "08520" (case insensitive).
> If (UCase(strOffice) = "08520") Then
> ' This user should be member of group.
> ' Check if user already a member of the group.
> If Not objGroup.IsMember("LDAP://" & strDN) Then
> ' User not a member. Add the user to the group.
> objGroup.Add("LDAP://" & strDN)
> Wscript.Echo "User added to group: " & strDN
> End If
> Else
> ' This user should not be member of group.
> ' Check if user already a member of the group.
> If objGroup.IsMember("LDAP://" & strDN) Then
> ' User is a member. Remove the user from the group.
> objGroup.Remove("LDAP://" & strDN)
> Wscript.Echo "User removed from group: " & strDN
> End If
> End If
> ' Go to the next record in the recordset.
> objRecordSet.MoveNext
> Loop
>
> If the value of postalCode is not 08520, and the user is a member of the
> group, the user is removed from the group.
>
> You may notice that I no longer bind to the user object. Usually I like to
> bind to the user, just to ensure that I have the correct Distinguished Name,
> and to be sure the object exists. That isn't necessary here. If I left the
> bind statement in, then the code would have to bind to every user in the
> domain, even if no changes were made. This would slow the script
> considerably (binding to remote objects, such as users in Active Directory,
> is one of the slowest steps in a script). Both the Add and the Remove
> methods require the AdsPath of the user. The AdsPath is simply the
> Distinguished Name, with the provider moniker "LDAP://" appended. Usually
> the safest way to get the AdsPath is to use the AdsPath property method of
> the object. However, I think it is better in this case to construct the
> AdsPath from the distinguishedName.
>
> I used Wscript.Echo to echo progress statements to the screen. This assumes
> that the script is run from a command prompt with the Cscript host. The
> output can be redirected to a text file. For example, if the VBScript
> program is in a file called UpdateGroup.vbs, the output can be redirected to
> a file called output.txt with the following statement (at a command prompt):
>
> cscript //nologo UpdateGroup.vbs > output.txt
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> HilltopLab web site - http://www.rlmueller.net
> --
>
>
> "Brian B" <BrianB@discussions.microsoft.com> wrote in message
> news:DEBC6E6B-9E14-4260-8374-5F9A12E6F57D@microsoft.com...
> > Thank you very much Richard it works great
> >
> > I modified the attributes, and got it to work, i would like to add some
> more
> > to it though. How can we change this so that it will remove the user from
> the
> > group when the attribute no longer matches the criteria specified in the
> > script.
> >
> > Below is what i got working i changed the script to search for postalCode.
> >
> > What i want to do is if the users postalCode changes then remove them from
> > the group. Also i would like to echo the additions and removals if
> posible.
> >
> > Your help has been excelent thank you very much.
> >
> > ~BB
> >
> >
> > ' Specify DN of distribution group.
> > strGroupDN = "cn=IMS_Hightstown,ou=Distribution
> > Groups,ou=Groups,ou=IMS,ou=Business Units,dc=ims,dc=mhm,dc=mhc"
> >
> > ' Bind to the group object.
> > Set objGroup = GetObject("LDAP://" & strGroupDN)
> >
> > ' Determine DNS domain name
> > Set objRootDSE = GetObject("LDAP://RootDSE")
> > strDNSDomain = objRootDSE.Get("defaultNamingContext")
> >
> > ' Use ADO to search Active Directory.
> > Set objCommand = CreateObject("ADODB.Command")
> > Set objConnection = CreateObject("ADODB.Connection")
> > objConnection.Provider = "ADsDSOObject"
> > objConnection.Open "Active Directory Provider"
> > objCommand.ActiveConnection = objConnection
> >
> > ' Search the entire domain.
> > strBase = "<LDAP://" & strDNSDomain & ">"
> >
> > ' Filter to retrieve only user objects.
> > strFilter = "(&(objectCategory=person)(objectClass=user))"
> >
> > ' Retrieve the distinguishedName and zip attributes.
> > strAttributes = "distinguishedName,postalCode"
> >
> > ' Construct the LDAP query.
> > strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
> >
> > objCommand.CommandText = strQuery
> > objCommand.Properties("Page Size") = 100
> > objCommand.Properties("Timeout") = 30
> > objCommand.Properties("Cache Results") = False
> > Set objRecordSet = objCommand.Execute
> >
> > ' Enumerate the recordset.
> > Do Until objRecordSet.EOF
> > ' For each user, retrieve DN and zip.
> > strDN = objRecordSet.Fields("distinguishedName").Value
> > strOffice = objRecordset.Fields("postalCode").Value
> > ' Check if zip is "08520" (case insensitive).
> > If (UCase(strOffice) = "08520") Then
> > ' This user should be member of OfficeA group. Bind to user object.
> > Set objUser = GetObject("LDAP://" & strDN)
> > ' Check if user already a member of the group.
> > If Not objGroup.IsMember(objUser.AdsPath) Then
> > ' User not a member. Add the user to the group.
> > objGroup.Add(objUser.AdsPath)
> > End If
> > End If
> > ' Go to the next record in the recordset.
> > objRecordSet.MoveNext
> > Loop
> >
> >
>
>
>

Next message: Ragnar Heil: "Re: DateFormat - String Manipulating"
Previous message: Richard Mueller [MVP]: "Re: Script to populate Distribution list"
In reply to: Richard Mueller [MVP]: "Re: Script to populate Distribution list"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: active directory question
... Thank you for the time you took to review this script. ... Later you seem to use ADO to find the trustee. ... The only attribute you need retrieve is "member". ...
(microsoft.public.scripting.vbscript)
Re: Error using LDAP query
... I know you said this line is failing: ... CreateObject) failed to set oADSysInfo to a valid object. ... try running this simple script as a user (non-Domain ... >> member of at least 2 other groups, ...
(microsoft.public.windows.server.scripting)
Re: I need to change the group membership using a logon script
... admins group in order to run the script. ... I believe users need to be members of the local Administrators group to run ... "Domain Admins" is made a member of the local Administrators group on the ... Administrators groups on the computers. ...
(microsoft.public.scripting.vbscript)
Re: Login Script group membership
... Would it be more managable to write this as a vbs instead of a batch file? ... script, as not all o/s's can run a .vbs file directly as a logon script. ... - you'd need to write a wrapper function to invoke ifmember and return the ... In the general case a user can be a member of any number of ...
(microsoft.public.windows.server.scripting)
Re: Help on a query of a query
... within the system and I have no way of knowing if these linked codes ... there are hundreds of these inactive codes. ... So write the first query to generate the second query. ...
(comp.databases.oracle.misc)