Re: Script to convert the group type from Domain local to Universal

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 12 Dec 2008 12:43:38 -0600

---

As noted, you modify the groupType attribute of the group objects. To do
this for many groups you have a few options.

1. Enumerate all groups in the domain, or an OU (and child OU's), assuming
all groups should be Universal. For example:
=========
Option Explicit
Dim objOU

Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &H8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

' Bind to parent OU (or the domain) using Distinguished Name.
Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com";)

' Call recursive method.
Call EnumGroups(objOU)

Sub EnumGroups(ByVal objParent)
' Enumerate all groups in this container and sub containers.
Dim objGroup, objChild

' Filter on group objects in this container.
objParent.Filter = Array("group")
' Enumerate groups.
For Each objGroup In objParent
' Modify group type.
objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP _
OR ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo
Next

' Filter on child OU's in this container.
objParent.Filter = Array("organizationalUnit")
' Enumerate all child OU's.
For Each objChild In objParent
' Recursively enumerate groups.
Call EnumGroups(objChild)
Next

End Sub
=======
2. Use ADO to retrieve the DN of all groups in the domain. When you loop
through the resulting recordset, bind to each group and modify groupType.
See below.

3. Create a text file of group Distinguished Names to be converted. Then a
program can read each group DN and convert each. For example:
=========
Option Explicit
Dim strFilePath, objFSO, objFile, strLine, objGroup

Const ForReading = 1
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &H8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

' Specify the text file of group DN's.
strFilePath = "c:\Scripts\Groups.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFilePath, ForReading)

' Read each line of the file.
Do Until objFile.AtEndOfStream
strLine = Trim(objFile.ReadLine)
' Skip blank lines.
If (strLine <> "") Then
' Bind to the group.
Set objGroup = GetObject("LDAP://"; & strLine)
' Modify group type.
objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP _
OR ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.SetInfo
End If
Loop

' Clean up.
objFile.Close
========

To create a text file with the DN of all groups in the domain you can use
ADO. See this link for details on using ADO:

http://www.rlmueller.net/ADOSearchTips.htm

I this case you would use:

strFilter = "(objectCategory=group)"
strAttributes = "distinguishedName"

You can have the program echo the DN's to the screen and redirect the output
to a text file. Then you can modify the list to only include the groups you
need to modify.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23qjK%231GXJHA.1268@xxxxxxxxxxxxxxxxxxxxxxx

Howdie!

Ezakial wrote:

I have more than 500 Domain local groups groups and I need to convert it
to Universal group before migrating it to the target domain. Anyone has a
script or tool to bulk convert the group type to universal. Thanks

The scripting guys have something:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/may06/hey0512.mspx

Not 100% what you want, but that should give you a start.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

.

---

• References:
  • Script to convert the group type from Domain local to Universal
    • From: Ezakial
  • Re: Script to convert the group type from Domain local to Universal
    • From: Florian Frommherz [MVP]

• Prev by Date: Re: Extract user group membership details
• Next by Date: Problems with adamsync between one AD LDS and two AD DS services
• Previous by thread: Re: Script to convert the group type from Domain local to Universal
• Next by thread: Re: Script to convert the group type from Domain local to Universal
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Listing Group Members ... This is a script I use to enumerate the groups in my OU. ... able to modify it to suit your own purposes. ... Dim objMember, iCount ... wscript.Echo vbtab & objMember.sAMAccountName & vbtab & ... (microsoft.public.scripting.vbscript) Re: scared about refrences... ... functions should not modify their caller's data. ... for index, value in enumerate: ... But notice that you only need a shallow copy, not a deep copy, because you ... If so, please post the exception. ... (comp.lang.python) Re: scared about refrences... ... functions should not modify their caller's data. ... def print_list: ... for index, value in enumerate: ... If so, please post the exception. ... (comp.lang.python) Re: Listing Group Members ... mode but it should be easy enough to modify if you need to enumerate ... nested groups as well. ... Indeed, just uncomment one line: ... (microsoft.public.scripting.vbscript) Re: Using for each, in with STL containers with non-const iterators ... modify the elements of the container while iterating. ... BOOST_FOREACH(int& num, lst) { ... (microsoft.public.vc.stl)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-12