Re: Add domain user to local group script troubleshoot

From: Richard Mueller [MVP] (rlmueller-NOSPAM_at_ameritech.NOSPAM.net)
Date: 03/25/04

Next message: Sudeep: "Re: Script to search for a User's OU in Active Directory"
Previous message: Torgeir Bakken \(MVP\): "Re: Identifying the User Logged on to a Remote Computer - not always working"
In reply to: mtothej: "Add domain user to local group script troubleshoot"
Next in thread: Rick Kalifa: "Re: Add domain user to local group script troubleshoot"
Reply: Rick Kalifa: "Re: Add domain user to local group script troubleshoot"
Reply: mtothej: "Re: Add domain user to local group script troubleshoot"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 24 Mar 2004 23:05:41 -0600

mtothej wrote:

> I am trying the following script to add a domain user to a local group:
>
> Set objGroup = GetObject _
> ("WinNT://remotecomputer/Administrators")
> Set objUser = GetObject _
> ("LDAP://CN=username,OU=MyOU,OU=MyOU,DC=root,DC=mydomain,DC=org")
> objGroup.Add(objUser.ADsPath)
>
> I get the following error:
>
> C:\Scripts\add_domain_user_to_local_group.vbs(5, 1) Active Directory: An
invalid
> Active Directory pathname was passed
>
> I know the ADsPath for the user is correct because I can retrieve
properties from it. I know the objGroup path is correct because I can
enumerate the current users in the group.
>
> Is something wrong in the last line? Am I on the right track or is there
another way to add a domain user to a local group? Thanks :)

You must bind to the user object with the WinNT provider. If the
"cn=Username" user has sAMAccountName equal to "username", and the NetBIOS
name of the domain is "MyDomain", then use

Set objUser = GetObject("WinNT://MyDomain/username,user")

The local group object's Add method does not understand an LDAP AdsPath.

-- 
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--

Next message: Sudeep: "Re: Script to search for a User's OU in Active Directory"
Previous message: Torgeir Bakken \(MVP\): "Re: Identifying the User Logged on to a Remote Computer - not always working"
In reply to: mtothej: "Add domain user to local group script troubleshoot"
Next in thread: Rick Kalifa: "Re: Add domain user to local group script troubleshoot"
Reply: Rick Kalifa: "Re: Add domain user to local group script troubleshoot"
Reply: mtothej: "Re: Add domain user to local group script troubleshoot"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Remote Access Policies
... > "Carl Hilton" wrote in message ... >> I want to prohobit everyone except for users listed in a local group on> the>> radius server itself from authenticating... ... >> the local users I want to allow to pass the radius server, however it> looks>> like any domain user is allowed access. ...
(microsoft.public.internet.radius)
Re: Insufficient privilege to remote shutdown a server
... I've created a local group on that server with the remote shutdown right. ... The domain user is member of that local group. ... If, just for test, this domain user is also local admin of his WinXP ...
(microsoft.public.windows.server.general)
Re: How to delete an useraccount from a local group using a VBScript
... > I want to delete an user-account from a local group. ... I use the IsMember method of the group object to determine this, ... which again takes the AdsPath of the user as a parameter. ... your code to enumerate the group members can reveal the domain ...
(microsoft.public.scripting.vbscript)
Re: Can domain user log on a local computer?
... Adding a domain user to a local group gives the domain account the the same ... PERMISSIONS that a local user who was also a member of that group has. ...
(microsoft.public.cert.exam.mcse)
Re: "\ip is not accessible"
... local group of MachineA that contains the accounts of the users on the ... administrative user account instead). ... a a domain user or local user account, ...
(microsoft.public.windowsxp.general)