Board index » Visual Studio » Script to populate Distribution list

Visual Studio358
Hello,



IM trying to find a script that will populate active directory Distribtuion

lists by using a Attribute. IM not sure if its posible, or if there is

somting else that is similar.



Example.



If you are in Office A put user in Office A Distribtuoin list.


-

Brian B wrote:



Hi,



I think you want a script that retrieves a selected Active Directory

attribute for all users, then parses this or interprets in some way, then

based on this adds each user to a distribution group.



The first step would be to select an attribute. The "Office" field on the

"General" tab of the Active Directory Users & Computers MMC corresponds to

the physicalDeliveryOfficeName attribute. Other choices might be the

department attribute (shows up on the "Organization" tab of ADUC). For info

on attributes, check this link:



www.rlmueller.net/UserAttributes.htm">www.rlmueller.net/UserAttributes.htm



The first spreadsheet linked on the page above documents attributes that

show up in ADUC for user objects.



To add a user to a distribution group (or any group), you can use the Add

method of the group object. A brief example could be:



' Specify Distinguished Names of group and user.

strGroupDN = "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com"

strUserDN = "cn=NewUser,ou=Sales,dc=MyDomain,dc=com"



' Bind to the group and the user.

Set objGroup = GetObject("LDAP://" & strGroupDN)

Set objUser = GetObject("LDAP://" & strUserDN)



' Check if the user is already a member of the group.

If Not objGroup.IsMember(objUser.AdsPath) Then

' User not a member, add the user to the group.

objGroup.Add(objUser.AdsPath)

End If



To retrieve the selected attribute for all users, you can use ADO. This can

be used to return a recordset. You loop through the recordset. The logic you

use (the attribute you select and how you parse the value of the attribute)

is up to you. In the example below, I retrieve the distinguishedName (so I

can bind to the user object - ADO can retrieve info but cannot be used to

modify anything) and physicalDeliveryOfficeName. If the value of this

attribute equals "Office A", then I make the user a member of a group called

"OfficeA".



' Specify DN of OfficeA distribution group.

strGroupDN = "cn=OfficeA,ou=Sales,dc=MyDomain,dc=com"



' Bind to the group object.

Set objGroup = GetObject("LDAP://" & strGroupDN)



' Determine DNS domain name (this could be hard coded).

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")



' Use ADO to search Active Directory.

Set objCommand = CreateObject("ADODB.Command")

Set objConnection = CreateObject("ADODB.Connection")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

objCommand.ActiveConnection = objConnection



' Search the entire domain.

strBase = "<LDAP://" & strDNSDomain & ">"

' Filter to retrieve only user objects.

strFilter = "(&(objectCategory=peron)(objectClass=user))"

' Retrieve the distinguishedName and physicalDeliveryOfficeName attributes.

strAttributes = "distinguishedName,physicalDeliveryOfficeName"

' Construct the LDAP query.

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"



objCommand.CommandText = strQuery

objCommand.Properties("Page Size") = 100

objCommand.Properties("Timeout") = 30

objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute



' Enumerate the recordset.

Do Until objRecordSet.EOF

' For each user, retrieve DN and office.

strDN = objRecordSet.Fields("distinguishedName").Value

strOffice = objRecordset.Fields("physicalDeliveryOfficeName").Value

' Check if office is "Office A" (make the check case insensitive).

If (UCase(strOffice) = "OFFICE A") Then

' This user should be member of OfficeA group. Bind to user object.

Set objUser = GetObject("LDAP://" & strDN)

' Check if user already a member of the group.

If Not objGroup.IsMember(objUser.AdsPath) Then

' User not a member. Add the user to the group.

objGroup.Add(objUser.AdsPath)

End If

End If

' Go to the next record in the recordset.

objRecordSet.MoveNext

Loop



I hope this helps.



--

Richard

Microsoft MVP Scripting and ADSI

HilltopLab web site - www.rlmueller.net">www.rlmueller.net

--





-

Thank you very much Richard it works great



I modified the attributes, and got it to work, i would like to add some more

to it though. How can we change this so that it will remove the user from the

group when the attribute no longer matches the criteria specified in the

script.



Below is what i got working i changed the script to search for postalCode.



What i want to do is if the users postalCode changes then remove them from

the group. Also i would like to echo the additions and removals if posible.



Your help has been excelent thank you very much.



~BB





' Specify DN of distribution group.

strGroupDN = "cn=IMS_Hightstown,ou=Distribution

Groups,ou=Groups,ou=IMS,ou=Business Units,dc=ims,dc=mhm,dc=mhc"



' Bind to the group object.

Set objGroup = GetObject("LDAP://" & strGroupDN)



' Determine DNS domain name

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")



' Use ADO to search Active Directory.

Set objCommand = CreateObject("ADODB.Command")

Set objConnection = CreateObject("ADODB.Connection")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

objCommand.ActiveConnection = objConnection



' Search the entire domain.

strBase = "<LDAP://" & strDNSDomain & ">"



' Filter to retrieve only user objects.

strFilter = "(&(objectCategory=person)(objectClass=user))"



' Retrieve the distinguishedName and zip attributes.

strAttributes = "distinguishedName,postalCode"



' Construct the LDAP query.

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"



objCommand.CommandText = strQuery

objCommand.Properties("Page Size") = 100

objCommand.Properties("Timeout") = 30

objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute



' Enumerate the recordset.

Do Until objRecordSet.EOF

' For each user, retrieve DN and zip.

strDN = objRecordSet.Fields("distinguishedName").Value

strOffice = objRecordset.Fields("postalCode").Value

' Check if zip is "08520" (case insensitive).

If (UCase(strOffice) = "08520") Then

' This user should be member of OfficeA group. Bind to user object.

Set objUser = GetObject("LDAP://" & strDN)

' Check if user already a member of the group.

If Not objGroup.IsMember(objUser.AdsPath) Then

' User not a member. Add the user to the group.

objGroup.Add(objUser.AdsPath)

End If

End If

' Go to the next record in the recordset.

objRecordSet.MoveNext

Loop





-

Hi,



The group object has a Remove method. Your "Do Until" loop could look

similar to:



' Enumerate the recordset.

Do Until objRecordSet.EOF

' For each user, retrieve DN and zip.

strDN = objRecordSet.Fields("distinguishedName").Value

strOffice = objRecordset.Fields("postalCode").Value

' Check if zip is "08520" (case insensitive).

If (UCase(strOffice) = "08520") Then

' This user should be member of group.

' Check if user already a member of the group.

If Not objGroup.IsMember("LDAP://" & strDN) Then

' User not a member. Add the user to the group.

objGroup.Add("LDAP://" & strDN)

Wscript.Echo "User added to group: " & strDN

End If

Else

' This user should not be member of group.

' Check if user already a member of the group.

If objGroup.IsMember("LDAP://" & strDN) Then

' User is a member. Remove the user from the group.

objGroup.Remove("LDAP://" & strDN)

Wscript.Echo "User removed from group: " & strDN

End If

End If

' Go to the next record in the recordset.

objRecordSet.MoveNext

Loop



If the value of postalCode is not 08520, and the user is a member of the

group, the user is removed from the group.



You may notice that I no longer bind to the user object. Usually I like to

bind to the user, just to ensure that I have the correct Distinguished Name,

and to be sure the object exists. That isn't necessary here. If I left the

bind statement in, then the code would have to bind to every user in the

domain, even if no changes were made. This would slow the script

considerably (binding to remote objects, such as users in Active Directory,

is one of the slowest steps in a script). Both the Add and the Remove

methods require the AdsPath of the user. The AdsPath is simply the

Distinguished Name, with the provider moniker "LDAP://" appended. Usually

the safest way to get the AdsPath is to use the AdsPath property method of

the object. However, I think it is better in this case to construct the

AdsPath from the distinguishedName.



I used Wscript.Echo to echo progress statements to the screen. This assumes

that the script is run from a command prompt with the Cscript host. The

output can be redirected to a text file. For example, if the VBScript

program is in a file called UpdateGroup.vbs, the output can be redirected to

a file called output.txt with the following statement (at a command prompt):



cscript //nologo UpdateGroup.vbs>output.txt



--

Richard

Microsoft MVP Scripting and ADSI

HilltopLab web site - www.rlmueller.net">www.rlmueller.net

--





"Brian B" <BrianB@discussions.microsoft.com>wrote in message



-

Richard everything is working great, but i noticed that i have some users

that list several diffrent zip codes for the same location is there a way to

have this script search for multiple zip codes ?



"Richard Mueller [MVP]" wrote: