LDAP: Add user account and user group?

  • Thread starter Thread starter Jack Black
  • Start date Start date
J

Jack Black

Hi, all! Using Win2k AD boxes...

How does one go about adding groups and adding user accounts in AD with LDAP
queries?? I can do just about everything else, but I'll be darned if I
can't get user or group adds to work. I can add users to groups, but tweaks
of those same LDAP queries don't work. Do I have to specify objectCategory
and objectClass attributes in the query somewhere, and if so, where? Anyone
have any pointers for me? I've searched Google and Netscape for a while
this evening but haven't found anything terribly useful (including
remarkably dry reading of several LDAP RFCs)... :)

Thanks!
Jack
 
You have to manipulate Member attribute of group object and not MemberOf
attribute of user object (because it is a reverse-linked attribute). So, you
have to instantiate group object and use PutEx method to add user (in dn
form) to a group. The script sample for this would be

Const ADS_PROPERTY_UPDATE = 2
Set objGroup = GetObject
("LDAP://cn=yourgroup,ou=groupou,dc=domain,dc=com")objGroup.PutEx
ADS_PROPERTY_UPDATE, _
"member", Array("cn=UserToAdd1,ou=user2ou,dc=domain,dc=com", _
"cn=UserToAdd2,ou=user2ou,dc=domain,dc=com")
objGroup.SetInfoThat is all.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 
Back
Top