VBScript to create AD security groups

 

If you are working with System Center Configuration Manager (SCCM 2007),you know what the post means here. Have been getting lot of requests per day/week to create AD security groups for new applications to deploy applications .

Here is the VB Script that fullfil your requirememnt but test it in the lab before taking into production.

Create a Excel file with piping all AD security group names .Change the Excel file,OU name etc from the script.

Replace the Quotes(single and Double) as they are fancy from the post when you copy the code to vbs file.

 

ON ERROR RESUME NEXT
Dim strExcelPath, objExcel, objSheet, strPrevious,introw
Dim strName, strParentDN, objParent, objGroup
Dim strGroupType, strSecurity, lngType
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &H02
Const ADS_GROUP_TYPE_LOCAL_GROUP = &H04
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &H08
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

' Specify spreadsheet file.
strExcelPath = "c:\scripts\Groups.xls"

' Open the spreadsheet.
Set objExcel = CreateObject("Excel.Application")
objExcel.WorkBooks.Open strExcelPath
Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)

' Skip the first row. Iterate through the remaining rows of the spreadsheet,
' until the first blank entry in the first column.
intRow = 2
' Keep track of previous OU/Container.
' We only need to bind if the OU/Container is different.
strPrevious = ""
Do While objSheet.Cells(intRow, 1).Value <> ""
' Retrieve values from spreadsheet.
strName = objSheet.Cells(intRow, 2).Value
strGroupType = objSheet.Cells(intRow, 3).Value
strSecurity = objSheet.Cells(intRow, 4).Value
Select Case LCase(strGroupType)
Case "global"
lngType = ADS_GROUP_TYPE_GLOBAL_GROUP
Case "local"
lngType = ADS_GROUP_TYPE_LOCAL_GROUP
Case "universal"
lngType = ADS_GROUP_TYPE_UNIVERSAL_GROUP
End Select
If (LCase(strSecurity) = "security") Then
lngType = lngType Or ADS_GROUP_TYPE_SECURITY_ENABLED
End If
If (strParentDN <> strPrevious) Then
' Bind to a different parent OU/Container.
Set objParent = GetObject("LDAP://ou=managed,dc=eskonr,dc=com")
End If
' Create the group.
Set objGroup = objParent.Create("group", "cn=" & strName)
' Assign NetBIOS name of group.
objGroup.Put "sAMAccountName", strName
' Assign the group type.
objGroup.Put "groupType", lngType
' Save changes.
objGroup.SetInfo
strPrevious = strParentDN
intRow = intRow + 1
Loop

' Close workbook and quit Excel.
objExcel.ActiveWorkbook.Close
objExcel.Application.Quit
msgbox("Done")

Note: Please check if you have proper rights to create AD sec groups on the right OU from Script.

Leave a Reply