This script creates Mail enabled Universal groups or distribution lists by reading input from a CSV file.
This script is also written to update group owners name and also enables the checkbox "Manager can update member list"
Sample INPUT
universal,Grpname,This is a test grp,Ownername,OU1,OU2,OU3
'Script Start
Const ADS_GROUP_TYPE_GLOBAL = &H2
Const ADS_GROUP_TYPE_LOCAL = &H4
Const ADS_GROUP_TYPE_UNIVERSAL = &H8
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &h5
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &h1
Const ADS_RIGHT_DS_WRITE_PROP = &h20
Const MEMBER_ATTRIBUTE = "{bf9679c0-0de6-11d0-a285-00aa003049e2}"
Set objConnection2 = CreateObject("ADODB.Connection")
Set objCommand2 = CreateObject("ADODB.Command")
objConnection2.Provider = "ADsDSOObject"
objConnection2.Open "Active Directory Provider"
Set objCommand2.ActiveConnection = objConnection2
Set ObjFSO = createobject("Scripting.FilesystemObject")
Set ObjTextfile = ObjFSO.Opentextfile("C:\dlinput.csv")
Do Until ObjTextfile.AtEndofStream
StrGet = ObjTextfile.ReadLine
StrInput = split(strGet,",")
StrLdappath = "LDAP:// YOUR LDAP PATH "
'wscript.echo strLdappath & " " & strInput(1)
Set objOU = GetObject(strLdappath)
Select Case StrInput(0)
Case "universal"
StrGrpName = strInput(1)
Set objGroup = objOU.Create("Group", "cn=" & strGrpName )
objGroup.groupType = ADS_GROUP_TYPE_UNIVERSAL
objGroup.SetInfo
case Else
StrGrpName = strInput(1)
Set objGroup = objOU.Create("Group", "cn=" & strGrpName )
objGroup.groupType = ADS_GROUP_TYPE_UNIVERSAL
objGroup.SetInfo
End Select
objGroup.sAMAccountName = Right (strInput(1),Len(StrInput(1))-1)
objGroup.SetInfo
objGroup.description = strInput(2)
objGroup.SetInfo
'wscript.echo strGrpName & "@" & strInput(6) & ".yourdomain.com"
objGroup.mail = strGrpName & "@" & strInput(6) & ".yourdomain.com"
objGroup.MailEnable
objGroup.Put "ProxyAddresses", "SMTP:" + "##-" + strInput(1) + "@" + strInput(6) + ".yourdomain.com"
objGroup.SetInfo
'wscript.echo strInput(3)
objCommand2.CommandText ="SELECT Userprincipalname,adspath,distinguishedName FROM 'LDAP:\\Your LDAP PATH' WHERE objectCategory='User' " & "AND CN='" & strInput(3) & "'"
Set objRecordSet2 = objCommand2.Execute
objRecordSet2.MoveFirst
'wscript.echo objRecordSet2.Fields("Adspath").Value
If Not objRecordSet2.EOF then
objGroup.Put "managedby" , Trim(Replace(objRecordSet2.Fields("adspath").Value,"LDAP://"," "))
objGroup.SetInfo
set objSD = objGroup.Get("ntSecurityDescriptor")
set objDACL = objSD.DiscretionaryAcl
set objACE = CreateObject("AccessControlEntry")
objACE.Trustee = objRecordSet2.Fields("UserprincipalName").Value
objACE.AccessMask = ADS_RIGHT_DS_WRITE_PROP
objACE.AceFlags = 0
objACE.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE.ObjectType = MEMBER_ATTRIBUTE
objDACL.AddAce objACE
objSD.DiscretionaryAcl = objDACL
objGroup.Put "ntSecurityDescriptor", objSD
objGroup.SetInfo
End If
wscript.echo "Group named " & strinput(1) & " is created"
Loop
Wscript.echo "***** Script End *****"
'Script end
Queries on scripts. Open http://orangescripts.blogspot.com and post it
1 comment:
Hi, Found your script for creating a DL from a CSV, and was wondering if you could give ma a one line example of the format of the "feeder" CAV file? Also, on line 26 of the script (strldapath), is this the LDAP path to the OU where I want the DL's to be created?
Thanks,
Lee Flowers
Post a Comment