how can copy group memberships from specific user to another user with any command?
-
8 мая 2012 г. 2:50how can copy group memberships from specific user to another user with any command?
Все ответы
-
8 мая 2012 г. 3:56Модератор
Please refer to the batch file in this link where DSQUERY and DSMOD were used to copy the group membership of one user to another.
Alternatively, you can try the following script (you can modify it to accept the 2 user accounts as command-line arguments):
Set objADSysInfo = CreateObject("ADSystemInfo") Set objUser1 = GetObject("LDAP://CN=User1,OU=Users,DC=fabrikam,DC=com") Set objUser2 = GetObject("LDAP://CN=User2,OU=Users,DC=fabrikam,DC=com") For Each strGroup in objUser1.memberOf Set objGroup = GetObject("LDAP://" & strGroup) objGroup.Add(objUser2.ADsPath) NextRegards,
Salvador Manaois III
MCSE MCSA CEH MCITP | Enterprise/Server Admin
Microsoft Certified Solutions Associate
http://www.badzmanaois.com
- Предложено в качестве ответа jrvMicrosoft Community Contributor 8 мая 2012 г. 4:21
- Помечено в качестве ответа Gautam Ji 11 мая 2012 г. 16:26
-
8 мая 2012 г. 6:09Модератор
I have used code similar to below to make sure a user has the same group membeships as a template user:
Option Explicit
Dim objTemplate, objUser, objGroup
' Bind to "Template" user.
Set objTemplate = GetObject("LDAP://cn=Template,ou=West,dc=MyDomain,dc=com")
' Bind to user.
Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")
' Enumerate group memberships of template user.
For Each objGroup In objTemplate.Groups
' Check if user already a member.
If (objGroup.IsMember(objUser.ADsPath) = False) Then
' Add the user to the group.
objGroup.Add(objUser.ADsPath)
End If
Next
-----
This will not raise errors if the user is already a member of any of the groups.
Richard Mueller - MVP Directory Services
- Помечено в качестве ответа Gautam Ji 11 мая 2012 г. 16:26
-
8 мая 2012 г. 6:25
Hi vote for helpful,
I also created a PowerShell script that does this for you. Have a look in the repository:
http://gallery.technet.microsoft.com/scriptcenter/Compare-group-membership-36dfa920
- Помечено в качестве ответа Gautam Ji 11 мая 2012 г. 16:26
-
8 мая 2012 г. 6:27Модератор
If the purpose is to enforce group membership (make sure a user has the exact same memberships as a template user) then you also need to code to remove unwanted memberships. For example:
Option Explicit
Dim objTemplate, objUser, objGroup, objList
' Bind to "Template" user.
Set objTemplate = GetObject("LDAP://cn=Template,ou=West,dc=MyDomain,dc=com")
' Bind to user.
Set objUser = GetObject("LDAP://cn=Jim Smith,ou=West,dc=MyDomain,dc=com")
' Setup dictionary object of target user group memberships.
Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompare
' Enumerate group memberships of template user.
For Each objGroup In objTemplate.Groups
' Add to the dictionary object.
objList.Add objGroup.distinguishedName, True
' Check if user already a member.
If (objGroup.IsMember(objUser.ADsPath) = False) Then
' Add the user to the group.
objGroup.Add(objUser.ADsPath)
End If
Next
' Enumerate the user's group memberships.
For Echo objGroup In objUser.Groups
' Check if template user is a member of this group.
If (objList.Exists(objGroup.distinguishedName) = False) Then
' Remove the user from this group.
objGroup.Remove(objUser.ADsPath)
End If
Next
-----
Richard Mueller - MVP Directory Services
- Помечено в качестве ответа Gautam Ji 11 мая 2012 г. 16:26
.png)
