|
|
The IADsUser and IADsGroup interfaces have a few useful methods that are designated for enumerating groups and users.You could certainly directly access the appropriate properties — memberOf for user objects, and member for group objects — that are responsible for membership information. However, it is much more convenient to use the special access methods, especially when modifying memberships.
Note | Refer Listing 17.13 for information on moving and renaming group accounts. |
The Groups method of the IADsUser interface allows you to enumerate all groups that a user belongs to. Here is a script that displays the names of the groups for a specified user account:
Listing 17.10. listOfGroups.vbs — Enumerating Groups
Dim objUser 'As IADsUser Dim x 'As Variant Set objUser = Getobject ("LDAP://CN=John Smith,OU=Staff,DC=net,DC=dom") For Each x In objUser.Groups WScript.Echo x.ADsPath WScript.Echo x.Name WScript.Echo x.distinguishedName, vbCrLf Next
(The ADsPath value can be used for subsequent direct binding to a group object.)
Otherwise, you can directly read the value of the memberOf property and use the following statements, instead of the last five statements shown above:
'Dim arrGroups As Variant arrGroups = objUser.Get ("memberOf") For Each x In arrGroups WScript.Echo x Next
Caution | Neither by using the Groups method nor by reading the memberOf property can you display a usets primary group, i. e. the Domain Users group (default for user accounts). (By default, the primary group for computer accounts is Domain Computers, and for DCs — Domain Controllers.) To see an account's primary group, bind to that account and use the Get method: object.Get ("primaryGroupID") |
By using the Members method of the IADsGroup interface, you can list all members — users or another groups — of the specified group. Here is a sample script:
Listing 17.11. listOfUsers.vbs — Enumerating Users
Dim objGroup 'As IADsGroup Dim x 'As Variant Set objGroup = Getobject ("LDAP: //CN=LocalGrp,OU=Staff, DC=net, DC=dom") For Each x In objGroup.Members WScript.Echo x.Class WScript.Echo x.Name WScript.Echo x.ADsPath WScript.Echo x.distinguishedName + vbCrLf Next
Only one statement (shown in bold) is sufficient to add an account (user, computer, or group) to an existing group. Look at the following code snippet:
Dim objGroup As IADsGroup Set objGroup = Getobject ("LDAP: //CN=LocalGrp,OU=Staff, DC=net, DC=dom") objGroup.Add ("LDAP: //CN=John Smith,OU=Staff,DC=net,DC=dom") objGroup.SetInfo
|
|