+ Post New Thread
Results 1 to 2 of 2
Windows Server 2000/2003 Thread, Change AD Users Primary Group in Technical; In order to support a large number of Macintosh clients, I need to change the Primary Group of most of ...
  1. 10th November 2009, 02:18 PM #1
    habitat
    habitat is offline
    Join Date
    Jan 2008
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Change AD Users Primary Group

    In order to support a large number of Macintosh clients, I need to change the Primary Group of most of my Active Directory users from Domain Users to one of three different user groups.

    This is easily done on a per user basis, but I am looking to make changes to thousands of users at a time.

    Does anyone have any experience with this and/or able to recommend a 3rd party app to get it done?

    Running Win2k3 Server

    Thanks in advance for any insight.
  2. IDG Tech News
  3. 11th November 2009, 07:29 AM #2
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    35
    I think you can use a portion of this script for your needs

    Code:
    Set objRootLDAP = GetObject("LDAP://rootDSE")
strOUPath = "OU=Kiosk Users,OU=Sites," & objRootLDAP.Get("defaultNamingContext")
strNewPrimaryGroup = "CN=Kiosk_Users,OU=Kiosk Users,OU=Sites," & objRootLDAP.Get("defaultNamingContext")
strOldPrimaryGroup = "CN=Domain Users,CN=Users," & objRootLDAP.Get("defaultNamingContext")
 
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT AdsPath FROM 'LDAP://" & strOUPath & "' WHERE objectClass='person' AND objectCategory='user'"  
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
	Set objUser = GetObject(objRecordSet.Fields("adsPath").Value)
 
	' Bind to the new primary group and add the user as a member, then set it as the primary group
	Set objNewPrimaryGroup = GetObject("LDAP://" & strNewPrimaryGroup)
	objNewPrimaryGroup.Add(objUser.ADsPath)
	objNewPrimaryGroup.GetInfoEx Array("primaryGroupToken"), 0
	objUser.primaryGroupID = objNewPrimaryGroup.primaryGroupToken
	objUser.SetInfo
	
	' Remove the user from the group that was the previous Primary group
	Set objOldPrimaryGroup = GetObject("LDAP://" & strOldPrimaryGroup) 
	objOldPrimaryGroup.Remove objUser.adsPath
	objOldPrimaryGroup.SetInfo
 
	objRecordSet.MoveNext
Wend
MsgBox "Finished."
    bio...
SHARE:
+ Post New Thread

Similar Threads

  1. Which group do staff have to be in to change passwords of students?
    By reggiep in forum Windows
    Replies: 6
    Last Post: 8th September 2009, 05:59 PM
  2. How to change display font size for all users of certain laptops?
    By HPitkin in forum Network and Classroom Management
    Replies: 2
    Last Post: 1st December 2008, 02:52 PM
  3. change taskbar back to blue group policy
    By cooper in forum Windows
    Replies: 5
    Last Post: 15th August 2007, 10:40 AM
  4. Change start page for logged on users
    By ajbritton in forum Comments and Suggestions
    Replies: 7
    Last Post: 12th April 2006, 08:48 AM
  5. Change profile path for all users
    By mark in forum Scripts
    Replies: 5
    Last Post: 10th September 2005, 06:16 PM
« Finding WSUS server site name on Server 2003 | Computers not recognising domain »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules