Script to add a group to a group

[Quackers]

I want to put on a timer the adding of a group to a group in active directory. Easy i thought, i'll use the NET GROUP command. In a batch file,

so i try NET GROUP "GROUP 1" "GROUP 2" / ADD

It says no such user as it thinks i'm trying to add a user to a group.

How can i achive this with a script?

[ful56_uk]

any good?

Tutorial for VBScript. Example add members to Active Directory group

[Lithium]

Why would you want to put on a timer, the adding of a group to a group?

Active Directory groups automagically update themselves when child groups are updated...

[Quackers]

Why would you want to put on a timer, the adding of a group to a group?

Active Directory groups automagically update themselves when child groups are updated...

We use file permissions to allow access to a specific area on the local hard disk. We want to timer this by adding "Domain Users" to the group which has access to the folder.

[srochford]

@ful56_uk should have pointed you in the right direction; if not then give me a shout and I'll dig out some more sample code.

You can't do it with the "net group" command because it uses the API from Windows NT days (probably LAN Manager days!) which didn't support nested groups. You have to use the ADSI interface and then it will work well.

If you can't get that to work and you need it in a hurry then take the list of usernames and make a long list of:

Code:

net group <group with access> <username> /add /domain

(create them in Excel!)

followed by a matching list of:

Code:

net group <group with access> <username> /delete /domain

(remember that even if you don't have the username list that net group will give you that list)

[Quackers]

@ful56_uk should have pointed you in the right direction; if not then give me a shout and I'll dig out some more sample code.

The link from ful56_uk is making my eyes bleed . I've had a go, but it just errors when i alter things in the example code. Cannot belive how difficult things are to do with VBS, cannot find Group to Group examples anywhere...

[Lithium]

Somewhere I read in a different topic that other people do the same sort of thing... but they add and remove the group from the security permissions and schedule that to run at two times (add the group and remove the group)

[Jonesminor]

dsmod group with -addmbr and -rmmbr

dsmod group "CN=Group, OU=GroupLivesHere, OU=ParentOU, DC=your, DC=domainname" -addmbr "CN=Domain Users, CN=Users, DC=your, DC=domainname"

--

[Quackers]

Thanks, DS MOD is doing the trick great!