active directory batch ?

February 16, 2011 at 09:26:28
Specs: Windows 7

just wondering shot in the dark here if anyone knows how to create a batch file capable of modifing AD by adding/removing users,a/r groups,a/r users to groups and possibly permmisions or instead of manual input through a .csv file. And the second part of the question is will anyone help me build it i can do errorlevels and yes no command but that about the extent of my programming skills

See More: active directory batch ?

Report •


#1
February 16, 2011 at 13:10:32

what exactly you want ? Create users or groups.. If you ask individul and exact questions at a time we can help you.. I believe many of us can are aware of active directory command lines. Dsadd.exe

Subhash Chandra.


Report •

#2
February 16, 2011 at 15:00:15

ill paste the base code here so you have an idea


@echo off
::===========================================================================================================
echo Active directory batch for removing and adding groups and respective permissions
::===========================================================================================================
:home
set var=
set /p var= Add/remove users/groups/OU and permissions go to users or go to groups (u/g/o) (%1)
if /i "!var!"=="u" goto :user
if /i "!var!"=="g" goto :group
if /i "!var!"=="o" goto :ou

:user
echo =================
echo USER MENU
echo =================
echo ...
echo 1 - add users
echo 2 - remove users
echo 3 - add users to groups
echo 4 - remove users from groups
echo =====================================
echo 5 - return to main menu
echo =====================================

choice /c:12345 /n
if errorlevel 5 goto :home
if errorlevel 4 goto :ruserfromgroup
if errorlevel 3 goto :auserstogroups
if errorlevel 2 goto :rusers
if errorlevel 1 goto :ausers


:auser


:ruser


:ausertogroup


:ruserfromgroup


::=====================================================================================================
:group
echo =================
echo GROUP MENU
echo =================
echo ...
echo 1 - add groups
echo 2 - remove groups
echo 3 - add permissions to groups
echo 4 - remove permissions from groups
echo =====================================
echo 5 - return to main menu
,.echo =====================================

choice /c:12345 /n
if errorlevel 5 goto :home
if errorlevel 4 goto :rpermissionfromgroup
if errorlevel 3 goto :apermissiontogroup
if errorlevel 2 goto :rgroup
if errorlevel 1 goto :agroup

:agroup


:rgroup


:apermissiontogroup


:rpermisssionfromgroup


::=====================================================================================================
echo =================
echo OU MENU
echo =================
echo ...
echo 1 - add ou
echo 2 - remove ou
echo 3 - add groups to ou
echo 4 - remove groups from ou
echo =====================================
echo 5 - return to main menu
echo =====================================

choice /c:12345 /n
if errorlevel 5 goto :home
if errorlevel 4 goto :rgroupfromou
if errorlevel 3 goto :agrouptoou
if errorlevel 2 goto :rou
if errorlevel 1 goto :aou


:aou


:rou


:agrouptoou


:rgroupfromou


::======================================================================================================


Report •

#3
February 16, 2011 at 15:17:20

alright.Make sense.

Now suppose i have to create users, I will choose user menu and then add users.
In which ou\group these users should be added ? do you want to hard code the value or give a prompt to input the OU and GRP name ?

same question for OU and Group as well.
. can you also mention the user attributes that you want for each user which will be prompted, like UPN, FN,LN,Display, enabled or not, Pwd ploicy etc..

Good one though.

Subhash Chandra.


Report •

Related Solutions

#4
February 16, 2011 at 16:19:58

create users as needed then you can go back and manually input them into their respective ous and groups then in the groups menu be able to set the permmisions for each group then i have to have a auto update on it so when some one updates the .csv file itll auto create the user and put them in in the proper group but these users will be the most basic users just be able to read files on the server the manual input would be for everyone but mostly for adding admins and power users

Report •

#5
February 16, 2011 at 16:23:28

*then you go back to the home menu and add them through groups and go and add the through ou

Report •

#6
February 16, 2011 at 17:27:21

Dear sir,
dsadd user "CN=test,OU=test,DC=chandra-test,DC=local"
this is the basic command to add a user into AD using command line. if you want to add more attributes you will have to add more swithcs, means more input prompts...

If you include this into a batch file using varibable (Set /p) the first thing we need to know is the OU and the Domain name. Lets assume the domain name is comoun but still we need the OU name.
"create users as needed then you can go back and manually input them into their respective ous and groups then in the groups menu ".
instead of going back to AD MMC ,will it OK for you to just prompt for the OU and the created user will be part of that OU.

i m sorry for too much questions, but you are asking for a big batch file and things needs to be cleared before we attempt..

Subhash Chandra.


Report •

#7
February 16, 2011 at 18:06:50

i figured as much through doing my research i figured its probably better to prompt the admin using the batch to do the ou then the group then the users so everything will have what it needs so it just means prompting them if its a new person being inputed into it to follow a certain prosses if not then they can just navigate the menu as needed to remove or add

Report •

#8
February 16, 2011 at 18:32:10

that would be a great way if OK with you. we will have right things in right place.
alright...so will you proceed or want us to modify the batch as per your needs?

Subhash Chandra.


Report •

#9
February 16, 2011 at 18:42:22

modify the batch as per need and ill try and see if i can do it on my end too i like a challenge

Report •

#10
February 16, 2011 at 19:01:35

i like learning new thing.................
lets do it.

Subhash Chandra.


Report •

#11
February 16, 2011 at 20:07:08

here is what i have so far.. the problem is i will have to wait till monday to test it.. I dont have a windows 2k8 server right now. (Choice does not come with win2k3).

@echo off
::===========================================================================================================
echo Active directory batch for removing and adding groups and respective permissions
::===========================================================================================================
:setting_Variabls
set _domain=mcloud-test
set _root=.local
:home


set var=
set /p var= Add/remove users/groups/OU and permissions go to users or go to groups (u/g/o) (%1)
if /i "!var!"=="u" goto :user
if /i "!var!"=="g" goto :group
if /i "!var!"=="o" goto :ou

:user
if %ouexist% == 1 goto usermain
echo Provide OU name, If OU exists script will use it, otherwise a new OU will be created.
echo Set /p ou=Enter the OU name :
dsquery ou | find /i "%ou%" >nul
if %errorlevel% == 0 echo OU Exisinng OU %ou% will be used.
if %errorlevel% == 1 (
echo OU %ou% does not exist,creating new ou
dsadd ou "ou=%ou%, dc=%_domain%, dc=%_root%
if %errorlevel% == 0 set ouexist=1
)

echo =================
echo USER MENU
echo =================
echo ...
echo....
echo 1 - add users
echo 2 - remove users
echo 3 - add users to groups
echo 4 - remove users from groups
echo =====================================
echo 5 - return to main menu
echo =====================================

choice /c:12345 /n
if errorlevel 5 goto :home
if errorlevel 4 goto :ruserfromgroup
if errorlevel 3 goto :auserstogroups
if errorlevel 2 goto :rusers
if errorlevel 1 goto :ausers


:auser
set /p cn= Enter the Login name :
set /p fn= Enter the First Name :
set /p ln= Enter the last name :
dsadd user "cn=%cn%,ou=%ou%,dc=%_domain%, dc=%_root%, -fn %fn% -ln %ln% -pwd pass@123 -mustchpwd yes
goto usermain

:ruser


:ausertogroup


:ruserfromgroup


::=====================================================================================================
:group
echo =================
echo GROUP MENU
echo =================
echo ...
echo 1 - add groups
echo 2 - remove groups
echo 3 - add permissions to groups
echo 4 - remove permissions from groups
echo =====================================
echo 5 - return to main menu
,.echo =====================================

choice /c:12345 /n
if errorlevel 5 goto :home
if errorlevel 4 goto :rpermissionfromgroup
if errorlevel 3 goto :apermissiontogroup
if errorlevel 2 goto :rgroup
if errorlevel 1 goto :agroup

:agroup


:rgroup


:apermissiontogroup


:rpermisssionfromgroup


::=====================================================================================================
echo =================
echo OU MENU
echo =================
echo ...
echo 1 - add ou
echo 2 - remove ou
echo 3 - add groups to ou
echo 4 - remove groups from ou
echo =====================================
echo 5 - return to main menu
echo =====================================

choice /c:12345 /n
if errorlevel 5 goto :home
if errorlevel 4 goto :rgroupfromou
if errorlevel 3 goto :agrouptoou
if errorlevel 2 goto :rou
if errorlevel 1 goto :aou


:aou


:rou


:agrouptoou


:rgroupfromou


::======================================================================================================

you can leave the flow as you have right now, i modifed it so when you go for creating a user it will ask you for the OU< if it already exists then it will use that otherwise create a new one and add further users to that ou till tihs session...
Hope till than you will complete yourself

Subhash Chandra.


Report •

#12
February 16, 2011 at 20:15:13

add a line ":usermain" before below

echo =================
echo USER MENU
echo =================

Subhash Chandra.


Report •

#13
February 17, 2011 at 09:48:03

this is what i have so far hope its right i only did the users for now then if i get it right i can modify what i have to fit the rest of the batch


@echo off
::===========================================================================================================
echo Active directory batch for removing and adding groups/users and respective permissions
::===========================================================================================================
:setting_Variables
set _domain=cdi-test
set _root=.local
:home

set var=
set /p var= Add and remove users/groups/OU and permissions (u/g/o) (%1)
if /i "!var!"=="u" goto :user
if /i "!var!"=="g" goto :group
if /i "!var!"=="o" goto :ou

:user
if %ouexist% == 1 goto usermain
echo Provide OU name, If OU exists script will use it, otherwise a new OU will be created.
echo Set /p ou=Enter the OU name :
dsquery ou | find /i "%ou%" >nul
if %errorlevel% == 0 echo OU Exisinng OU %ou% will be used.
if %errorlevel% == 1 (
echo OU %ou% does not exist,creating new ou
dsadd ou "ou=%ou%, dc=%_domain%, dc=%_root%"
if %errorlevel% == 0 set ouexist=1
)

pause

if %groupexist% == 1 goto usermain
echo Provide GROUP name, If GROUP exists script will use it, otherwise a new Group will be created.
echo Set /p ou=Enter the GROUP name :
dsquery group | find /i "%group%" >nul
if %errorlevel% == 0 echo GROUP Existing GROUP %group% will be used.
if %errorlevel% == 1 (
echo GROUP %group% does not exist,creating new GROUP
dsadd group "group=%group%, dc=%_domain%, dc=%_root%"
if %errorlevel% == 0 set groupexist=1

:usermain
echo =================
echo USER MENU
echo =================
echo ...
echo 1 - add users
echo 2 - remove users
echo 3 - add users to groups
echo 4 - remove users from groups
echo =====================================
echo 5 - return to main menu
echo =====================================

choice /c:12345 /n
if errorlevel 5 goto :home
if errorlevel 4 goto :ruserfromgroup
if errorlevel 3 goto :auserstogroups
if errorlevel 2 goto :rusers
if errorlevel 1 goto :ausers


:auser
echo Adding user please fill in all required spots
echo set /p userf=Enter users first name :
echo set /p userl=Enter users last name :
echo set /p usern=Enter full user name :
echo set /p ugroup=Enter applied group :
echo set /p uou=Enter applied ou :
echo set /p userna=Enter username :
echo set /p password=Enter password :
dsadd user "cn=!usern!,cn=!ugroup!,ou=!uou!,dc=%_domain%,dc=%_root%" -fn "!userf!" -ln "!userl!" -u "!userna!" -p "!password!"
echo Done creating user

:ruser
echo Removing user
echo set /p userf=Enter users first name :
echo set /p userl=Enter users last name :
echo set /p usern=Enter full user name :
echo set /p userna=Enter username :
echo set /p password=Enter password :
dsrm -subtree "cn=!usern!,dc=%_domain%,dc=%_root%" -fn "!userf!" -ln "!userl!" -u "!userna!" -p "!password!"
echo Done removing user

:ausertogroup
echo Adding user to specified group
echo set /p userf=Enter users first name :
echo set /p userl=Enter users last name :
echo set /p usern=Enter full user name :
echo set /p ugroup=Enter applied group :
echo set /p ugroup2=Enter new group :
echo set /p uou=Enter applied ou :
echo set /p uou2=Enter new ou :
echo set /p userna=Enter username :
echo set /p password=Enter password :
set /p usern="cn=!usern!,cn=!ugroup!,ou=!uou!,dc=%_domain%,dc=%_root%" -fn "!userf!" -ln "!userl!" -u "!userna!" -p "!password!"
dsmod user !usern!="cn=!usern!,cn=!ugroup2!,ou=!uou2!,dc=%_domain%,dc=%_root%" -fn "!userf!" -ln "!userl!" -u "!userna!" -p "!password!"
echo Done adding user to group

:ruserfromgroup
echo Removing user from group
echo set /p userf=Enter users first name :
echo set /p userl=Enter users last name :
echo set /p usern=Enter full user name :
echo set /p ugroup=Enter applied group :
echo set /p uou=Enter applied ou :
echo set /p userna=Enter username :
echo set /p password=Enter password :
set /p usern="cn=!usern!,cn=!ugroup!,ou=!uou!,dc=%_domain%,dc=%_root%" -fn "!userf!" -ln "!userl!" -u "!userna!" -p "!password!"
dsrm user -subtree !usern!="cn=!usern!,cn=!ugroup!,dc=%_domain%,dc=%_root%" -fn "!userf!" -ln "!userl!" -u "!userna!" -p "!password!"
echo Done removing user from group


Report •

#14
February 17, 2011 at 10:04:18

plus i wanna change
:setting_Variables
set _domain=cdi-test
set _root=.local

so that the admin running the batch is prompted to input the variables


Report •

#15
February 17, 2011 at 20:01:12

the code looks good, however not tested, it should work.
note that in first place we are asking for the OU and then that ou will be used when creating users..so in useradd menu no need of assking for OU again until its really neccerry.

i will try more on monday when i see above is working.

Subhash Chandra.


Report •


Ask Question