Adding objects as members of a group can be done with IADsGroup::Add, a simple method that takes the DN of the object to be added:
objGroup.Add("LDAP://cn=Sue Peace,cn=Users,dc=mycorp,dc=com") objGroup.Add("LDAP://cn=Keith Cooper,cn=Users,dc=mycorp,dc=com")
Groups can contain virtually any other type of object as a member, including users, computers, and other groups.
In Section 11.5.5, we described the need to add many user groups as members of several permission groups. Example 21-8 contains the code necessary to implement this functionality. It scans for all groups prefixed with USER_ and DRUP_. It then adds all the USER groups to each DRUP group, except for the group where the suffix matches. In other words, all USER_ groups except USER_Finance are added to DRUP_Finance. This was why the names were set up this way.
|
'************************************************************************** 'Search the entire AD for all groups starting USER_ and return the cn 'and AdsPath variables in the following structure ' ' arrUSERGroup(0,index) = cn attributes ' arrUSERGroup(1,index) = ADsPath attribute ' 'where index goes from 0 to (the maximum number of results returned -1) '************************************************************************** If SearchAD( _ "LDAP://dc=mycorp,dc=com", "(&(objectClass=group)(cn=USER_*))", _ "SubTree", "cn,ADsPath", arrUSERGroup) Then '************************************************************************** 'As above but for DRUP_ groups '************************************************************************** If SearchAD( _ "LDAP://dc=mycorp,dc=com", "(&(objectClass=group)(cn=DRUP_*))", _ "SubTree", "cn,ADsPath", arrDRUPGroup) Then '*********************************************************************** 'Set up an index to allow us to iterate through the USER_ groups. The 'Ubound function here counts the maximum number of elements in the 'array's second dimension of values (the first dimension has only two 'values, "cn" and "ADsPath") '*********************************************************************** For intUSERGroupIndex = 0 To Ubound(arrUSERGroups,2) '*********************************************************************** 'As above but for DRUP_ groups '*********************************************************************** For intDRUPGroupIndex = 0 To Ubound(arrDRUPGroups,2) '*********************************************************************** 'Extract the portion of the name that corresponds to all letters after 'the "cn=USER_" or "cn=DRUP_" parts (i.e., eight letters) '*********************************************************************** txtUSERGroupSuffixName = Right(arrUSERGroup(0,intUSERGroupIndex), _ Len(arrUSERGroup(0,intUSERGroupIndex))-8) txtDRUPGroupSuffixName = Right(arrDRUPGroup(0,intDRUPGroupIndex), _ Len(arrDRUPGroup(0,intDRUPGroupIndex))-8) '*********************************************************************** 'If the two extracted strings are not the same, then add the USER group 'to the DRUP group '*********************************************************************** If Not txtUSERGroupSuffix = txtDRUPGroupSuffix Then Set objDRUPGroup = GetObject(arrDRUPGroup(1,intDRUPGroupIndex)) objDRUPGroup.Add(arrUSERGroup(1,intUSERGroupIndex)) End If Next Next End If End If
You should note, by the way, that the For loop evaluates the UBound condition every time it completes a loop. To speed up the code, you really should put the result of the UBound in a variable and use the For loop with that directly.