[ Team LiB ] Previous Section Next Section

21.7 Adding Members to a Group

Adding objects as members of a group can be done with IADsGroup::Add, a simple method that takes the DN of the object to be added:

objGroup.Add("LDAP://cn=Sue Peace,cn=Users,dc=mycorp,dc=com")
objGroup.Add("LDAP://cn=Keith Cooper,cn=Users,dc=mycorp,dc=com")

Groups can contain virtually any other type of object as a member, including users, computers, and other groups.

21.7.1 Adding Many USER Groups to DRUP Groups

In Section 11.5.5, we described the need to add many user groups as members of several permission groups. Example 21-8 contains the code necessary to implement this functionality. It scans for all groups prefixed with USER_ and DRUP_. It then adds all the USER groups to each DRUP group, except for the group where the suffix matches. In other words, all USER_ groups except USER_Finance are added to DRUP_Finance. This was why the names were set up this way.

These searches make use of the ADO search function called SearchAD from Chapter 20.

Example 21-8. Adding many user groups as members of several permission groups
'**************************************************************************
'Search the entire AD for all groups starting USER_ and return the cn
'and AdsPath variables in the following structure
'
'  arrUSERGroup(0,index) = cn attributes
'  arrUSERGroup(1,index) = ADsPath attribute
'
'where index goes from 0 to (the maximum number of results returned -1)
'**************************************************************************
If SearchAD( _
  "LDAP://dc=mycorp,dc=com", "(&(objectClass=group)(cn=USER_*))", _
  "SubTree", "cn,ADsPath", arrUSERGroup) Then

  '**************************************************************************
  'As above but for DRUP_ groups
  '**************************************************************************
  If SearchAD( _
    "LDAP://dc=mycorp,dc=com", "(&(objectClass=group)(cn=DRUP_*))", _
    "SubTree", "cn,ADsPath", arrDRUPGroup) Then

    '***********************************************************************
    'Set up an index to allow us to iterate through the USER_ groups. The
    'Ubound function here counts the maximum number of elements in the
    'array's second dimension of values (the first dimension has only two
    'values, "cn" and "ADsPath")
    '***********************************************************************
    For intUSERGroupIndex = 0 To Ubound(arrUSERGroups,2)
      '***********************************************************************
      'As above but for DRUP_ groups
      '***********************************************************************
      For intDRUPGroupIndex = 0 To Ubound(arrDRUPGroups,2)
        '***********************************************************************
        'Extract the portion of the name that corresponds to all letters after
        'the "cn=USER_" or "cn=DRUP_" parts (i.e., eight  letters)
        '***********************************************************************
        txtUSERGroupSuffixName = Right(arrUSERGroup(0,intUSERGroupIndex), _
          Len(arrUSERGroup(0,intUSERGroupIndex))-8)
        txtDRUPGroupSuffixName = Right(arrDRUPGroup(0,intDRUPGroupIndex), _
          Len(arrDRUPGroup(0,intDRUPGroupIndex))-8)
        '***********************************************************************
        'If the two extracted strings are not the same, then add the USER group
        'to the DRUP group
        '***********************************************************************
        If Not txtUSERGroupSuffix = txtDRUPGroupSuffix Then
          Set objDRUPGroup = GetObject(arrDRUPGroup(1,intDRUPGroupIndex))
          objDRUPGroup.Add(arrUSERGroup(1,intUSERGroupIndex))
        End If
      Next
    Next
  End If
End If

You should note, by the way, that the For loop evaluates the UBound condition every time it completes a loop. To speed up the code, you really should put the result of the UBound in a variable and use the For loop with that directly.

    [ Team LiB ] Previous Section Next Section