Programming Forums
User Name Password Register
 

RSS Feed
FORUM INDEX | TODAY'S POSTS | UNANSWERED THREADS | ADVANCED SEARCH

Reply
 
Thread Tools Display Modes
Old Aug 26th, 2006, 8:03 AM   #1
PhilBon
Hobbyist Programmer
 
PhilBon's Avatar
 
Join Date: Nov 2005
Posts: 171
Rep Power: 3 PhilBon is on a distinguished road
Send a message via AIM to PhilBon Send a message via MSN to PhilBon
Wothing with Group Policy Objects through Command Line
I was wondering if anyone has ever worked with creating Group Policy Objects Through Command Line. I current am in a position where every 3 months we have to add about 150 new users to our Active Directory Database. We've had to enter them in all by hand using the AD Users and Computers Snap in which is a pain after about 3 users. I've found a way to prevent that by using DSADD, DSMOD, etc. But Now i'm stuck on creating GPO for each Organizational Unit. Each user has to have their My Documents Redirected to a location that is based on their programming experience. Every 50 users belong to a different OU for example New programmers, Novice Programmers, and Expert Programmers and each one have a different file location c:\new\username, c:\nov\username and c:\expert\username. They also have to have their own special logon script like the new programmers will have a welcome program that will help them learn about programming while the Expert Programmers have a calendar and journal of what they did that day and the days before to keep track of work. I've searched the internet for about an hour and all I can find is how to use an interface rather than a command line. Any help would be great. If you have any code or little notes that you don't know if they work then I'll try them out. I'll try just about anything. Thanks

Info: Windows Server 2003, and Windows Server 2000 (outdated I know)
PhilBon is offline   Reply With Quote
Old Aug 26th, 2006, 11:57 AM   #2
Dameon
Troll
 
Dameon's Avatar
 
Join Date: Apr 2005
Location: Texas
Posts: 732
Rep Power: 4 Dameon is on a distinguished road
The thing is, I don't see why you need to use the command line either.

Quote:
But Now i'm stuck on creating GPO for each Organizational Unit
You only mentioned three OUs. What's the problem?

Quote:
Every 50 users belong to a different OU for example New programmers, Novice Programmers, and Expert Programmers and each one have a different file location c:\new\username, c:\nov\username and c:\expert\username. They also have to have their own special logon script
Easy to do with a GPO.

dsadd can easily create a user inside a certain OU. It doesn't matter if you created the OU and put a GPO on it with the snap-in or not.

Shot in the dark here. Perhaps your problem is that users will go up in experience over time and need to be updated accordingly. The only complication I see is that dsmod doesn't have a way to move a user to a different OU.

Two options:
1. Move the users to the appropriate OU with vbscript.
2. Change the users' groups, with the groups in the appropriate OU and the actual users elsewhere.
__________________
MD5(sig) = bcef75433db02e9ad9bf81d6f7c5c270
Dameon is offline   Reply With Quote
Old Aug 26th, 2006, 1:31 PM   #3
PhilBon
Hobbyist Programmer
 
PhilBon's Avatar
 
Join Date: Nov 2005
Posts: 171
Rep Power: 3 PhilBon is on a distinguished road
Send a message via AIM to PhilBon Send a message via MSN to PhilBon
Alright I'll go into more detail. When I have to do something more than 3 times with the basic setup just different variables I like to put it into a loop. When I go to create a GPO with the AD Users and Computers it's just to much work to be doing it over and over. So I'd like to where I can create the GPO with the command line. This is what I have:
(Toggle Plain Text) 
dsadd ou "ou=New, dc=nwtraders, dc=test" -desc "This is the New Programmers Group"
dsadd group "cn=NewGRP, ou=Groups, dc=nwtraders, dc=test" -samid NewGRP -secgrp yes -scope g -desc "This is the New Programmers Group"
mkdir c:\shares\New
CACLS c:\shares\New /g "nwtraders\Domain Admins":F
Y
CACLS c:\shares\New /e /g "nwtraders\NewGRP":R
mkdir c:\shares\Newshared
CACLS c:\shares\Newshared /g "nwtraders\Domain Admins":F
Y
CACLS c:\shares\Newshared /e /g "nwtraders\NewGRP":R
net share New=c:\shares\New
net share Newshared=c:\shares\Newshared
dsadd user "cn=John_Smith,ou=New,dc=nwtraders,dc=test" -samid SmithJo -upn SmithJo@nwtraders.test -fn John -ln Smith -display John_Smith -pwd skyhawk -hmdir \SchoolTest\New\SmithJo\home\ -hmdrv h: -mustchpwd yes
dsmod group "cn=NewGRP, ou=Groups, dc=nwtraders, dc=test" -addmbr "cn=John_Smith,ou=New,dc=nwtraders,dc=test"
mkdir c:\shares\New\SmithJo\home
mkdir c:\shares\New\SmithJo\Tograde
CACLS c:\shares\New\SmithJo /g "nwtraders\Domain Admins":F
Y
CACLS c:\shares\New\SmithJo /e /g "nwtraders\SmithJo":C
CACLS c:\shares\New\SmithJo /e /r "nwtraders\NewGRP"

dsadd user "cn=Bob_Smith,ou=New,dc=nwtraders,dc=test" -samid SmithBo -upn SmithBo@nwtraders.test -fn Bob -ln Smith -display Bob_Smith -pwd skyhawk -hmdir \SchoolTest\New\SmithBo\home\ -hmdrv h: -mustchpwd yes
dsmod group "cn=NewGRP, ou=Groups, dc=nwtraders, dc=test" -addmbr "cn=Bob_Smith,ou=New,dc=nwtraders,dc=test"
mkdir c:\shares\New\SmithBo\home
mkdir c:\shares\New\SmithBo\Tograde
CACLS c:\shares\New\SmithBo /g "nwtraders\Domain Admins":F
Y
CACLS c:\shares\New\SmithBo /e /g "nwtraders\SmithBo":C
CACLS c:\shares\New\SmithBo /e /r "nwtraders\NewGRP"

dsadd user "cn=Jack_Johnson,ou=New,dc=nwtraders,dc=test" -samid JohnsonJa -upn JohnsonJa@nwtraders.test -fn Jack -ln Johnson -display Jack_Johnson -pwd skyhawk -hmdir \SchoolTest\New\JohnsonJa\home\ -hmdrv h: -mustchpwd yes
dsmod group "cn=NewGRP, ou=Groups, dc=nwtraders, dc=test" -addmbr "cn=Jack_Johnson,ou=New,dc=nwtraders,dc=test"
mkdir c:\shares\New\JohnsonJa\home
mkdir c:\shares\New\JohnsonJa\Tograde
CACLS c:\shares\New\JohnsonJa /g "nwtraders\Domain Admins":F
Y
CACLS c:\shares\New\JohnsonJa /e /g "nwtraders\JohnsonJa":C
CACLS c:\shares\New\JohnsonJa /e /r "nwtraders\NewGRP"
That is generated from a program that just takes in the names of the users runs it through a loop then displays it. After the OU and Group is created is where I want to have the GPO created and configured. I can set this up right now to where you paste it into a command prompt or you can save it as a batch file and then it will be. I'm going to make it to where it's a regular GUI because the people that will be using this wont be the smartest bunch, Administrative assistants.
PhilBon is offline   Reply With Quote
Old Aug 26th, 2006, 1:51 PM   #4
Dameon
Troll
 
Dameon's Avatar
 
Join Date: Apr 2005
Location: Texas
Posts: 732
Rep Power: 4 Dameon is on a distinguished road
And that changes what now?

You still have 3 OUs and 3 distinctly different GPOs that are used for all of the 150 users now and even those in the future.

Creating user accounts and making directories for them is repetitive, so you automate it. Organizing and configuring your directory is not.
__________________
MD5(sig) = bcef75433db02e9ad9bf81d6f7c5c270
Dameon is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread in Forum | Next Thread in Forum »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help on a Group Policy Editor Program Surrexi Project Ideas 3 Apr 18th, 2005 10:30 PM


Contact Us - DaniWeb IT Discussion Community - Privacy Statement - Top


DaniWeb IT Discussion Community
All times are GMT -5. The time now is 10:20 PM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC