Skip navigation
Menu
Compute Engines

JSI Tip 8995. DSMOD fails when you add members from one forest to a group in another forest?


Even though an appropriate trust relationship exists, DSMOD fails when you attempt to add members from one forest to a group in another forest.

This behavior occurs because DSMOD was NOT designed to support trust relationships between forests.

To workaround this behavior, I have scripted DSAddMbrs.bat to add members to a group. DSAddMbrs.bat supports trust relationships.

The syntax for using DSAddMbrs.bat is:

DSAddMbrs groupDN userDN1 \[UserDN2 ... UserDNn\]

Where:

groupDN   is the distinguished name of the group you wish to add members to.

userDN(i) is the distinguished name of a user that you wish to add to groupDN.
DSAddMbrs.bat contains: 
@echo off
if \{%2\}
\{\} @echo Syntax: DSAddMbrs groupDN userDN1 \[UserDN2 ... UserDNn\]&goto :EOF
setlocal
set groupDN=%1
if exist "%TEMP%\DSAddMbrs.VBS" goto loop
@echo Set objArgument = Wscript.Arguments>"%TEMP%\DSAddMbrs.VBS"
@echo groupDN = objArgument(0)>>"%TEMP%\DSAddMbrs.VBS"
@echo userDN = objArgument(1)>>"%TEMP%\DSAddMbrs.VBS"
@echo set oProv = GetObject("LDAP:")>>"%TEMP%\DSAddMbrs.VBS"
@echo set oGroup = oProv.OpenDSObject("LDAP://" ^& groupDN, vbnullstring, vbnullstring, 1)>>"%TEMP%\DSAddMbrs.VBS"
@echo set oUser = oProv.OpenDSobject("LDAP://" ^& userDN, vbnullstring, vbnullstring, 1)>>"%TEMP%\DSAddMbrs.VBS"
@echo oValue = oUser.Get("objectSid")>>"%TEMP%\DSAddMbrs.VBS"
@echo oString = OctetString2String(oValue)>>"%TEMP%\DSAddMbrs.VBS"
@echo oGroup.PutEx 3, "member", Array("")>>"%TEMP%\DSAddMbrs.VBS"
@echo oGroup.SetInfo>>"%TEMP%\DSAddMbrs.VBS"
@echo.>>"%TEMP%\DSAddMbrs.VBS"
@echo Function OctetString2String(byVal OctetStr)>>"%TEMP%\DSAddMbrs.VBS"
@echo dim value>>"%TEMP%\DSAddMbrs.VBS"
@echo dim g, lowByte, highByte>>"%TEMP%\DSAddMbrs.VBS"
@echo.     value = "">>"%TEMP%\DSAddMbrs.VBS"
@echo.     for g = lbound(OctetStr) to ubound(OctetStr)>>"%TEMP%\DSAddMbrs.VBS"
@echo.         highByte = ascb(midb(OctetStr,g+1,1))>>"%TEMP%\DSAddMbrs.VBS"
@echo.         lowByte = highByte mod 16>>"%TEMP%\DSAddMbrs.VBS"
@echo.         highByte = highByte \ 16>>"%TEMP%\DSAddMbrs.VBS"
@echo.         value = value ^& hex(highByte) ^& hex(lowByte)>>"%TEMP%\DSAddMbrs.VBS"
@echo     next>>"%TEMP%\DSAddMbrs.VBS"
@echo.     OctetString2String = value>>"%TEMP%\DSAddMbrs.VBS"
@echo End Function>>"%TEMP%\DSAddMbrs.VBS"
:loop
cscript //nologo "%TEMP%\DSAddMbrs.VBS" %groupDN% %2>"%TEMP%\DSAddMbrs.ERR" 2>&1
set err=
for /f "Tokens=2 Delims=(," %%e in ('type "%TEMP%\DSAddMbrs.ERR"') do (
 set err=%%e
)
del /q "%TEMP%\DSAddMbrs.ERR"
if "%err%" EQU "10" @echo DSAddMBRS - %2 is already a member of %groupDN%&goto next
if "%err%" EQU "5" @echo DSAddMBRS - Group %groupDN% NOT found.&goto next
if "%err%" EQU "6" @echo DSAddMBRS - User %2 NOT found.
:next
shift
if not \{%2\}
\{\} goto loop
endlocal



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023