我需要帮助来弄清楚如何在以vbscripting语言编码的API脚本中添加其他OU。我看到" syncGroupOU"的变量。添加其他内容,例如" syncGroupOU2"等,但不知道如何将其添加到LDAP路径的行中。 因此,如果我需要从名为" tvusers"的组中获取所有用户在名为" myusers"的OU中,但是它通过另外两个OU嵌套,那么我怎么能修改它呢? 完整的LDAP路径为:myusers,OUnest2,OUnest1
请参阅以下脚本:
' API access token
Dim accessToken
accessToken= "XX-XXXXXXXXXXXXXXXXXXXX" '<-- your access token, can be left empty when OAuth (below) is configured.
' OAuth: API client id & authorizationCode
Dim clientId, authorizationCode
' if all variables are set here, OAuth will be used to request an access token
clientId = "" '<-- Create an app in your TeamViewer Management Console and insert the client ID here.
clientSecret = "" '<-- Insert your client secret here.
authorizationCode = "" '<-- Visit https://webapi.teamviewer.com/api/v1/oauth2/authorize?response_type=code&client_id=YOURCLIENTIDHERE
' Login, grant the permissions (popup) and put the code shown in the authorizationCode variable here
' domain settings
Dim dn, dcIP, dcLdapPort, syncGroupCN, syncGroupOU, syncGroupOU2, syncGroupSearchFilter
dn = "dc=testad,dc=local" '<--domain components
' LDAP settings
dcIP = "127.0.0.1"
dcLdapPort = "389"
' user group to sync with
syncGroupCN = "tvuser" '<--groupName
syncGroupOU = "myUsers" '<--ou
' new user defaults
Dim defaultUserLanguage, defaultUserPassword, defaultUserPermissions
defaultUserLanguage = "en"
defaultUserPassword = "myInitalPassword!"
defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"
' deactivate company users not found in the configured AD group
Dim deactivateUnknownUsers, testRun
deactivateUnknownUsers = false
' testRun needs to be set to false for the script to perform actual changes
testRun = true
'#########
' includes
'#########
Sub Include(sInstFile)
Dim f, s, oFSO
Set oFSO = CreateObject("Scripting.FileSystemObject")
On Error Resume Next
If oFSO.FileExists(sInstFile) Then
Set f = oFSO.OpenTextFile(sInstFile)
s = f.ReadAll
f.Close
ExecuteGlobal s
End If
On Error Goto 0
Set f = Nothing
Set oFSO = Nothing
End Sub
Include("Common.vbs")
'###########
' Functions
'###########
' Get All the Members of an AD-Group as dictionary (email as key, dictionary as value)
Function GetADMembersOfOU()
WScript.Echo
WScript.Echo "Reading AD OU members"
Dim dictUsersAD
Set dictUsersAD = CreateObject("Scripting.Dictionary")
On Error Resume Next
'with ip:port (on any machine)
Set objGroup = GetObject("LDAP://" & dcIP & ":" & dcLdapPort & "/cn=" & syncGroupCN & ",ou=" & syncGroupOU & ",ou=" & syncGroupOU2 & "," & dn )
'without ip:port (on AD-Client)
'Set objGroup = GetObject("LDAP://" & "cn=" & syncGroupCN & ",ou=" & syncGroupOU & "," & dn )
For Each objADUser In objGroup.Members
if objADUser.AccountDisabled = False Then
Set usr = CreateObject("Scripting.Dictionary")
usr.Add "email", objADUser.Mail
usr.Add "name", objADUser.GivenName & " " & objADUser.Lastname
If Len(usr("email")) > 0 AND Len(usr("name")) > 0 Then
dictUsersAD.Add usr("email"), usr
答案 0 :(得分:0)
更改此行:
Set objGroup = GetObject("LDAP://" & dcIP & ":" & dcLdapPort & "/cn=" & syncGroupCN & ",ou=" & syncGroupOU & ",ou=" & syncGroupOU2 & "," & dn )
到
Set objGroup = GetObject("LDAP://cn=" & syncGroupCN & ",ou=" & syncGroupOU2 & ",ou=" & syncGroupOU & "," & dn)
所以你应该传递这个DistinguishedName:
LDAP://cn=tvusers,ou=OUnest1,ou=OUnest2,ou=myusers,dc=testad,dc=local
你错误地传递了这个DistinguishedName:
LDAP://cn=tvusers,ou=myusers,ou=OUnest2,ou=OUnest1,dc=testad,dc=local
为了清楚起见,对象的构建是:
组 - &gt; firstparent - &gt; secondparent - &gt; thirdparent - &gt;域
你有:
组 - &gt; thirdparent - &gt; secondparent - &gt; firstparent - &gt;域
这很棘手,因为Active Directory用户和计算机中的文件夹结构就是这样的,但LDAP结构就是我在上面发布的内容。
答案 1 :(得分:0)
您只需为嵌套组添加ou路径即可。有了这个,你可以把它嵌套到无限......
syncGroupOU = "Teamviewer,ou=Parent,ou=moreparent,ou=muchmoreparent"
但是如果你没有成员,那么整个事情就不起作用了。
会更有趣。
答案 2 :(得分:-1)
所以这很有用
' domain settings
Dim dn, dcIP, dcLdapPort, syncGroupCN, syncGroupOU, syncGroupSearchFilter
dn = "dc=tv,dc=support" '<--domain components
' LDAP settings
dcIP = "127.0.0.1"
dcLdapPort = "389"
' user group to sync with
syncGroupCN = "tvusers" '<--groupName
syncGroupOU = "OU1" '<--First parent ou
syncGroupOU2 = "OU2" '<--Second parent ou
' new user defaults
Dim defaultUserLanguage, defaultUserPassword, defaultUserPermissions
defaultUserLanguage = "en"
defaultUserPassword = "myInitalPassword!"
defaultUserPermissions = "ShareOwnGroups,EditConnections,EditFullProfile,ViewOwnConnections"
' deactivate company users not found in the configured AD group
Dim deactivateUnknownUsers, testRun
deactivateUnknownUsers = false
' testRun needs to be set to false for the script to perform actual changes
testRun = false
'#########
' includes
'#########
Sub Include(sInstFile)
Dim f, s, oFSO
Set oFSO = CreateObject("Scripting.FileSystemObject")
On Error Resume Next
If oFSO.FileExists(sInstFile) Then
Set f = oFSO.OpenTextFile(sInstFile)
s = f.ReadAll
f.Close
ExecuteGlobal s
End If
On Error Goto 0
Set f = Nothing
Set oFSO = Nothing
End Sub
Include("Common.vbs")
'###########
' Functions
'###########
' Get All the Members of an AD-Group as dictionary (email as key, dictionary as value)
Function GetADMembersOfOU()
WScript.Echo
WScript.Echo "Reading AD OU members"
Dim dictUsersAD
Set dictUsersAD = CreateObject("Scripting.Dictionary")
On Error Resume Next
'with ip:port (on any machine)
'Set objGroup = GetObject("LDAP://" & dcIP & ":" & dcLdapPort & "/cn=" & syncGroupCN & ",ou=" & syncGroupOU & "," & dn )
Set objGroup = GetObject("LDAP://cn=" & syncGroupCN & ",ou=" & syncGroupOU2 & ",ou=" & syncGroupOU & "," & dn)
'without ip:port (on AD-Client)
'Set objGroup = GetObject("LDAP://" & "cn=" & syncGroupCN & ",ou=" & syncGroupOU & "," & dn )