|
|
Post by benlee on Nov 5, 2014 0:22:25 GMT
I am currently trying to automate a tedious task and I was wondering if anyone can help me with this.
So I have several OU's (that represent servers) that have groups in them (that represent certain privileges for each server).
Example: I have an OU named Server1 that contains a group called Server1.SysAdmin. I have about 250 of these. I want to add a user/group to each of the Server (Server1 - Server250 and in each have the user/group in the ServerX.Sysadmin group)
Is there any way to automate this task?
|
|
|
|
Post by Chris128 on Nov 5, 2014 0:25:23 GMT
When you say you want to “add a user/group to each of the servers”, can you just confirm exactly what you mean? Do you mean create a new domain user (i.e. a user account stored in Active Directory) for each server and then add each of these new users to the SysAdmins group for each server? Or do you mean you want to create a local user account on each server? Or do you already have a user in AD that you want to add to each of these SysAdmin groups? Perhaps you could explain exactly why you want to do this and it would give a better idea of your environment. Maybe post a step by step list of what you want the script/program to do
|
|
|
|
Post by benlee on Nov 5, 2014 17:26:26 GMT
I have about 250 folders in my Active Directory. Each folder is for every single server I have running MSSQL. For every server (folder), I have created a unique group (a sys. admin group) which I add users to if I wish to give them read/write access to my databases.
So you can understand it would be very painful if I wanted to gave someone dbo access to multiple servers. If a new user came and requested to let's say have access to 150 of the 250 servers I have, or even all of them, I want to know if there's a way to add them to any folder and in them any group.
Let me know if this still isn't clear. I can use screen shots.
|
|
|
|
Post by Chris128 on Nov 6, 2014 1:29:00 GMT
Ah ok, so you would already have the user account in AD then. Are each of the groups named the exact same thing but just with a different number at the end or do they have different names? It would be easy enough to make a script that loops through the number 1 - 250 and just looks for a group named SysAdminX (where X goes up by one each time we go through the loop) and adds the user to each group, but if the groups all have unique names then you would have to type each of the group names in to the script (or a CSV file or something that it then reads from). This wouldn't be too bad if every time you ran the script you wanted to add a user to all 250 groups but if you're saying sometimes you might want to add them to just some of those groups, not all of them, then you'd have to edit the script or CSV file every time to specify which groups you want to add them to. I can't see that being much faster than just manually adding the user to each group through AD Users & Computers
|
|
