• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win2K AD: How do I change primary group for a user programmatically

A

ahsia

Golden Member
We have like 1500 users in active directory in our domain, and we need to change a majority of the users' primary from one group to another. We have someone doing this manually at this point, and this is taking way too long. Is there a way to change a user's primary group through a command, script, or batch file? I know this is probably not the best place to ask this, but looking for help anywhere. Thanks!
 
It really depends on the scope of the operation. Do you need to switch all 1500 users from one PGroup to another? This seems unlikely to me, but it's better if this is the case. If it isnt, the issue is complicated and will involve some degree of manual work.
What I would suggest to you is to first ensure all the groups you want created are created. At this point, you could use an LDAP query to search for all the groups in the domain and return their PrimaryGroupToken attribute. You should use the tool CSVDE at the command line to export the Active Directory to a CSV file, you can then open that file in Excel. Along the top row is a list of AD schema fields, and underneath are entries.

Look for the group objects in the CSV file, and note thier PrimaryGroupToken Field.

Now you want to look at all the user objects, and note thier PrimaryGroupID field. The PrimaryGroupID entry will match the PrimaryGroupToken entry, if said user is a member of said group. Simplified example. The accounting group's PrimaryGroupToken is A123. John's primary group is Accounting, hence his PrimaryGroupID is A123.

Anyhow.... the beauty of CSV files is that you can open them in Notepad, and the beauty of Notepad is that you can do mass "replace all instances of this string with this new string" type operations. Technically, you can expolit this and make the changes en`masse that way. After that is done, you can just import the CSV file back into AD.

Please test this first, ensure you backup the system state on a DC before commencing!

Also, as I stated earlier, if there are alot of different groups involved, it may well be easier to manually switch them all. At least it's technically easy to do (albiet time consuming)
 
Well, I did the export of the CSV file, and used Excel to open. There is nothing listed wnder the PrimaryGroupID column, all blank. I didn't see a PrimaryGroupToken field either.

Here's the senario: We have 1500 some users, with two groups. GROUP1 and GROUP2. We also have an agent on a website that allows people to submit requests to be added to this domain. This automatically puts these users in the Domain Users group, and by default, the Domain Users group becomes their primary group. These tedious task I have now is to move these guys to either GROUP1 or GROUP2, and make that their primary group. Doing this one by one can take days, so I am looking for the best way to accomplish this. Let me know what I can do.....
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top