6.15. Changing a User’s Primary Group

Problem

You want to change the primary group of a user.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Type the name of the user beside Name and click Find Now.

  5. In the Search Results, double-click on the user.

  6. Click the Member Of tab.

  7. Click on the name of the group you want to set as the primary group.

  8. Click the Set Primary Group button.

  9. Click OK.

Using VBScript

' This code first checks to see if the user's primary group is already
' set to the specified group.  If not it will a) add the user to the group
' if not already a member and b) set the primary group id to the group.
' ------ SCRIPT CONFIGURATION ------
strUserDN  = "<UserDN>"    ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
strGroupDN = "<GroupDN>" ' e.g. cn=SalesGroup,ou=Sales,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- Const ADS_PROPERTY_APPEND = 3 set objUser = GetObject("LDAP://" & strUserDN ) WScript.Echo set objGroup = GetObject("LDAP://" & strGroupDN ) objGroup.GetInfoEx Array("primaryGroupToken"), 0 if objGroup.Get("primaryGroupToken") = objUser.Get("primaryGroupID") then WScript.Echo "Primary group for user already set to " & strGroupDN WScript.Quit end if intAddMember = 1 for each strMemberDN in objUser.GetEx("memberOf") if LCase(strMemberDN) = LCase(strGroupDN) then intAddMember = 0 Exit for end if next if intAddMember > ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial