Via this thread:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ea39e821-50ba-494e-b608-df879a0e28ca
And this blog post:
http://portal.sivarajan.com/2011/03/updating-group-membership-dynamically.html
I'm trying to follow Santosh's examples as well, to put users into a group for Wireless VLAN access (I am using the "employeeType" attribute with your example script to put my users into the correct groups) - when I run the "dsget group" piped to "dsmod group" commands:
dsget group "CN=Administration,OU=Wireless Groups,DC=subdomain,DC=mydomain,DC=foo" -members | dsmod group "CN=Administration,OU=Wireless Groups,DC=admin,DC=saintannsny,DC=org" –rmmbr
I get:
dsmod failed:You must specify at least one attribute to be modified. type dsmod /? for help.
Then when I try "dsquery" piped to "dsmod group"
dsquery * -Filter "(employeeType=Administration)" | dsmod group "CN=Administration,OU=Wireless Groups,DC=subdomain,DC=mydomain,DC=foo" -addmbr
I get"
The specified account name is already a member of the group. type dsmod /? for help.
I used the "dsquery *-filter" successfully once to put my group of users into that actual AD Group, but now I can't seem to modify things using these commands.
Do you have any suggestions here? Do I need to specify which members I'm trying to get the "-rmmbr" flag to remove? Shouldn't the pipe-to 'dsget group' be doing that for me?
Thanks very much
BCC