Perl + Active Directory

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I'm not sure this is as much a perl question as it is an Active Directory question, but I cannot find any documentation or examples in perl to deal with this.

I have a script that adds users to a Microsoft Active Directory, and places the users in an OU. I open the active directory with the following line:

my $path = "LDAP://OU=Public Workstations,DC=domain1,DC=domain2,DC=dom
+ain3";
my $ADS  = Win32::OLE->GetObject($path)
[download]

My problem is, this adds the user to the standard "Domain Users" group. I need to add them to the "Domain Guests" group instead.

I've found some visual basic scripts that go about opening a second object for the group that the user needs to be in, but I can not find the perl documentation for the object calls they are performing.

Also, the solution needs to only use base perl modules.

Thanks.

Comment on Perl + Active Directory Download Code

Replies are listed 'Best First'.
Re: Perl + Active Directory by Mr. Muskrat (Canon) on Jun 25, 2003 at 15:08 UTC
Check out Building a Bridge to the Active Directory and the Roth Consulting Perl page. Added: Net::LDAP might also be of assistance.	[reply]
Re: Re: Perl + Active Directory by Anonymous Monk on Jun 25, 2003 at 16:05 UTC
I've seen these reasources before. They only seem to deal with OUs and not Windows Groups. logically, "Domain Guests" should be along the lines of: LDAP://OU=Users,OU=Domain Guests,DC=mydomain,DC=com Windows returns that it is not a valid object. But that does not really make sense anyway, since the OU I want them in is "Public Workstations", which they are being added to as expected, and not the OU "Domain Guests". I thought the information in this node might do what I want, but, again, it can't find "OU=Domain Guests" or "OU=Users,OU=Domain Guests" as a valid object. http://www.perlmonks.com/index.pl?node_id=239874 as a side note, the group they are entered into by default "Domain Users" can not be found via the methods I used to find "Domain Guests" either.	[reply]
Re: Re: Re: Perl + Active Directory by Mr. Muskrat (Canon) on Jun 25, 2003 at 16:26 UTC
It's a shot in the dark but it may work: `"LDAP://CN=Public Workstations,OU=Domain Guests,DC=domain1,DC=domain2,DC=domain3"`	[reply] [d/l]
Re: Perl + Active Directory by Anonymous Monk on Jun 25, 2003 at 17:25 UTC
Okay, I figured it out. The trick was that you can't access it via "ldap://" it has to be accessed via "WinNT://Domain/group_name,group". where "Domain" is the domain your AD is serving and "group_name" is the name of the group you want. In this case, it is "Domain Guests" to add and "Domain Users" to delete. Once that is opened, you can use the normal ADSI commands to add the user to it.	[reply]
Re: Re: Perl + Active Directory by Mr. Muskrat (Canon) on Jun 25, 2003 at 17:34 UTC
Thank you for posting the solution! :)	[reply]