Scripted Approach to Maintaining Groups
Novell Cool Solutions: Feature
By Charles Hucks
Digg This -
Posted: 31 Aug 2005
Network Administrators in school districts often face the challenge of dealing with changes in student enrollment at a dizzying pace. For this reason, eDirectory is often not utilized to its fullest potential, because maintaining thousands of student groups manually is almost impossible. There are commercial products such as Identity Manager that can automate this process, but for those who can't afford such a solution, this approach can be helpful.
Using a combination of a somewhat simple script and the Novell ActiveX controls, the creation and continual maintenance of eDirectory groups can become a transparent process. This script is not meant to be used as is, but it's provided as an example of what can be accomplished with a little effort.
The script (UpdateGroups.vbs) accepts three arguments: School Code, School Context, and School Beds. The GetArguments function stores these as argSch, argCon, and argBeds. Calling the script for a school whose initials are bh, the eDirectory context is bh.hs.richland2, and beds code 092 (school code in sasixp) is as follows:
Cscript //NoLogo UpdateGroups.vbs bh bh.hs.richland2 092
After loading the parameters, the script begins reading data from the SQL server. The GetSections function populates the rsSections recordset with the fields necessary to create (or remove) the groups in eDirectory. In our district, the student usernames are created using the right 8 digits of the student ID in the student management system. We elected to use a groupname in the following format:
By including the class ID from the student management system, we are guaranteed not to have duplicates. The FixGroupName in the Select statement is a user- defined function in the SQL server that basically just removes all invalid characters from the CourseName (,./\?|+-, etc.) as well as replacing all spaces with underscores.
Once the script has been fully tested, it can be set up as a scheduled task to run periodically. Combined with a product like File System Factory, you can have storage setup for each class as well.
Once the sections have been read from the student management system, the GetGroups function is called to read all of the existing groups from eDirectory and store them in another recordset (rsGroups). The NwUsrGrp activeX control is used here.
The next function, RemoveOldGroups, loops through the rsGroups recordset and deletes any groups from edirectory that do not have a matching record in the rsSections recordset.
A similar function, CreateNewGroups, performs the same operation in reverse to create any new groups that exist in rsSections but not rsGroups.
Once the groups themselves have been updated, the group owner attribute is updated using the CheckGroupOwnership function. The groups are checked one at a time, and if the owner attribute does not match the teacherID in the rsSections recordset for that group, it is updated.
The meat of the script is found in the CheckGroupMembers function. For each group in eDirectory, the function first checks for members that are no longer in the class. These members are added to the recordset rsDel. The next step is to get a list of all the new students to the class and add them to the recordset rsAdd. Finally, each of these recordsets is processed to update the group objects themselves.
Although I'm sure some hard-core programmers would be able to do this much more efficiently, this process works very well in our environment.
Sample Script and Controls
An example script can be found at:
This example was created against a central student management system (SasiXP) with all data in a single SQL database. Each school has a Staff container and a Student container with a Group container in each.
Here is an example group:
District High School Staff StaffUser1 Students StudentUser1 StudentUser2 Groups Group1 Group2
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com