I had a need recently to add a user or group to an authorization manager role. During my search of the documentation it seems that they are quite light on decent examples. Here's my complete solution for anyone else needing to accomplish this task:
Option Explicit
If WScript.Arguments.Count <> 5 Then
WScript.Echo "Syntax: AddAzManRoleMember.vbs " & _
" "
WScript.Quit
End If
Dim authorizationStore
Set authorizationStore = CreateObject("AzRoles.AzAuthorizationStore")
authorizationStore.Initialize 0, "msxml://" + WScript.Arguments(0)
Dim application
Set application = authorizationStore.OpenApplication(WScript.Arguments(1))
Dim role
Set role = application.OpenRole(WScript.Arguments(2))
role.AddMember GetObjectSID(WScript.Arguments(3), WScript.Arguments(4)), 0
role.Submit 0, 0
Function GetObjectSID(domain, name)
Dim network
Set network = CreateObject("WScript.Network")
Dim wmiService
Set wmiService = GetObject("winmgmts://" & network.ComputerName & "/root/cimv2")
Dim resultSet
Set resultSet = wmiService.ExecQuery("SELECT * FROM Win32_UserAccount WHERE " & _
"Domain = '" & domain & "' AND Name = '" & name & "'")
If resultSet.Count = 0 Then
Set resultSet = wmiService.ExecQuery("SELECT * FROM Win32_Group WHERE " & _
"Domain = '" & domain & "' AND Name = '" & name & "'")
End If
' ItemIndex is not available until Vista timeframe; have to use For Each instead.
Dim item
For Each item in resultSet
GetObjectSID = item.SID
Exit Function
Next
GetObjectSID = ""
End Function