Kelvin wrote:
> I've been playing with a logon script and have a need different need to
> check so was playing with this code.
>
> The script seems to check this Default loccation:
> domain.local\Users
>
> But not where I've been storing the Groups I've created
> domain.local\City\Groups
>
> Do I need to move my Groups to the default location or can I have it also
> check the location I've created?
>
> Maybe there's a much better way to do this all together...
>
> Any input would be appreciated
>
> Kelvin
>
> This is the code I was using to check Group membership:
> ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++
> Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj,
> Path
>
> Set WSHShell = CreateObject("WScript.Shell")
> Set WSHNetwork = CreateObject("WScript.Network")
> ' Automatically grab the user's domain name
> DomainString = Wshnetwork.UserDomain
>
> '----------------------------8<----------------------------
> ' Find the Windows Directory
> WinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")
> Call MsgBox("WinDir is " & WinDir)
>
> '----------------------------8<----------------------------
> ' Grab the user name
> UserString = WSHNetwork.UserName
> Call MsgBox("Users name is " & UserString)
>
> '----------------------------8<----------------------------
> ' Grab the computer name for use in add-on code later
> strComputer = WSHNetwork.ComputerName
> Call MsgBox("Computer name is " & strComputer)
>
> '----------------------------8<----------------------------
> ' Bind to the user object to get user name and check for group memberships
> later
> Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
>
> '----------------------------8<----------------------------
> 'Check naming convention for mapping of the P: drive
>
> '----------------------------8<----------------------------
> 'Now check for group memberships and map appropriate drives
> 'Note that this checks Global Groups and not domain local groups.
> For Each GroupObj In UserObj.Groups
> 'Force upper case comparison of the group names, otherwise this is case
> sensitive.
> Select Case UCase(GroupObj.Name)
> 'Check for group memberships and take needed action
> 'In this example below, ADMIN and WORKERB are groups.
> 'Note the use of all upper case letters as mentioned above.
> 'Note also that the groups must be Global Groups.
>
> Case "LEASINGSTAFF"
> Call MsgBox("Member of LEASINGSTAFF " & GroupObj.Name)
>
> Case "ADMINISTRATION"
> Call MsgBox("Member of ADMINISTRATION " & GroupObj.Name)
>
> Case "PARTSSTAFF"
> Call MsgBox("Member of PARTSSTAFF " & GroupObj.Name)
>
> Case "SALES"
> Call MsgBox("Member of SALES " & GroupObj.Name)
>
> Case "SERVICE"
> Call MsgBox("Member of SERVICE " & GroupObj.Name)
>
> Case "BUSINESSOFFICESTAFF"
> Call MsgBox("Member of BUSINESSOFFICESTAFF " & GroupObj.Name)
>
> Case "DOMAIN USERS"
> Call MsgBox("Member of DOMAIN USERS " & GroupObj.Name)
>
> Case "DOMAIN ADMINS"
> Call MsgBox("Member of DOMAIN ADMINS " & GroupObj.Name)
>
> End Select
>
> Next
There are better ways, but after a quick glance at your script I think it
should work. There should be no need to move your groups.
You are using the WinNT provider, which is slower and reveals fewer
attributes. It sees Active Directory as a flat namespace. It is blind to
OU's, but still sees all user, group, and computer objects no matter where
they are in AD, as long as you use "pre-Windows 2000" names. The wshNetwork
object retrieves "pre-Windows 2000" names.
I would test your script, not as a logon script, but at a command prompt
after logon. I would have the script echo all groups the user is a member
of. For example, a test script could be:
=============
Set WSHShell = CreateObject("WScript.Shell")
DomainString = Wshnetwork.UserDomain
UserString = WSHNetwork.UserName
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
Wscript.Echo "Current user: " & UserObj.Name
Wscript.Echo "User belongs to groups"
For Each GroupObj In UserObj.Groups
Wscript.Echo GroupObj.Name
Next
=========
The only conditions I can think of where this could fail in a logon script,
is if the client OS is older than Windows 2000. If your script runs after
logon, but seems to fail as a logon script, then perhaps you OS is Windows
95/98. Reply if this is the case, as there is a workaround.
--
Richard Mueller
MVP Directory Services
Hilltop Lab -
http://www.rlmueller.net
--
Similar Threads
Linear Mode
