Re: Login Script Help

"RemyMaza" <> wrote in message
news:5a0f19e3-b99d-46eb-9a1c-...
> I've gotten pretty far here with this login script but I'm hitting a
> problem with a certain function that I'm using. It returns a True no
> matter what Group Name I put.
>
>
>
>
>
> Option Explicit
>
> 'Dims for objects
> Dim objFSO, objShell, objNetwork, objUser, objSysInfo, objVoice
> 'Dim for ADSysinfo
> Dim strUserDN, strDomain, strUser
> 'Dims for Time Eval
> Dim strMorning, strAfternoon, strEvening, MyTime
> 'Dims for Name Eval
> Dim strFirst, strLast
> 'Dims for build summary message
> Dim strWelcomMsg, strMsg
>
> set objFSO=CreateObject("Scripting.FileSystemObject")
> set objShell=CreateObject("Wscript.Shell")
> set objNetwork=CreateObject("Wscript.Network")
> Set objSysInfo = CreateObject("ADSystemInfo")
>
> 'Gets User's AD profile
> strUserDN = objSysInfo.UserName
> Set objUser = GetObject("LDAP://" & strUserDN)
>
> strFirst = objUser.givenName
> strLast = objUser.sn
>
> 'Determines Group Memberships
> If IsAMemberOf(objNetwork.UserDomain,objNetwork.UserN ame,"Test") Then
> Wscript.Echo objNetwork.Username
>
> If IsAMemberOf(objNetwork.UserDomain,objNetwork.UserN ame,"Domain
> Users") Then Wscript.Echo "Domain Users"
>
> If IsAMemberOf(objNetwork.UserDomain,objNetwork.UserN ame,"CANNOTBE!Q")
> = True Then Wscript.Echo "Test Group"
>
>
> Function IsAMemberOf(strDomain,strUser,strGroup)
> On Error Resume Next
> Set objUser=GetObject("WinNT://" & strDomain & "/" & strUser &
> ",user")
> Set objGrp=GetObject("WinNT://" & strDomain & "/" & strGroup &
> ",group")
>
> If objGrp.IsMember(objUser.ADsPath) Then
> IsAMemberOf=True
> Else
> IsAMemberOf=False
> End If
>
> End Function
>
>
> Not sure where I went wrong.

Main problem is "On Error Resume Next" in the function. Next, you must Dim
objGrp and objUser in the function, and finally if a group does not exist,
"Set objGrp" fails, but so also does "objGroup.IsMember" and the function
seems to return True in all cases. I would Suggest:
========
Function IsAMemberOf(strDomain, strUser, strGroup)
Dim objUser, objGrp
Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser &
",user")
On Error Resume Next
Set objGrp = GetObject("WinNT://" & strDomain & "/" & strGroup &
",group")
If (Err.Number <> 0) Then
On Error GoTo 0
IsAMemberOf = False
Else
On Error GoTo 0
If objGrp.IsMember(objUser.AdsPath) Then
IsAMemberOf = True
Else
IsAMemberOf = False
End If
End If
End Function

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Since you already use the ADSystemInfo object and bind to the current user
with the LDAP provider, I would suggest using that to check group membership
as well. It should be more efficient. The only factor is that you must
specify the DN of the groups, not the NetBIOS names. For example:
===========
Set objSysInfo = CreateObject("ADSystemInfo")

strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)

' Check membership in group "Test".
Set objGroup = GetObject("LDAP://cn=Test,ou=West,dc=MyDomain,dc=com")
If (objGroup.IsMember(objUser.AdsPath) = True) Then
' User is a member of the group.
Else
' User is NOT a member of the group.
End If
=========
If you must use group NetBIOS names, I would suggest using the NameTranslate
object to convert the NetBIOS name to the DN of the group. Even though this
would look like a lot more code, it would still be more efficient (faster)
than using the WinNT provider (although speed is seldom a facter for just a
few membership tests). The function could be similar to (not tested):
=========
Option Explicit
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim objSysInfo, strUserDN, objUser

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1



' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)


' Bind to local user.
Set objSysInfo = CreateObject("ADSystemInfo")

strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)

' Test membership in group "Test".
' Pass the NetBIOS name of the group to the function.
If (IsAMemberOf(objUser, "Test") = True) Then
' User is a member.
Else
' User is NOT a member.
End If

Function IsAMemberOf(objUser, strGroup)
' The following must have global scope (declared
' in the main program:
' objTrans, ADS_NAME_TYPE_NT4, ADS_NAME_TYPE_1779

Dim strGroupDN, objGroup

' Specify NT format of group name.
' Trap error if group not found.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strGroup
If (Err.Number <> 0) Then
On Error GoTo 0
IsAMemberOf = False
Exit Function
End If
On Error GoTo 0
' Retrieve group DN.
strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to the group object.
Set objGroup = GetObject("LDAP://" & strGroupDN)
' Check membership.
IsAMemberOf = objGroup.IsMember(AdsPath)
End Function

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--