Must I move the AD Groups I've created to the Default location so my script can see them, or is ther

Discussion in 'Scripting' started by Kelvin, Aug 20, 2009.

  1. Kelvin

    Kelvin Guest

    I've been playing with a logon script and have a need different need to
    check so was playing with this code.

    The script seems to check this Default loccation:
    domain.local\Users

    But not where I've been storing the Groups I've created
    domain.local\City\Groups

    Do I need to move my Groups to the default location or can I have it also
    check the location I've created?

    Maybe there's a much better way to do this all together...

    Any input would be appreciated

    Kelvin

    This is the code I was using to check Group membership:
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path

    Set WSHShell = CreateObject("WScript.Shell")
    Set WSHNetwork = CreateObject("WScript.Network")
    ' Automatically grab the user's domain name
    DomainString = Wshnetwork.UserDomain

    '----------------------------8<----------------------------
    ' Find the Windows Directory
    WinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")
    Call MsgBox("WinDir is " & WinDir)

    '----------------------------8<----------------------------
    ' Grab the user name
    UserString = WSHNetwork.UserName
    Call MsgBox("Users name is " & UserString)

    '----------------------------8<----------------------------
    ' Grab the computer name for use in add-on code later
    strComputer = WSHNetwork.ComputerName
    Call MsgBox("Computer name is " & strComputer)

    '----------------------------8<----------------------------
    ' Bind to the user object to get user name and check for group memberships
    later
    Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

    '----------------------------8<----------------------------
    'Check naming convention for mapping of the P: drive

    '----------------------------8<----------------------------
    'Now check for group memberships and map appropriate drives
    'Note that this checks Global Groups and not domain local groups.
    For Each GroupObj In UserObj.Groups
    'Force upper case comparison of the group names, otherwise this is case
    sensitive.
    Select Case UCase(GroupObj.Name)
    'Check for group memberships and take needed action
    'In this example below, ADMIN and WORKERB are groups.
    'Note the use of all upper case letters as mentioned above.
    'Note also that the groups must be Global Groups.

    Case "LEASINGSTAFF"
    Call MsgBox("Member of LEASINGSTAFF " & GroupObj.Name)

    Case "ADMINISTRATION"
    Call MsgBox("Member of ADMINISTRATION " & GroupObj.Name)

    Case "PARTSSTAFF"
    Call MsgBox("Member of PARTSSTAFF " & GroupObj.Name)

    Case "SALES"
    Call MsgBox("Member of SALES " & GroupObj.Name)

    Case "SERVICE"
    Call MsgBox("Member of SERVICE " & GroupObj.Name)

    Case "BUSINESSOFFICESTAFF"
    Call MsgBox("Member of BUSINESSOFFICESTAFF " & GroupObj.Name)

    Case "DOMAIN USERS"
    Call MsgBox("Member of DOMAIN USERS " & GroupObj.Name)

    Case "DOMAIN ADMINS"
    Call MsgBox("Member of DOMAIN ADMINS " & GroupObj.Name)

    End Select

    Next
     
    Kelvin, Aug 20, 2009
    #1
    1. Advertisements

  2. There are better ways, but after a quick glance at your script I think it
    should work. There should be no need to move your groups.

    You are using the WinNT provider, which is slower and reveals fewer
    attributes. It sees Active Directory as a flat namespace. It is blind to
    OU's, but still sees all user, group, and computer objects no matter where
    they are in AD, as long as you use "pre-Windows 2000" names. The wshNetwork
    object retrieves "pre-Windows 2000" names.

    I would test your script, not as a logon script, but at a command prompt
    after logon. I would have the script echo all groups the user is a member
    of. For example, a test script could be:
    =============
    Set WSHShell = CreateObject("WScript.Shell")
    DomainString = Wshnetwork.UserDomain
    UserString = WSHNetwork.UserName

    Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
    Wscript.Echo "Current user: " & UserObj.Name

    Wscript.Echo "User belongs to groups"
    For Each GroupObj In UserObj.Groups
    Wscript.Echo GroupObj.Name
    Next
    =========
    The only conditions I can think of where this could fail in a logon script,
    is if the client OS is older than Windows 2000. If your script runs after
    logon, but seems to fail as a logon script, then perhaps you OS is Windows
    95/98. Reply if this is the case, as there is a workaround.
     
    Richard Mueller [MVP], Aug 20, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.