Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Must I move the AD Groups I've created to the Default location so my script can see them, or is ther
Must I move the AD Groups I've created to the Default location so my script can see them, or is ther [message #160220] Thu, 20 August 2009 10:25 Go to next message
Kelvin  is currently offline Kelvin  United States
Messages: 109
Registered: July 2009
Senior Member
I've been playing with a logon script and have a need different need to
check so was playing with this code.

The script seems to check this Default loccation:
domain.local\Users

But not where I've been storing the Groups I've created
domain.local\City\Groups

Do I need to move my Groups to the default location or can I have it also
check the location I've created?

Maybe there's a much better way to do this all together...

Any input would be appreciated

Kelvin

This is the code I was using to check Group membership:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++
Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path

Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
' Automatically grab the user's domain name
DomainString = Wshnetwork.UserDomain

'----------------------------8<----------------------------
' Find the Windows Directory
WinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")
Call MsgBox("WinDir is " & WinDir)

'----------------------------8<----------------------------
' Grab the user name
UserString = WSHNetwork.UserName
Call MsgBox("Users name is " & UserString)

'----------------------------8<----------------------------
' Grab the computer name for use in add-on code later
strComputer = WSHNetwork.ComputerName
Call MsgBox("Computer name is " & strComputer)

'----------------------------8<----------------------------
' Bind to the user object to get user name and check for group memberships
later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

'----------------------------8<----------------------------
'Check naming convention for mapping of the P: drive

'----------------------------8<----------------------------
'Now check for group memberships and map appropriate drives
'Note that this checks Global Groups and not domain local groups.
For Each GroupObj In UserObj.Groups
'Force upper case comparison of the group names, otherwise this is case
sensitive.
Select Case UCase(GroupObj.Name)
'Check for group memberships and take needed action
'In this example below, ADMIN and WORKERB are groups.
'Note the use of all upper case letters as mentioned above.
'Note also that the groups must be Global Groups.

Case "LEASINGSTAFF"
Call MsgBox("Member of LEASINGSTAFF " & GroupObj.Name)

Case "ADMINISTRATION"
Call MsgBox("Member of ADMINISTRATION " & GroupObj.Name)

Case "PARTSSTAFF"
Call MsgBox("Member of PARTSSTAFF " & GroupObj.Name)

Case "SALES"
Call MsgBox("Member of SALES " & GroupObj.Name)

Case "SERVICE"
Call MsgBox("Member of SERVICE " & GroupObj.Name)

Case "BUSINESSOFFICESTAFF"
Call MsgBox("Member of BUSINESSOFFICESTAFF " & GroupObj.Name)

Case "DOMAIN USERS"
Call MsgBox("Member of DOMAIN USERS " & GroupObj.Name)

Case "DOMAIN ADMINS"
Call MsgBox("Member of DOMAIN ADMINS " & GroupObj.Name)

End Select

Next
Re: Must I move the AD Groups I've created to the Default location so my script can see them, or is [message #160221 is a reply to message #160220] Thu, 20 August 2009 11:24 Go to previous message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
Kelvin wrote:

> I've been playing with a logon script and have a need different need to
> check so was playing with this code.
>
> The script seems to check this Default loccation:
> domain.local\Users
>
> But not where I've been storing the Groups I've created
> domain.local\City\Groups
>
> Do I need to move my Groups to the default location or can I have it also
> check the location I've created?
>
> Maybe there's a much better way to do this all together...
>
> Any input would be appreciated
>
> Kelvin
>
> This is the code I was using to check Group membership:
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++
> Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj,
> Path
>
> Set WSHShell = CreateObject("WScript.Shell")
> Set WSHNetwork = CreateObject("WScript.Network")
> ' Automatically grab the user's domain name
> DomainString = Wshnetwork.UserDomain
>
> '----------------------------8<----------------------------
> ' Find the Windows Directory
> WinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")
> Call MsgBox("WinDir is " & WinDir)
>
> '----------------------------8<----------------------------
> ' Grab the user name
> UserString = WSHNetwork.UserName
> Call MsgBox("Users name is " & UserString)
>
> '----------------------------8<----------------------------
> ' Grab the computer name for use in add-on code later
> strComputer = WSHNetwork.ComputerName
> Call MsgBox("Computer name is " & strComputer)
>
> '----------------------------8<----------------------------
> ' Bind to the user object to get user name and check for group memberships
> later
> Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
>
> '----------------------------8<----------------------------
> 'Check naming convention for mapping of the P: drive
>
> '----------------------------8<----------------------------
> 'Now check for group memberships and map appropriate drives
> 'Note that this checks Global Groups and not domain local groups.
> For Each GroupObj In UserObj.Groups
> 'Force upper case comparison of the group names, otherwise this is case
> sensitive.
> Select Case UCase(GroupObj.Name)
> 'Check for group memberships and take needed action
> 'In this example below, ADMIN and WORKERB are groups.
> 'Note the use of all upper case letters as mentioned above.
> 'Note also that the groups must be Global Groups.
>
> Case "LEASINGSTAFF"
> Call MsgBox("Member of LEASINGSTAFF " & GroupObj.Name)
>
> Case "ADMINISTRATION"
> Call MsgBox("Member of ADMINISTRATION " & GroupObj.Name)
>
> Case "PARTSSTAFF"
> Call MsgBox("Member of PARTSSTAFF " & GroupObj.Name)
>
> Case "SALES"
> Call MsgBox("Member of SALES " & GroupObj.Name)
>
> Case "SERVICE"
> Call MsgBox("Member of SERVICE " & GroupObj.Name)
>
> Case "BUSINESSOFFICESTAFF"
> Call MsgBox("Member of BUSINESSOFFICESTAFF " & GroupObj.Name)
>
> Case "DOMAIN USERS"
> Call MsgBox("Member of DOMAIN USERS " & GroupObj.Name)
>
> Case "DOMAIN ADMINS"
> Call MsgBox("Member of DOMAIN ADMINS " & GroupObj.Name)
>
> End Select
>
> Next

There are better ways, but after a quick glance at your script I think it
should work. There should be no need to move your groups.

You are using the WinNT provider, which is slower and reveals fewer
attributes. It sees Active Directory as a flat namespace. It is blind to
OU's, but still sees all user, group, and computer objects no matter where
they are in AD, as long as you use "pre-Windows 2000" names. The wshNetwork
object retrieves "pre-Windows 2000" names.

I would test your script, not as a logon script, but at a command prompt
after logon. I would have the script echo all groups the user is a member
of. For example, a test script could be:
=============
Set WSHShell = CreateObject("WScript.Shell")
DomainString = Wshnetwork.UserDomain
UserString = WSHNetwork.UserName

Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
Wscript.Echo "Current user: " & UserObj.Name

Wscript.Echo "User belongs to groups"
For Each GroupObj In UserObj.Groups
Wscript.Echo GroupObj.Name
Next
=========
The only conditions I can think of where this could fail in a logon script,
is if the client OS is older than Windows 2000. If your script runs after
logon, but seems to fail as a logon script, then perhaps you OS is Windows
95/98. Reply if this is the case, as there is a workaround.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Previous Topic:ADMT Problem Migrating Workstations
Next Topic:userWorkstations Attribute
Goto Forum:
  


Current Time: Thu Jan 18 20:45:11 MST 2018

Total time taken to generate the page: 0.02404 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software