Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Windows Server General Help » Login scripts based on Organisational Units
Login scripts based on Organisational Units [message #164056] Sat, 13 June 2009 00:21 Go to next message
microsoft[1]  is currently offline microsoft[1]
Messages: 46
Registered: July 2009
Member
Hi

Could anyone assist with a login script that maps shares to drives based on
the organisational unit the user is assigned.

any assitance would be greatly appreciated.

thanks
Re: Login scripts based on Organisational Units [message #164059 is a reply to message #164056] Sat, 13 June 2009 04:30 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Microsoft,

On the OU create and link a GPO which contains logon script under the User
configuration part of the GPO.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi
>
> Could anyone assist with a login script that maps shares to drives
> based on the organisational unit the user is assigned.
>
> any assitance would be greatly appreciated.
>
> thanks
>
Re: Login scripts based on Organisational Units [message #164063 is a reply to message #164056] Sat, 13 June 2009 10:01 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"microsoft" <microsoft@discussions.microsoft.com> wrote in message
news:1E49AEEC-401E-427C-BF77-FB59C3E7ACB6@microsoft.com...
> Hi
>
> Could anyone assist with a login script that maps shares to drives based
> on
> the organisational unit the user is assigned.
>
> any assitance would be greatly appreciated.
>
> thanks


For the most part, creating a conditional script for users is usually based
on their group memberships. There are a number of ways to do that, but I am
not a scripter. To create a conditoon based on Organizational Unit (OU) is a
little more complicated and would require querying the user's DN value and
extracting the OU value out of the DN path. I actually haven't seen or heard
anyone doing it that way.

If you want to do it based on OU, simply place a script for those users in
the OU in a GPO on the OU, as Meinolf stated. Of course this means a custom
script for each OU and creating a GPO for each OU. Otherwise to create
if/then conditions based on OU, I would suggest posting to the scripting
groups.

For more specific info, please post to the scripting newsgroups, or you can
visit the following:

CWashington's Scipt Center (numerous sample scripts)
http://cwashington.netreach.net

Microsoft Script Center Script RepositoryThe Script Repository categorizes
the best sample scripts designed to run on Windows 2000, Windows XP, and
Windows Server 2003.
Active Directory - Operating System - Desktop Management - Printing
www.microsoft.com/technet/scriptcenter/scripts/default.mspx

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Re: Login scripts based on Organisational Units [message #164068 is a reply to message #164056] Sat, 13 June 2009 11:31 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"microsoft" <microsoft@discussions.microsoft.com> wrote in message
news:1E49AEEC-401E-427C-BF77-FB59C3E7ACB6@microsoft.com...
> Hi
>
> Could anyone assist with a login script that maps shares to drives based
> on
> the organisational unit the user is assigned.
>
> any assitance would be greatly appreciated.
>
> thanks

If you don't want to use GPO's linked to your OU's (or group membership), a
scripting solution requires that you parse the user Distinguished Name.
There is no built in method or attribute that you can use. The most reliable
method I have found follows:
=========
Dim objSysInfo, strUserDN, objUser
Dim strOUPath, arrContainers, arrOU, strOU

' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
' Escape any embedded forward slash characters.
strUserDN = Replace(strUserDN, "/", "\/")
Set objUser = GetObject("LDAP://" & strUserDN)

' Retrieve DN of parent OU/Container.
strOUPath = objUser.Parent

' Replace any escaped commas with Chr(164).
strOUPath = Replace(strOUPath, "\,", Chr(164))

' Parse Parent DN into comma delimited components.
arrContainers = Split(strOUPath, ",")

' Parse the first component to retrive name of the OU/Container.
arrOU = Split(arrContainers(0), "=")
strOU = arrOU(1)

' Restore any escaped commas.
strOU = Replace(strOU, Chr(164), "\,")

Wscript.Echo "User is in OU/Container " & strOU
=======
Another method would be to bind to the parent OU, using the DN retrieved
with the Parent method of the user object, and retrieving the value of the
ou attribute. However, this will fail if the user is in a container (or in
the root of the domain). It also requires one more binding operation, which
can be avoided. The above works in all cases I can think of.

Note, however, that in general the relative distinguished name of the OU may
not be unique. There can be several OU's called "Sales", as along as they
are in different parent OU's, for example. It is best to use the
Distinguished Names of the OU's, and make the comparisons case insensitive.
For example:
=========
' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
' Escape any embedded forward slash characters.
strUserDN = Replace(strUserDN, "/", "\/")
Set objUser = GetObject("LDAP://" & strUserDN)

' Retrieve DN of parent OU/Container.
strOUPath = objUser.Parent

Select Case LCase(strOUPath)
Case "ou=sales,ou=east,dc=mydomain,dc=com"
' Do something.
Case "ou=sales,ou=west,dc=mydomain,dc=com"
' Do something.
Case "ou=sales,ou=north,dc=mydomain,dc=com"
' Do something.
Case "ou=sales,ou=south,dc=mydomain,dc=com"
' Do something.
End Select

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Login scripts based on Organisational Units [message #164074 is a reply to message #164068] Sat, 13 June 2009 15:36 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:u3Ro%23vD7JHA.2656@TK2MSFTNGP05.phx.gbl...
>
> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
> news:1E49AEEC-401E-427C-BF77-FB59C3E7ACB6@microsoft.com...
>> Hi
>>
>> Could anyone assist with a login script that maps shares to drives based
>> on
>> the organisational unit the user is assigned.
>>
>> any assitance would be greatly appreciated.
>>
>> thanks
>
> If you don't want to use GPO's linked to your OU's (or group membership),
> a scripting solution requires that you parse the user Distinguished Name.
> There is no built in method or attribute that you can use. The most
> reliable method I have found follows:
> =========
> Dim objSysInfo, strUserDN, objUser
> Dim strOUPath, arrContainers, arrOU, strOU
>
> ' Bind to current user object.
> Set objSysInfo = CreateObject("ADSystemInfo")
> strUserDN = objSysInfo.UserName
> ' Escape any embedded forward slash characters.
> strUserDN = Replace(strUserDN, "/", "\/")
> Set objUser = GetObject("LDAP://" & strUserDN)
>
> ' Retrieve DN of parent OU/Container.
> strOUPath = objUser.Parent
>
> ' Replace any escaped commas with Chr(164).
> strOUPath = Replace(strOUPath, "\,", Chr(164))
>
> ' Parse Parent DN into comma delimited components.
> arrContainers = Split(strOUPath, ",")
>
> ' Parse the first component to retrive name of the OU/Container.
> arrOU = Split(arrContainers(0), "=")
> strOU = arrOU(1)
>
> ' Restore any escaped commas.
> strOU = Replace(strOU, Chr(164), "\,")
>
> Wscript.Echo "User is in OU/Container " & strOU
> =======
> Another method would be to bind to the parent OU, using the DN retrieved
> with the Parent method of the user object, and retrieving the value of the
> ou attribute. However, this will fail if the user is in a container (or in
> the root of the domain). It also requires one more binding operation,
> which can be avoided. The above works in all cases I can think of.
>
> Note, however, that in general the relative distinguished name of the OU
> may not be unique. There can be several OU's called "Sales", as along as
> they are in different parent OU's, for example. It is best to use the
> Distinguished Names of the OU's, and make the comparisons case
> insensitive. For example:
> =========
> ' Bind to current user object.
> Set objSysInfo = CreateObject("ADSystemInfo")
> strUserDN = objSysInfo.UserName
> ' Escape any embedded forward slash characters.
> strUserDN = Replace(strUserDN, "/", "\/")
> Set objUser = GetObject("LDAP://" & strUserDN)
>
> ' Retrieve DN of parent OU/Container.
> strOUPath = objUser.Parent
>
> Select Case LCase(strOUPath)
> Case "ou=sales,ou=east,dc=mydomain,dc=com"
> ' Do something.
> Case "ou=sales,ou=west,dc=mydomain,dc=com"
> ' Do something.
> Case "ou=sales,ou=north,dc=mydomain,dc=com"
> ' Do something.
> Case "ou=sales,ou=south,dc=mydomain,dc=com"
> ' Do something.
> End Select
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>


Hi Richard,

Sounds complicated to me, whereas a script based on group membership may be
much simpler no matter what OU the user account exists in!

Ace
Previous Topic:Windows Update not working correctly in R2 RC
Next Topic:Proliant ML110 G5 Server Can I run as a PC
Goto Forum:
  


Current Time: Tue Aug 22 14:50:08 EDT 2017

Total time taken to generate the page: 0.03567 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software