Announcement

Collapse
No announcement yet.

check computer group membership + user group membership

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • check computer group membership + user group membership

    Hi all,

    I have created a script that checks if the computer is a member of a certain group. And also a function to check if a user is member of a certain group.
    So you specifie a computer name and a security group. The function returns true is the computer is member of the group. Same for user.

    Now I have to do this check 50 times. to match printers and shared folders to users and computers. Becouse of this somethimes I get 8007203A - The server is not operational.

    Is there a better way to do this?

    Here is my login script:

    On Error Resume Next
    ' LOGIN SCRIPT
    ' netwerk object
    Set objNetwork = WScript.CreateObject("WScript.Network")
    Set CheckDrive = objNetwork.EnumNetworkDrives()
    ' pop ups
    Set WshShell = WScript.CreateObject("WScript.Shell")
    Set objSysInfo = CreateObject("ADSystemInfo")
    'file system
    Set objFSO = CreateObject("Scripting.FileSystemObject")

    Private Sub IncludeFile(byVal FileName)
    Const ForReading = 1
    'msg = WshShell.Popup (FileName)
    Dim f: set f = objFSO.OpenTextFile(FileName,ForReading)
    Dim s: s = f.ReadAll()
    ExecuteGlobal s
    End Sub


    'Domain info
    myRoot = "DC=mydomain,DC=lan"
    mySBSRoot = "OU=MyBusiness," + myRoot
    mySecurityGroups = "OU=Security Groups," + mySBSRoot
    myComputers = "OU=SBSComputers,OU=Computers," + mySBSRoot
    myServers = "OU=SBSServers,OU=Computers," + mySBSRoot
    myDomainControllers = "OU=Domain Controllers," + myRoot
    myUser = objSysInfo.UserName

    'User information
    myPC = objNetwork.ComputerName
    myUserName = objNetwork.UserName

    Function ComputerInGroup(mygroup)
    Dim oGrp
    set oGrp = GetObject("LDAP://CN=" + mygroup + "," + mySecurityGroups)
    if oGrp.IsMember("LDAP://CN=" + myPC + "," + myComputers) Then
    ComputerInGroup=1
    else
    ComputerInGroup=0
    end if
    set oGrp = Nothing
    end function

    Function UserInGroup(mygroup)
    Dim oGrp
    set oGrp = GetObject("LDAP://CN=" + mygroup + "," + mySecurityGroups)
    if oGrp.IsMember("LDAP://" + myUser) Then
    UserInGroup=1
    else
    UserInGroup=0
    end if
    set oGrp = Nothing
    end function

    Function isServer()
    'msg = WshShell.Popup (myPC)
    Dim myServer
    WScript.Sleep(5000)
    set myServerList = GetObject("LDAP://" & myDomainControllers)
    For Each objContainer in myServerList
    if objContainer.Name = "CN="+myPC then
    isServer = 1
    set myServerList = Nothing
    Exit Function
    end if
    Next
    WScript.Sleep(5000)
    set myServerList = Nothing
    set myServerList = GetObject("LDAP://" + myServers)
    For Each objContainer in myServerList
    if objContainer.Name = "CN="+myPC then
    isServer = 1
    set myServerList = Nothing
    Exit Function
    end if
    Next
    set myServerList = Nothing
    isServer=0
    end function

    Function addFolderMapping(mDrive, mPath)
    If Not objFSO.FolderExists(mPath) Then
    objFSO.CreateFolder(mPath)
    End If
    'msg = WshShell.Popup (mDrive)
    'objNetwork.RemoveNetworkDrive mDrive
    objNetwork.MapNetworkDrive mDrive, mPath
    end Function

    Function addPrinterMapping(mDefault, mPath, mMap)
    if mPath = myPC then
    If mDefault = 1 then
    objNetwork.SetDefaultPrinter(mMap)
    end if
    else
    sPath = "\\" + mPath + "\" + mMap
    'msg = WshShell.Popup (sPath)
    objNetwork.AddwindowsPrinterconnection(sPath)
    If mDefault = 1 then
    objNetwork.SetDefaultPrinter(sPath)
    end if
    end if
    end Function


    Function doAction(mI)
    select case ACTIE(mI)
    case "PRINTER"
    'do printer mapping
    addPrinterMapping 0, PAD(mI), MAP(mI)
    case "DEFAULT"
    'do printer mapping and set default
    addPrinterMapping 1, PAD(mI), MAP(mI)
    case else
    'do folder mapping
    If MAP(mI) = "USERNAME" then
    addFolderMapping ACTIE(mI), PAD(mI) + "\" + myUserName
    else
    addFolderMapping ACTIE(mI), PAD(mI)
    end if
    end select
    end function

    Function checkMembership()
    for i = 0 to Ubound(USERGROUPS)-1 Step 1
    vUSERGROUPS(i) = UserInGroup(USERGROUPS(i))
    WScript.Sleep(5000)
    next
    for i = 0 to Ubound(PCGROUPS)-1 Step 1
    vPCGROUPS(i) = ComputerInGroup(PCGROUPS(i))
    WScript.Sleep(5000)
    next
    end function

    'Drive controle (reeds gemapte drives)
    cServer = isServer()
    if cServer = 0 then

    'msg = WshShell.Popup ("Welkom op ons serverpark!")
    Dim ConfigFileName: ConfigFileName = "\\server1\OpenICT\loginscripts\login.config"
    IncludeFile ConfigFileName
    checkMembership
    for i = 0 to Ubound(ACTIE)-1 Step 1
    'test usergroup
    allowAction = 0
    totalEmpty = 0

    if USERGROUP(i) <> "" then
    tmpusergroups = split(USERGROUP(i), ",", -1, 1)
    for each ugroup in tmpusergroups
    for y = 0 to Ubound(USERGROUPS)-1 Step 1
    if ugroup = USERGROUPS(y) then
    allowAction = allowAction + vUSERGROUPS(y)
    end if
    next
    next
    else
    totalEmpty = totalEmpty + 1
    end if

    if PCGROUP(i) <> "" then
    tmppcgroups = split(PCGROUP(i), ",", -1, 1)
    for each pgroup in tmppcgroups
    for y = 0 to Ubound(PCGROUPS)-1 Step 1
    if pgroup = PCGROUPS(y) then
    allowAction = allowAction + vPCGROUPS(y)
    end if
    next
    next
    else
    totalEmpty = totalEmpty + 1
    end if
    'msgbox(i & "-" & allowAction & " -- " & totalEmpty)
    if allowAction <> 0 or totalEmpty = 2 then
    doAction(i)
    end if
    next
    Path = "HKCU\Printers\Settings\EnableBalloonNotifications Remote"
    WshShell.RegWrite Path, 0 ,"REG_DWORD"
    'msg = WshShell.Popup ("Login scrip finished")
    else
    msg = WshShell.Popup ("Welkom op de server!")
    end if 'end check server


    Thanks in advance

  • #2
    Re: check computer group membership + user group membership

    And here is my config file:

    'SET MAPPINGS
    Dim USERGROUPS(3)
    Dim PCGROUPS(9)

    Dim vUSERGROUPS(3)
    Dim vPCGROUPS(9)

    USERGROUPS(0) = "EGDL"
    USERGROUPS(1) = "AAGS"
    USERGROUPS(2) = "EGPS"

    PCGROUPS(0) = "AAK1"
    PCGROUPS(1) = "AAK2"
    PCGROUPS(2) = "AAK3"
    PCGROUPS(3) = "EGK1"
    PCGROUPS(4) = "EGK2"
    PCGROUPS(5) = "EGK3"
    PCGROUPS(6) = "EGK4"
    PCGROUPS(7) = "EGK5"
    PCGROUPS( = "EGK6"

    Dim ACTIE(35) 'DRIVELETTER: (Z | PRINTER | DEFAULT
    Dim PAD(35) 'PAD NAAR MAP OF PRINTER
    Dim MAP(35) 'PRINTER NAAM OF MAPNAAM
    Dim USERGROUP(35) 'GROEP Waartoe de gebruiker moet hoeren
    Dim PCGROUP(35) 'Groep waartoe de PC moet horen
    i=0

    ' *** network mapping *** '

    ACTIE(i) = "V:"
    PAD(i) = "\\egdldc1\SHARED\EGDL\verglas"
    MAP(i) = ""
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK3"
    i=i+1

    ACTIE(i) = "S:"
    PAD(i) = "\\egdldc1\SHARED\AAGS"
    MAP(i) = ""
    USERGROUP(i) = "AAGS"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "S:"
    PAD(i) = "\\egdldc1\SHARED\EGDL"
    MAP(i) = ""
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "X:"
    PAD(i) = "\\egdldc1\Scans\AAK2"
    MAP(i) = ""
    USERGROUP(i) = "AAGS"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "X:"
    PAD(i) = "\\egdlnav1\CDrive"
    MAP(i) = ""
    USERGROUP(i) = "EGPS"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "X:"
    PAD(i) = "\\egdldc1\Scans\EGK4"
    MAP(i) = ""
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK4,EGK1"
    i=i+1

    ACTIE(i) = "X:"
    PAD(i) = "\\egdldc1\Scans\EGK5"
    MAP(i) = ""
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK5,EGK6"
    i=i+1

    ACTIE(i) = "Z:"
    PAD(i) = "\\egdldc1\OpenICT"
    MAP(i) = ""
    USERGROUP(i) = ""
    PCGROUP(i) = ""
    i=i+1

    ' *** PRINTERS AAGS *** '

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "AAGSNPR1"
    USERGROUP(i) = "AAGS"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "AAGSNPR2L1"
    USERGROUP(i) = "AAGS"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "AAGSNPR2L2"
    USERGROUP(i) = "AAGS"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "AAGSNPR2L3"
    USERGROUP(i) = "AAGS"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "AAGSNPR2L4"
    USERGROUP(i) = ""
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "AAGSPC1"
    MAP(i) = "AAGSSPR1"
    USERGROUP(i) = "AAGS"
    PCGROUP(i) = ""
    i=i+1

    ' *** PRINTERS EGDL *** '

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR1"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR2"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR3L1"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR3L2"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR3L3"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR3L4"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR4L1"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR4L2"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR4L3"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR4L4"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR5"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLPC4"
    MAP(i) = "EGDLSPR1"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLPC13"
    MAP(i) = "EGDLSPR2"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ACTIE(i) = "PRINTER"
    PAD(i) = "EGDLPC17"
    MAP(i) = "EGDLSPR3"
    USERGROUP(i) = "EGDL"
    PCGROUP(i) = ""
    i=i+1

    ' *** DEFAULT PRINTERS EGDL *** '

    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR4L2"
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK1"
    i=i+1

    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR2"
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK2"
    i=i+1

    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR1"
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK3"
    i=i+1

    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR2"
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK4"
    i=i+1

    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLDC1"
    MAP(i) = "EGDLNPR5"
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK5"
    i=i+1

    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLPC17"
    MAP(i) = "EGDLSPR3"
    USERGROUP(i) = ""
    PCGROUP(i) = "EGK6"
    i=i+1

    ' *** DEFAULT PRINTERS AAGS *** '

    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLDC1"
    MAP(i) = "AAGSNPR2L3"
    USERGROUP(i) = ""
    PCGROUP(i) = "AAK1"
    i=i+1


    ACTIE(i) = "DEFAULT"
    PAD(i) = "EGDLDC1"
    MAP(i) = "AAGSNPR1"
    USERGROUP(i) = ""
    PCGROUP(i) = "AAK2"
    i=i+1

    Comment


    • #3
      Re: check computer group membership + user group membership

      Your Visual Basic script is one with an 'expensive bind call' because it is re-using the same objectClass variable name for new GetObject calls - without making one outstanding reference to the server first. The script will make additional bind requests.

      It also peform separate search-runs for different attributes, which you might can try to improve by caching the results from just one search-run for most of the object's attributes that you were planning to use in the script. This will make the script run a little more efficient.

      An other important fact is that you started the logonscript with "On Error Resume next", this will cause the script to trap all syntax and method errors from the main part of the script and continue on error. When the script now does terminate in error, the error message might not point-out to the real problem!!

      Although, your script must have some error caption because of some conditions configured in your config-file. e.g. When a user that is member of the AAGS userGroup logon to a computer that is member of the computerGroup EGK1 the script is trying to map driveletter X: a second time, this will result in an error. Therefor you should set the "On Error Resume next" statement on (only) the functions that are doing the mappings, and use error handeling.

      I'll work on a sample how you can make your script do less binding and less separate searches.
      (For the script in my next post I'm going to use a transformed copy of your config-file, because yours will be way to complicated for my example.)
      Code:
      ' ["\\server1\OpenICT\loginscripts\login.config"]
      '////////////////////////////////////////////////////////////////////////////
      Option explicit
      Dim arrUserGroups, arrComputerGroups
      
      '	+------------------+
      '	| GroupNTName      |
      '	+------------------+
      arrUserGroups = array _
      	(  "EGDL" _
      	,  "AAGS" _
      	,  "EGPS" _
      	,  "Domain Users" _
              )
      arrComputerGroups = array _
      	(  "AAK1" _
      	,  "AAK2" _
      	,  "AAK3" _
      	,  "EGK1" _
      	,  "EGK2" _
      	,  "EGK3" _
      	,  "EGK4" _
      	,  "EGK5" _
      	,  "EGK6" _
      	)
      '	+-------------------+
      
      
      
      Sub SelectActions( GroupName )
        arrActions = array()
        ValuesPerRow = 4
        Select Case UCase(GroupName)
        '	+---------------,----------------------------------------+
        '	|  Action(0)	,  parameters(1)(2)(3)                   |
        '	+---------------,----------------------------------------+
      
          Case "EGDL"
          arrActions = array _
      	(  "MapDrive"	, "\\egdldc1", "\SHARED\EGDL", "S:" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR1", "(EGK3)" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR2", "(EGK2/EGK4)" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR3L1", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR3L2", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR3L3", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR3L4", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR4L1", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR4L2", "(EGK1)" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR4L3", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR4L4", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\EGDLNPR5", "(EGK5)" _
      	,  "MapPrinter"	, "\\egdlpc4", "\EGDLSPR1", "" _
      	,  "MapPrinter"	, "\\egdlpc13", "\EGDLSPR2", "" _
      	,  "MapPrinter"	, "\\egdlpc17", "\EGDLSPR3", "(EGK6)" _
      	)
      
          Case "AAGS"
          arrActions = array _
      	(  "MapDrive"	, "\\egdldc1", "\SHARED\AAGS", "S:" _
      	,  "MapDrive"	, "\\egdldc1", "\Scans\AAK2", "X:" _
      	,  "MapPrinter"	, "\\egdldc1", "\AAGSNPR1", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\AAGSNPR2L1", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\AAGSNPR2L2", "" _
      	,  "MapPrinter"	, "\\egdldc1", "\AAGSNPR2L3", "(AAK1)" _
      	,  "MapPrinter"	, "\\aagspc1", "\AAGSSPR1", "" _
      	)
      
          Case "EGPS"
          arrActions = array _
      	(  "MapDrive" 	, "\\egdlnav1", "\CDrive", "X:" _
      	)
      
          Case "DOMAIN USERS"
          arrActions = array _
      	(  "MapDrive" 	, "\\egdlnav1", "\OpenICT", "Z:" _
      	,  "MapPrinter"	, "\\egdldc1", "\AAGSNPR2L4", "" _
      	)
      
          Case "AAK1"
          arrActions = array _
      	(  "DefaultPrn"	, "\\egdldc1", "\AAGSNPR2L3", "(AAGS)" _
      	)
      
          Case "AAK2"
          arrActions = array _
      	(  "DefaultPrn"	, "\\egdldc1", "\AAGSNPR1", "(AAGS)" _
      	)
      
          Case "AAK3"
          arrActions = array _
      	(  "-"		, "", "", "" _
      	)
      
          Case "EGK1"
          arrActions = array _
      	(  "MapDrive"	, "\\egdldc1", "\Scans\EGK4", "X:" _
      	,  "DefaultPrn"	, "\\egdldc1", "\EGDLNPR4L2", "(EGDL)" _
      	)
      
          Case "EGK2"
          arrActions = array _
      	(  "DefaultPrn"	, "\\egdldc1", "\EGDLNPR2", "EGDL" _
      	)
      
          Case "EGK3"
          arrActions = array _
      	(  "MapDrive"	, "\\egdldc1", "\SHARED\EGDL\verglas", "V:" _
      	,  "DefaultPrn"	, "\\egdldc1", "\EGDLNPR1", "EGDL" _
      	)
      
          Case "EGK4"
          arrActions = array _
      	(  "MapDrive"	, "\\egdldc1", "\Scans\EGK4", "X:" _
      	,  "DefaultPrn"	, "\\egdldc1", "\EGDLNPR2", "EGDL" _
      	)
      
          Case "EGK5"
          arrActions = array _
      	(  "MapDrive"	, "\\egdldc1", "\Scans\EGK5", "X:" _
      	,  "DefaultPrn"	, "\\egdldc1", "\EGDLNPR5", "EGDL" _
      	)
      
          Case "EGK6"
          arrActions = array _
      	(  "MapDrive"	, "\\egdldc1", "\Scans\EGK5", "X:" _
      	,  "DefaultPrn"	, "\\egdlpc17", "\EGDLSPR3", "EGDL" _
      	)
        '	+---------------,----------------------------------------+
        End Select
      End Sub
      
      '////////////////////////////////////////////////////////////////////////////
      )

      \Rems
      Last edited by Rems; 31st August 2008, 21:39.

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: check computer group membership + user group membership

        I think the main problem with your code is caused by the Functions you use to check the precense of the user and the computer. And possibly also by the On Error Resume Next statement on top so code errors are being neglected.

        The script below shows an adapted IsMember function that is originally created by MVP Richard L. Mueller
        source: http://www.rlmueller.net/IsMember5.htm
        I adapted some performance impovement practices from the msdn.microsoft.com's "Active Directory and LDAP Technical Articles".
        source: http://msdn.microsoft.com/en-us/library/ms806997.aspx
        For this script the performance improvements will just have a little effect though.

        You can use the script to test the group membership checking during logon, and the performance.
        The script was not meant as a complete replacement of your script, however you could replace for the blue parts with your own statements, and add your functions that are called from it.
        (note, this script is using my version of the login.config file)
        Code:
        ' Logon script -
        ' checks user and computer membership over multiple groups.
        ' The groupnames and configured actions per matching group are
        ' retrieved from a (secondary vbscode-) file called "login.config" 
        
        
        ' make variable declarations mandatory
        Option explicit 
        
        ' global variables are declared outside of any sub or function.
        DIM objGroupList '!!!
        
        Dim arrActions, ValuesPerRow
        Dim objRootDSE, strDNSDomain, objUser, objComputer
        Dim arrUserObjProps, arrComputerObjProps
        Dim m, n, groupName
        
        
        ' The LDAP://RootDSE has an outstanding reference to the server.
        ' Therefor the different GetObject calls won't create extra binds.
        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")
        
        With CreateObject("ADSystemInfo")
          ' The following two statements does a base object search
          ' for only the objectClass attribute.
          Set objUser = GetObject("LDAP://" & .UserName)
          Set objComputer = GetObject("LDAP://" & .Computername)
        End With
        
        ' The following statements do a base object search for only
        ' the attributes of the object, that are used in the script.
        arrUserObjProps = Array("sAMAccountName","tokenGroups")
        arrComputerObjProps = Array("sAMAccountName","tokenGroups")
        objUser.GetInfoEx arrUserObjProps, 0
        objComputer.GetInfoEx arrComputerObjProps, 0
        
        
        call IncludeFile("\\server1\OpenICT\loginscripts\login.config")
        
        For m = 0 To UBound(arrUserGroups)
            groupName = arrUserGroups(m)
            If (IsMember _
                  (objUser.Get("sAMAccountName"), _
                   objUser.Get("tokenGroups"), _
                   groupName) = True) Then
              SelectActions groupName
              For n = 0 To UBound(arrActions) Step ValuesPerRow
        
            wsh.echo "Group =", groupName &vbNewLine& _
                 "Action", (n/ValuesPerRow)+1, "= ", arrActions(n)&vbNewLine& _
                 "parameters:", arrActions(n+1), arrActions(n+2), arrActions(n+3)
        
              Next
             'exit for
            End If
        Next
        
        For m = 0 To UBound(arrComputerGroups)
            groupName = arrComputerGroups(m)
            If (IsMember _
                  (objComputer.Get("sAMAccountName"), _
                   objComputer.Get("tokenGroups"), _
                   groupName) = True) Then
              SelectActions groupName
              For n = 0 To UBound(arrActions) Step ValuesPerRow
        
            wsh.echo "Group =", groupName &vbNewLine& _
                 "Action", (n/ValuesPerRow)+1, "= ", arrActions(n)&vbNewLine& _
                 "parameters:", arrActions(n+1), arrActions(n+2), arrActions(n+3)
        
              Next
             'exit for
            End If
        Next
        
        wscript.quit
        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
        
        
        
        Private Sub IncludeFile (ByVal FileName)
          'Please note:
          ' a. The ExecuteGlobal method complicates debugging if
          '    an error occurs in the secondary scripts because
          '    you will just get the line number of the
          '    ExecuteGlobal statement in the first script.
          ' b. The first and the secondary script(s) share the
          '    same namespace. Therefore, watch for unique
          '    variable and procedure naming.
          '------------
          With CreateObject("Scripting.FileSystemObject")  
            With .OpenTextFile(FileName, 1)
              ExecuteGlobal .ReadAll()
            End With
          End With
        End Sub
        
        
        Function IsMember(byVal sAMAccName, byVal arrbytGroups, ByVal strGroup)
            'Adapted from Function #5 http://www.rlmueller.net/freecode1.htm
            ' An efficient function to test group membership for multiple
            ' objects (users/computers) using the LDAP provider and the "TokenGroups"
            ' attribute. The function also reveals membership in nested groups and
            ' the primary group. Will not reveal cross-domain group membership.
            ' strGroup is the NT name (sAMAccountName) of the group to test.
            ' objGroupList is a dictionary object, with global scope.
            ' Returns True if the user or computer is a member of the group.
            
            If (IsEmpty(objGroupList) = True) Then
                Set objGroupList = CreateObject("Scripting.Dictionary")
                objGroupList.CompareMode = vbTextCompare
                Call LoadGroups(sAMAccName, arrbytGroups)
            End If
            If (objGroupList.Exists(sAMAccName & "\") = False) Then
                Call LoadGroups(sAMAccName, arrbytGroups)
            End If
            IsMember = objGroupList.Exists _
                            (sAMAccName & "\" & strGroup)
        End Function
        
        Sub LoadGroups (byVal sAMAccName, byVal arrbytGroups)
            ' source: http://www.rlmueller.net/freecode1.htm
            ' Subroutine to populate dictionary object with group memberships.
            ' objGroupList is a dictionary object, that has a global scope.
        
            objGroupList.Add sAMAccName & "\", True
        
            Dim arrstrGroupSids(), objGroup, j
        
            If (TypeName(arrbytGroups) = "Byte()") Then
                ReDim arrstrGroupSids(0)
                arrstrGroupSids(0) = OctetToHexStr(arrbytGroups)
                Set objGroup = GetObject("LDAP://" _
                    & "<SID=" & arrstrGroupSids(0) & ">")
                objGroupList.Add sAMAccName & "\" _
                    & objGroup.sAMAccountName, True
                Set objGroup = Nothing
                Exit Sub
            ElseIf (UBound(arrbytGroups) = -1) Then
                Exit Sub
            End If
        
            ReDim arrstrGroupSids(UBound(arrbytGroups))
            For j = 0 To UBound(arrbytGroups)
                arrstrGroupSids(j) = OctetToHexStr(arrbytGroups(j))
                Set objGroup = GetObject("LDAP://" _
                    & "<SID=" & arrstrGroupSids(j) & ">")
                objGroupList.Add sAMAccName & "\" _
                    & objGroup.sAMAccountName, True
            Next
            Set objGroup = Nothing
        End Sub
        
        Function OctetToHexStr (ByVal arrbytOctet)
            ' http://www.rlmueller.net/freecode1.htm
            ' Function to convert OctetString (byte array) to Hex string.
        
            Dim k
        
            OctetToHexStr = ""
            For k = 1 To Lenb(arrbytOctet)
                OctetToHexStr = OctetToHexStr _
                    & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
            Next
        End Function
        \Rems

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment

        Working...
        X