Re: Domain Logon Script Advice
- From: "colin.laurie@xxxxxxxxxxxxxx" <colin.laurie@xxxxxxxxxxxxxx>
- Date: Wed, 12 Sep 2007 23:58:41 -0700
On Sep 6, 1:45 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxxxxxxxxxxxxxxxx> wrote:
Colin wrote:
I have been tasked to create/develop a domain wide logon script to map
users printers and network shares based upon which Active Directory OU
they belong to. This is a big task for me as i have not done any
scripting for this purpose, only use batch files.
I happy with deploying the script via GPO etc, it's just the actual
scripting part.
My questions are:
1. What is the best method to achieve this? VBS/ Kix etc?
2. Are there any other ways to do this for scripting dummies like
myself?
3. Is this too big a task for a scripting newcomer? (Domain consists
of many AD sites, printers etc)
Thanks in advance.
If you want to map printers and shares based on the OU (rather than
membership in a group) you can have one Group Policy for each OU, each with
it's own logon script. The scripts would be very similar. I prefer VBScript.
A very basic VBScript logon script to map the same printer and shares to all
users in an OU could be similar to:
==============
Option Explict
Dim objNetwork
Set objNetwork = CreateObject("Wscript.Network")
' Connect a shared printer.
objNetwork.AddWindowsPrinterConnection "\\PrintServer\Laser2"
objNetwork.SetDefaultPrinter "\\PrintServer\Laser2"
' Map a share to a drive.
On Error Resume Next
objNetwork.MapNetworkDrive "M:", "\\FileServer\EngrShare"
If (Err.Number <> 0) Then
On Error GoTo 0
objNetwork.RemoveNetworkDrive strDrive, True, True
objNetwork.MapNetworkDrive "M:", "\\FileServer\EngrShare"
End If
On Error GoTo 0
=========
I recommend using "Option Explicit" so that all variables must be declared
in Dim statements. This reduces chances of typos and makes troubleshooting
easier. I recommend only using "On Error Resume Next" for statements you
expect might raise errors, then handle the error and restore normal error
handling. This way you will know if there is a problem so you can fix it. In
the example above, if the user has established a persistent connection to
drive M:, the mapping operation might raise an error. In anticipation of
this I trap the error, attempt to remove the mapping, and try again. If the
second attempt fails an error message is displayed so you know it failed.
If you need to determine the OU in the script, the best way to identify the
OU is by Distinguished Name (DN). Assuming all clients have Windows 2000 or
above, you can use the ADSystemInfo object to retrieve the DN of the user,
bind to the user object, then use the Parent method to retrieve the parent
container/OU. For example:
========
Option Explicit
Dim objSysInfo, strUserDN, objUser, strParent
Dim objNetwork
' Retrieve user DN.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
' Bind to use object.
Set objUser = GetObject("LDAP://"; & strUserDN)
' Retrieve AdsPath of parent container/OU.
strParent = objUser.Parent
' Check for OU. One If statement for each OU.
If (strParent = "LDAP://ou=West,dc=MyDomain,dc=com";) Then
' Map drives and printers.
End If
' Alternative way to check OU's.
Select Case strParent
Case "LDAP://OU=West,dc=MyDomain,dc=com";
' Map drives and printers.
Case "LDAP://OU=East,dc=MyDomain,dc=com";
' Map drives and printers.
Case Else
' Default mappings.
End Select
=========
The Parent method returns the AdsPath of the parent OU or container, which
is the Distinguised Name with the "LDAP://"; moniker appended. I don't test
with just the ou name, like "ou=West", because there could be many OU's in
the domain with that name.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -http://www.rlmueller.net
--- Hide quoted text -
- Show quoted text -
Hi Richard, i inherited the following script from my company's sister
company. They are using it to map network shares & printers based upon
users OU membership.
I have edited it to attempt a simple test to map to a share called
'hit' on a server called 'dingo'. This should be mapped to the G
Drive.
Can you confirm if i run this type of script manually from a desktop
should it work? At the moment it doesn't, and as there are no error
message produced i find it extreemly difficult to troubleshoot.
Can you advise at all?
---------------------------------------------------------
On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
const domainName = "MFTAU"
Dim WshNetwork
Dim oShell2
Set WshNetwork = CreateObject("WScript.Network")
Set objSysInfo = WScript.CreateObject( "ADSystemInfo" )
Set objNetwork = WScript.CreateObject( "WScript.Network" )
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set oShell = CreateObject("WScript.Shell")
set oshell2 = CreateObject("wscript.shell")
strOU = objSysInfo.UserName
strOU = Mid( strOU, InStr( strOU, "=" ) + 1 )
strOU = Mid( strOU, InStr( strOU, "=" ) - 2 )
strOU = Left( strOU, InStr( UCase( strOU ), "DC=" ) - 2 )
'Next Function enables Usergroup testing.
'=============================================
function UserInGroup(UserName,group)
on error goto 0
UserInGroup = false
if len(username) < 1 then
exit function
end if
if instr(username,"/") < 2 then
username = domainName & "/" & username
end if
on error resume next
set DirObj = GetObject("WinNT://" & userName & ",user")
set DirObj = DirObj.Groups()
if Err.number <> 0 then
set DirObj = nothing
set userObj = nothing
err.clear
on error goto 0
exit function
end if
for each userObj in DirObj
'Check if user is a member of the group
if userObj.Name = group then
UserInGroup = True
set DirObj = nothing
set userObj = nothing
err.clear
on error goto 0
exit function
end if
next
Err.Clear
on error goto 0
End Function
'=============================================
Select Case strOU
Case "OU=HarbourIT"
strG = "\\dingo\hit"
End Select
If Not strG = "" Then
objNetwork.RemoveNetworkDrive "G:", True, True
objNetwork.MapNetworkDrive "G:", strG
End If
If Not strI = "" Then
objNetwork.RemoveNetworkDrive "I:", True, True
objNetwork.MapNetworkDrive "I:", strI
End If
If Not strP = "" Then
objNetwork.RemoveNetworkDrive "P:", True, True
objNetwork.MapNetworkDrive "P:", strP
End If
If Not strR = "" Then
objNetwork.RemoveNetworkDrive "R:", True, True
objNetwork.MapNetworkDrive "R:", strR
End If
If Not strS = "" Then
objNetwork.RemoveNetworkDrive "S:", True, True
objNetwork.MapNetworkDrive "S:", strS
End If
If Not strX = "" Then
objNetwork.RemoveNetworkDrive "X:", True, True
objNetwork.MapNetworkDrive "X:", strX
End If
strComputer = UCase( objSysInfo.ComputerName )
strComputer = Mid( strComputer, InStr( strComputer, "=" ) + 1 )
strComputer = Left( strComputer, InStr( strComputer, "=" ) - 4 )
Select Case strComputer
Case "BLADE01" , "BLADE02", "BLADE03", "BLADE04", "BLADE05"
strOU = "LDAP://"; & objSysInfo.UserName
Set objUser = GetObject( strOU )
arrMemberOf = objUser.GetEx( "memberOf" )
If Not Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
blnMIMSUsers = False
For Each strGroup In arrMemberOf
strGroup = Mid( strGroup, InStr( strGroup, "=" ) + 1 )
strGroup = Left( strGroup, InStr( strGroup, "=" ) - 4 )
Select Case strGroup
Case "MIMS Users"
blnMIMSUsers = True
End Select
Next
End If
End Select
.
- References:
- Domain Logon Script Advice
- From: colin.laurie@xxxxxxxxxxxxxx
- Re: Domain Logon Script Advice
- From: Richard Mueller [MVP]
- Domain Logon Script Advice
- Prev by Date: Re: How to display copying window during copy file
- Next by Date: RE: Need help deleting files on 4000 + computers
- Previous by thread: Re: Domain Logon Script Advice
- Next by thread: ZERO, NULL, 0 ; Logic | bitwise
- Index(es):
Relevant Pages
|
