Re: login script for group
- From: ctvader <jeff.swift@xxxxxxxxx>
- Date: Fri, 21 Sep 2007 10:08:08 -0700
On Sep 21, 11:32 am, Deena <De...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thank you for your suggestions. I still do not have this working, however.
First, a disclaimer. I am not a programmer but I'm responsible for our
school network so use simple sentenced when working with me...
Here is my setup. My domain is IslesboroCentralSchool.local in which I have
an OU named ICS Students. I created a group in ICS Students called Geometry
where students will read files put there by the teacher (who is in a
different OU called ICS Teachers) and where they will save documents to be
checked by the teacher. When this works, I will create more groups for other
subjects to be used in the same way. Some students will belong to more than
one group and all groups will have at least one teacher member. Using your
model, I created the following script in Notepad and saved it in the SYSVOL
on the server/domain/scripts folder. It is also saved to the NETLOGON
folder. I get an error message for line 18, character 5, Network path is not
found, source wshnetwork.mapnetworkdrive.
Option Explicit
Dim ADSysInfo, CurrentUser, wshNetwork
Dim strGroupDN, objGroup
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://"; & ADSysInfo.UserName)
Set wshNetwork = CreateObject("Wscript.Network")
' Specify Distinguished Name of group.
strGroupDN = "cn=Geometry,ou=ICS Students,dc=IslesboroCentralSchool,dc=local"
' Bind to the group object.
Set objGroup = GetObject("LDAP://"; & strGroupDN)
' Check direct group membership.
If (objGroup.IsMember(CurrentUser.AdsPath) = True) Then
wshNetwork.MapNetworkDrive "g:", "\\EAGLE4W1\Geometry\"
End If
"Richard Mueller [MVP]" wrote:
Deena wrote:
I would like to write a script that maps a drive to a shared folder for
users
who belong to a group. I have created a shared folder named "geometry"
and
have created a group (also called "geometry") and assigned users to it. I
am
trying the following script which I have saved to the SYSVOL on the
server/domain/scripts folder. It is also saved to the NETLOGON folder
although I didn't put it there - it just appeared after I put it in the
SYSVOL directory. I am getting an error message on the strGroups =
LCase(Join(CurrentUser.MemberOf)) line. Something about the use of Join.
I copied this code from the Microsoft Tech website and simply changed the
names of the group and server. Any suggestions?
Sample of my script:
Const geometry = "cn=Geometry"
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://"; & ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))
If InStr(strGroups, geometry) Then
wshNetwork.MapNetworkDrive "g:","\\EAGLE4W1\Geometry\"
End If
The Microsoft script is flawed. The Join method expects an array, so an
error is raised if the memberOf collection does not have at least two
Distinguished Names. If the user is a member of at least two groups (not
counting the "primary" group of the user, which is never included), then
CurrentUser.memberOf will be an array and all is fine. If the user is a
member of one group, CurrentUser.memberOf will be a string and Join will
raise an error. If the user is not a member of any groups (except the
"primary"), then CurrentUser.memberOf will be Empty and again an error is
raised.
Note also that searching for a group name is not very reliable. If the name
of the group is geometry, any group with the string "geometry" anywhere in
the Distinguished Name will return True (an integer greater than 0). Another
group could have a similar name, have the same name but be in another OU, or
be in an OU with the string.
I discuss this and better methods to check group membership in this link:
http://www.rlmueller.net/MemberOf.htm
The method I would suggest for you is to bind to the group object and use
the IsMember method. For example:
===============
Option Explicit
Dim ADSysInfo, CurrentUser, wshNetwork
Dim strGroupDN, objGroup
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://"; & ADSysInfo.UserName)
Set wshNetwork = CreateObject("Wscript.Network")
' Specify Distinguished Name of group.
strGroupDN = "cn=Geometry,ou=Sales,ou=West,dc=MyDomain,dc=com"
' Bind to the group object.
Set objGroup = GetObject("LDAP://"; & strGroupDN)
' Check direct group membership.
If (objGroup.IsMember(CurrentUser.AdsPath) = True) Then
wshNetwork.MapNetworkDrive "g:", "\\EAGLE4W1\Geometry\"
End If
=============
Yes, this involves using the group Distinguished Name, but is really the
only way to uniquely indentify the group. I also recommend using Option
Explicit so you must declare all variables.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -http://www.rlmueller.net
--- Hide quoted text -
- Show quoted text -
Try this - do an echo to get objGroup to see if its retrunging this
value...
.
- Follow-Ups:
- Re: login script for group
- From: Deena
- Re: login script for group
- References:
- Re: login script for group
- From: Richard Mueller [MVP]
- Re: login script for group
- From: Deena
- Re: login script for group
- Prev by Date: Re: RPC Server Unavailable
- Next by Date: Re: Aquisition now what?
- Previous by thread: Re: login script for group
- Next by thread: Re: login script for group
- Index(es):
Relevant Pages
|
