Re: Login scripts based on Organisational Units
- From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 13 Jun 2009 15:36:51 -0400
"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:u3Ro%23vD7JHA.2656@xxxxxxxxxxxxxxxxxxxxxxx
"microsoft" <microsoft@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1E49AEEC-401E-427C-BF77-FB59C3E7ACB6@xxxxxxxxxxxxxxxx
Hi
Could anyone assist with a login script that maps shares to drives based
on
the organisational unit the user is assigned.
any assitance would be greatly appreciated.
thanks
If you don't want to use GPO's linked to your OU's (or group membership),
a scripting solution requires that you parse the user Distinguished Name.
There is no built in method or attribute that you can use. The most
reliable method I have found follows:
=========
Dim objSysInfo, strUserDN, objUser
Dim strOUPath, arrContainers, arrOU, strOU
' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
' Escape any embedded forward slash characters.
strUserDN = Replace(strUserDN, "/", "\/")
Set objUser = GetObject("LDAP://"; & strUserDN)
' Retrieve DN of parent OU/Container.
strOUPath = objUser.Parent
' Replace any escaped commas with Chr(164).
strOUPath = Replace(strOUPath, "\,", Chr(164))
' Parse Parent DN into comma delimited components.
arrContainers = Split(strOUPath, ",")
' Parse the first component to retrive name of the OU/Container.
arrOU = Split(arrContainers(0), "=")
strOU = arrOU(1)
' Restore any escaped commas.
strOU = Replace(strOU, Chr(164), "\,")
Wscript.Echo "User is in OU/Container " & strOU
=======
Another method would be to bind to the parent OU, using the DN retrieved
with the Parent method of the user object, and retrieving the value of the
ou attribute. However, this will fail if the user is in a container (or in
the root of the domain). It also requires one more binding operation,
which can be avoided. The above works in all cases I can think of.
Note, however, that in general the relative distinguished name of the OU
may not be unique. There can be several OU's called "Sales", as along as
they are in different parent OU's, for example. It is best to use the
Distinguished Names of the OU's, and make the comparisons case
insensitive. For example:
=========
' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
' Escape any embedded forward slash characters.
strUserDN = Replace(strUserDN, "/", "\/")
Set objUser = GetObject("LDAP://"; & strUserDN)
' Retrieve DN of parent OU/Container.
strOUPath = objUser.Parent
Select Case LCase(strOUPath)
Case "ou=sales,ou=east,dc=mydomain,dc=com"
' Do something.
Case "ou=sales,ou=west,dc=mydomain,dc=com"
' Do something.
Case "ou=sales,ou=north,dc=mydomain,dc=com"
' Do something.
Case "ou=sales,ou=south,dc=mydomain,dc=com"
' Do something.
End Select
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Hi Richard,
Sounds complicated to me, whereas a script based on group membership may be
much simpler no matter what OU the user account exists in!
Ace
.
- References:
- Login scripts based on Organisational Units
- From: microsoft
- Re: Login scripts based on Organisational Units
- From: Richard Mueller [MVP]
- Login scripts based on Organisational Units
- Prev by Date: Windows Update not working correctly in R2 RC
- Next by Date: Re: PAE switch
- Previous by thread: Re: Login scripts based on Organisational Units
- Next by thread: One way roaming profile
- Index(es):
Relevant Pages
|
