Re: Log on script error

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Nov 2006 11:10:41 -0600

There should be no reason to specify a particular DC in the binding string,
unless you are retrieving the value of an attribute that is not replicated
(has a different value on each DC). It should be safer to not specify a DC.
However, I cannot explain why it works for some users and not others.

I should also point out that the next line in your script will raise an
error if the user is not a member of at least two groups (not counting the
"primary" group, usually "Domain Users"). When dealing with multi-valued
attributes like memberOf, make sure the script works in all 3 possible
cases: no values, one value, more than one. I would suggest:
=============
Set CurrentUser = GetObject("LDAP://"; & ADSysInfo.UserName)
arrGroups = CurrentUser.memberOf
If (IsEmpty(arrGroups) = True) Then
strGroups = ""
ElseIf (TypeName(arrGroups) = "String") Then
strGroups = LCase(arrGroups)
Else
strGroups = LCase(Join(arrGroups)
End If
============
Even after this I dislike the method. I'm sure most people check group
membership with InStr to check if the NetBIOS name of the group is in the
string. This can give erroneous results, unless you check for the full
Distinguished Name of the group. Depending on your purpose, there are other
ways to check group membership. For example, you might be able to use the
IsMember method of the group object. You pass the AdsPath of the user to
this method and it returns True if the user is a member. An example logon
script that uses this method to check group membership is linked here:

http://www.rlmueller.net/Logon4.htm

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
<glasseigne@xxxxxxxxxxxxxx> wrote in message
news:1163435809.791979.224250@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I error using the following script:

---start snippet
Dim objNetwork

Set wshNetwork = CreateObject("WScript.Network")

Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://<AD server name replaced>/" &
ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

---end snippet

The line that errors is the Set CurrentUser. It does not happen with
every user, just a few. I cannot figure out what's common with the
users it errors on.

Thanks

Follow-Ups:
- Re: Log on script error
  - From: glasseigne

References:
- Log on script error
  - From: glasseigne

Prev by Date: Log on script error
Next by Date: Re: Log on script error
Previous by thread: Log on script error
Next by thread: Re: Log on script error
Index(es):
- Date
- Thread

Relevant Pages

Re: Log on script error
... make sure the script works in all 3 possible ... strGroups = LCase ... ways to check group membership. ... ---start snippet ...
(microsoft.public.windows.server.scripting)
Re: Log on script error
... Microsoft MVP Scripting and ADSI ... ElseIf = "String") Then ... strGroups = LCase ... ways to check group membership. ...
(microsoft.public.windows.server.scripting)
Re: vbscript / logon script type mismatch
... >>I'm using the script below as a logon script and am trying to map various ... >>Problem seems to be with the strgroups line, but I can't fingure it out. ... Users and computers must be a member of at ... more entries, but it is a string if there is one, and it is empty if there ...
(microsoft.public.windows.server.scripting)
Re: Mapping a drive according to group membership
... strGroups = LCase) ... There is one group membership. ... ElseIf = "String") Then ... I am well aquainted with your scripts and have used some of them as ...
(microsoft.public.scripting.vbscript)
Re: Log on script error
... I've never seen ADSysInfo.UserName fail if the script is run by the user. ... ElseIf = "String") Then ... strGroups = LCase ... ways to check group membership. ...
(microsoft.public.windows.server.scripting)