Paracom_Inc
asked on
Determine computer group membership in VBScript
I need to be able to tell whether or not a computer is a member of an AD group. I have tried using the IsMember() method. I can get an object for the group and an object for the computer. I then use oGroup.IsMember(oComputer.
ASKER
Function ObjectIsGroupMember( sDomainName, sGroupName, sObjectName, sObjectType)
Dim oGroup, oObject
Dim lErr, lShellErr
Set oGroup = GetObject("WinNT://" & sDomainName & "/" & sGroupName & ",group")
Set oObject = GetObject("WinNT://" & sDomainName & "/" & sObjectName & "," & sObjectType)
ObjectIsGroupMember = oGroup.IsMember(oObject.AD
Set oGroup = Nothing
Set oObject = Nothing
End Function 'ObjectIsGroupMember
Dim oGroup, oObject
Dim lErr, lShellErr
Set oGroup = GetObject("WinNT://" & sDomainName & "/" & sGroupName & ",group")
Set oObject = GetObject("WinNT://" & sDomainName & "/" & sObjectName & "," & sObjectType)
ObjectIsGroupMember = oGroup.IsMember(oObject.AD
Set oGroup = Nothing
Set oObject = Nothing
End Function 'ObjectIsGroupMember
Hi,
Can you try the below code which will get the local computer user name and will display the necessary information?
'Script starts here
Dim objTrans, strComputerDN, objComputer, colGroups, strGroup, v
Set objTrans = CreateObject("NameTranslat
' Constants required for name translate
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
'Get the NETBIOS name of the domain
Set objSystemInfo = CreateObject("ADSystemInfo
strDomain = objSystemInfo.DomainShortN
' Get the name of the computer
set objNetwork = createobject("Wscript.Netw
strComputer = objNetwork.ComputerName
' Call function to return the distinguished name (DN) of the computer
strComputerDN = getComputerDN(strComputer,
wscript.echo strComputerDN
function getComputerDN(byval strComputer,byval strDomain)
' Function to get the distinguished name of a computer
' from the NETBIOS name of the computer (strcomputer)
' and the NETBIOS name of the domain (strDomain) using
' name translate
Set objTrans = CreateObject("NameTranslat
' Initialize name translate using global catalog
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Input computer name (NT Format)
objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer & "$"
' Get Distinguished Name.
getComputerDN = objTrans.Get(ADS_NAME_TYPE
end function
Set objComputer = GetObject("LDAP://" & strComputerDN)
colGroups = objComputer.MemberOf
If IsEmpty(colGroups) Then
Msgbox "Machine is not a member of any other group than its primary group, ie domain computers"
Else
Msgbox "not empty"
If TypeName(colGroups) = "String" Then
'machine is only a member of one group other than its primary group, ie domain computers
strGroup = checkCN(LCase(colGroups))
If strGroup <> "" Then
If Not dicGroupNames.Exists(LCase
dicGroupNames.Add LCase(Trim(strGroup)), "1"
Call LOG_BUFFER("+++ Adding Computer GroupName " & LCase(Trim(strGroup)) & " to dictionary +++", "file&eventlog", "file&eventlog")
Else
Call LOG_BUFFER("+++ Already have GroupName " & LCase(Trim(strGroup)) & " in dictionary, MGM +++", "file&eventlog", "file&eventlog")
End If
End If
Msgbox strGroup
Else
Wscript.echo "Machine is a member of more than one additional group other than its primary group, ie domain computers"
For v = 0 To UBound(colGroups)
strGroup = checkCN(LCase(colGroups(v)
If strGroup <> "" Then
If Not dicGroupNames.Exists(LCase
dicGroupNames.Add LCase(Trim(strGroup)), "1"
Call LOG_BUFFER("+++ Adding Computer GroupName " & LCase(Trim(strGroup)) & " to dictionary +++", "file&eventlog", "file&eventlog")
Else
Call LOG_BUFFER("+++ Already have GroupName " & LCase(Trim(strGroup)) & " in dictionary, MGM +++", "file&eventlog", "file&eventlog")
End If
End If
Msgbox strGroup
Next
End If
End If
Can you try the below code which will get the local computer user name and will display the necessary information?
'Script starts here
Dim objTrans, strComputerDN, objComputer, colGroups, strGroup, v
Set objTrans = CreateObject("NameTranslat
' Constants required for name translate
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
'Get the NETBIOS name of the domain
Set objSystemInfo = CreateObject("ADSystemInfo
strDomain = objSystemInfo.DomainShortN
' Get the name of the computer
set objNetwork = createobject("Wscript.Netw
strComputer = objNetwork.ComputerName
' Call function to return the distinguished name (DN) of the computer
strComputerDN = getComputerDN(strComputer,
wscript.echo strComputerDN
function getComputerDN(byval strComputer,byval strDomain)
' Function to get the distinguished name of a computer
' from the NETBIOS name of the computer (strcomputer)
' and the NETBIOS name of the domain (strDomain) using
' name translate
Set objTrans = CreateObject("NameTranslat
' Initialize name translate using global catalog
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Input computer name (NT Format)
objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strComputer & "$"
' Get Distinguished Name.
getComputerDN = objTrans.Get(ADS_NAME_TYPE
end function
Set objComputer = GetObject("LDAP://" & strComputerDN)
colGroups = objComputer.MemberOf
If IsEmpty(colGroups) Then
Msgbox "Machine is not a member of any other group than its primary group, ie domain computers"
Else
Msgbox "not empty"
If TypeName(colGroups) = "String" Then
'machine is only a member of one group other than its primary group, ie domain computers
strGroup = checkCN(LCase(colGroups))
If strGroup <> "" Then
If Not dicGroupNames.Exists(LCase
dicGroupNames.Add LCase(Trim(strGroup)), "1"
Call LOG_BUFFER("+++ Adding Computer GroupName " & LCase(Trim(strGroup)) & " to dictionary +++", "file&eventlog", "file&eventlog")
Else
Call LOG_BUFFER("+++ Already have GroupName " & LCase(Trim(strGroup)) & " in dictionary, MGM +++", "file&eventlog", "file&eventlog")
End If
End If
Msgbox strGroup
Else
Wscript.echo "Machine is a member of more than one additional group other than its primary group, ie domain computers"
For v = 0 To UBound(colGroups)
strGroup = checkCN(LCase(colGroups(v)
If strGroup <> "" Then
If Not dicGroupNames.Exists(LCase
dicGroupNames.Add LCase(Trim(strGroup)), "1"
Call LOG_BUFFER("+++ Adding Computer GroupName " & LCase(Trim(strGroup)) & " to dictionary +++", "file&eventlog", "file&eventlog")
Else
Call LOG_BUFFER("+++ Already have GroupName " & LCase(Trim(strGroup)) & " in dictionary, MGM +++", "file&eventlog", "file&eventlog")
End If
End If
Msgbox strGroup
Next
End If
End If
Hi, here is a script that I use to check if the current computer is in a specific group, if that's what you need:
'=================
Dim objNetwork
Set objNetwork = CreateObject("WScript.Netw
Dim objWinntComp
Set objWinntComp = GetObject("WinNT://" & objNetwork.UserDomain & "/" & objNetwork.ComputerName & ",computer")
MsgBox "WinNT://" & objNetwork.UserDomain & "/" & objNetwork.ComputerName & ",computer"
Dim strGroupToCheck
strGroupToCheck = "Jack_grp"
If IsMemberOfGroup(objNetwork
MsgBox "You are a member of " & strGroupToCheck
ElseIf IsMemberOfGroup(objNetwork
MsgBox "You are NOT a member of " & strGroupToCheck
WScript.Quit
ElseIf IsMemberOfGroup(objNetwork
MsgBox "There was no group found called " & strGroupToCheck
WScript.Quit
End If
Function IsMemberOfGroup(strUserDom
IsMemberOfGroup = False
Dim objGroup
On Error Resume Next
Set objGroup = GetObject("WinNT://" & strUserDomain & "/" & strGroup & ",group")
If Err.Number Then
IsMemberOfGroup = "Error"
Else
IsMemberOfGroup = objGroup.IsMember(objComp.
End If
End Function
'=================
Regards,
Rob.
'=================
Dim objNetwork
Set objNetwork = CreateObject("WScript.Netw
Dim objWinntComp
Set objWinntComp = GetObject("WinNT://" & objNetwork.UserDomain & "/" & objNetwork.ComputerName & ",computer")
MsgBox "WinNT://" & objNetwork.UserDomain & "/" & objNetwork.ComputerName & ",computer"
Dim strGroupToCheck
strGroupToCheck = "Jack_grp"
If IsMemberOfGroup(objNetwork
MsgBox "You are a member of " & strGroupToCheck
ElseIf IsMemberOfGroup(objNetwork
MsgBox "You are NOT a member of " & strGroupToCheck
WScript.Quit
ElseIf IsMemberOfGroup(objNetwork
MsgBox "There was no group found called " & strGroupToCheck
WScript.Quit
End If
Function IsMemberOfGroup(strUserDom
IsMemberOfGroup = False
Dim objGroup
On Error Resume Next
Set objGroup = GetObject("WinNT://" & strUserDomain & "/" & strGroup & ",group")
If Err.Number Then
IsMemberOfGroup = "Error"
Else
IsMemberOfGroup = objGroup.IsMember(objComp.
End If
End Function
'=================
Regards,
Rob.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I get an error at line 49:
Error: type mismatch: 'checkCN'
Code: 800A000D
Error: type mismatch: 'checkCN'
Code: 800A000D
Hi,
I think my script only will tell you if the computer is part of the domain computers or anyother group.
Have you tried Rob' s script which suits your needs.
Let me know if you want anything else
regards
Chandru
I think my script only will tell you if the computer is part of the domain computers or anyother group.
Have you tried Rob' s script which suits your needs.
Let me know if you want anything else
regards
Chandru
Can you post your code here.......
regards
Chandru