?
Solved

IFMEMBER not showing all groups - HELP!

Posted on 2005-03-07
2
Medium Priority
?
719 Views
Last Modified: 2013-12-04
I am having trouble using the IFMEMBER utility for Windows Servers.  What I am trying to do, for example, is use a line like this in my script:

:TrusteeUser
ifmember domain\groupname
if not errorlevel 1 goto nextTrusteeUser
net use t: \\server\trustee$
:nextTrusteeUser

For some reason, though, ifmember is not seeing all of the group associations.  If I run "ifmember.exe /l /v" it will show only some of the groups I am associated with.  If I add myself to the trustee group and run the command again, for example, the trustee group does not appear.  

WHAT AM I DOING WRONG?  I have tried using:

1.  ifmember "groupname"
2.  ifmember groupname
3.  ifmember "domain\groupname"  and
4.  ifmember domain\groupname

and it still does not see the domain group membership.  Additionally, I have tried creating both a Domain Local group for this, and a Global security group... neither works.  

Any help will be greatly appreciated.

Thanks!
0
Comment
Question by:FunkiNATEr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1500 total points
ID: 13481216
Either you didn't logout inbetween changing you group membership, or you logged out and logged on at a DC that hasn't had the changes replicated yet.
When you logon, your account gets a token that includes the SIDs of the groups you're member of. This token is not dynamically updated, you have to logout and back in if your group membership changed.
And I haven't tested this extensively, but I think that ifmember might not identify nested group membership, only direct membership (but I'm not completely sure).
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13482608
Quoted group name is all that should be necessary...

rem Check to see if allowed color printer access
ifmember "Color_LJ1"
if not errorlevel 1 goto skipcolor
rundll32 printui.dll,PrintUIEntry /dn /n\\wins_server\colorLJ1 /q
:skipcolor

http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/ifmember-o.asp
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/ifmember.asp


-rich
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month14 days, 10 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question