Using OU membership to assign drives or other resources

Posted on 2006-04-27
Last Modified: 2008-02-01

I can't believe I can't find somewhere where this was already done, but I'm trying to use active directory OU memebership to determine how a drive is mapped.  I'm trying LDAP query, but I can't get it to work.

Dim objADObject, Username, MyOrgUnit, MyDomain

' Bind to the user object in Active Directory with the LDAP provider.
    Set objADObject = GetObject("LDAP://dc=myDom, dc=com")' cn=UserName,ou=myOrgUnit,dc=MyDomain,dc=com")

    If instring(objADObject, "OU_MtP") Then
      objNetwork.MapNetworkDrive "H:", "\\T105002\home"
    Else If IsMember(objADObject, "OU_Operations") Then
         objNetwork.MapNetworkDrive "H:", "\\T105002\home"
    Else If IsMember(objADObject, "OU_Pwest") Then
         objNetwork.MapNetworkDrive "H:", "\\227002\home"
    Else If IsMember(objADObject, "OU_serville") Then
         objNetwork.MapNetworkDrive "H:", "\\TB105002\home"
   Else If IsMember(objADObject, "OU_MBs") Then
         objNetwork.MapNetworkDrive "H:", "\\TB105002\home"
      Wscript.Echo "User " & & " is NOT a member of group " & strGroup
    End If

As you can see, I have tried a few ways, but nothig works.
Question by:whoam

    Author Comment

    Perhaps select case would be better

    Set objADObject = GetObject("LDAP://dc=myDom, dc=com")
    select case (objADObject)
         case "OU1"
              objNetwork.MapNetworkDrive "H:", "\\T105002\home"
        case "OU2"
              objNetwork.MapNetworkDrive "H:", "\\T105002\home"
    '===etc, etc====
        end select

    LVL 3

    Accepted Solution

    Heheheh, here we go again....

    Using the example below you would assign drives this simply:

    if IsDirectMemberOfOU("OUName") then objNetwork.MapNetworkDrive "H:", "\\T105002\home"
    if IsIndirectMemberOfOU("OUName") then objNetwork.MapNetworkDrive "H:", "\\T105002\home"
    if IsMemberOfGroup("Domain Admins") then objNetwork.MapNetworkDrive "H:", "\\T105002\home"

    '*********************start of script********************
    option explicit

    dim objSYSInfo, objNetwork
    Set objSysInfo = WScript.CreateObject("ADSystemInfo")
    Set objNetwork = WScript.CreateObject("WScript.Network")

    dim objADSUser
    Set objADSUser = GetObject("LDAP://" & objSYSInfo.username)

    dim objADSOU
    Set objADSOU = GetObject(objADSUser.parent)

    dim objWinntUser
    set objWinntUser = GetObject("WinNT://" & objNetwork.UserDomain & "/" & objNetwork.UserName & ",user")

    '******* end of objects declarations

    dim strOU, strGroup
    strOU = "_davidstestou"
    strGroup = "Domain Admins"

    msgbox objNetwork.username & " is directly inside the " & strOU & " OU = " & IsDirectMemberOfOU(strOU)
    msgbox objNetwork.username & " is directly or indirectly inside the " & strOU & " OU = " & IsIndirectMemberOfOU(strOU)
    msgbox objNetwork.username & " is a member of the " & strGroup & " group = " & IsMemberOfGroup(strGroup)

    msgbox "note the difference in paths for the different protocols:" & vbcrlf & _
          "User ADSPath(Winnt) = " & objWinntUser.adspath & vbcrlf & _
          "User ADSPath(LDAP) = " & objADSUser.adspath

    '***** End of main script, All functions and subs below *****

    Function IsDirectMemberOfOU(OUName) 'the user is contained directly within the OU
    IsDirectMemberOfOU = false

    if ucase(objADSOU.OU) = ucase(OUName) then
          IsDirectMemberOfOU = True
    end if

    end Function

    Function IsIndirectMemberOfOU(OUName) 'the user is somewher under the OU specified
    IsIndirectMemberOfOU = false

    if instr(ucase(objADSOU.adspath),ucase(OUName)) then
          IsIndirectMemberOfOU = True
    end if

    end Function

    Function IsMemberOfGroup(GroupName) 'the user is a member of a specified group
    IsMemberOfGroup = False

    Dim objGroup
    set objGroup = GetObject("WinNT://" & objNetwork.UserDomain & "/" & GroupName & ",group")

    IsMemberOfGroup = objGroup.IsMember(objWinntUser.ADsPath)

    End Function

    Author Comment


    Author Comment

    Okay, now we're cooking with gas!  

    Below is what I managed to cobble together.  
     Have 6 last questions
    1. how do I check to see if a user has a z drive on the server.  i.e.  a user's z drive is a folder names the same as the user's account.  in the case of a new user, they will not have one made for them.

    2. with my naming scheme it would be very nice to map printers using wildcard/near matches.  i.e.  a user in mtp_1st_mapping group should get all printers whose names start with mtp_1.

    3.  it took some time, but is seems that objects have to be defined within the subs and functions  or they do not work.  i.e.
                    set variabl = getobject(  must appear inside the sub to work there.  is this true?

    4.  If I try to put Option Explicit statments anywhere, I get an error that point to the option explicit statment.  any ideas?

    5.  the whole subroutine structure evades me.  in Function UserIsMemberOfGroup(GroupName)  you have a variable in parenthases(SP?) what exactly is happening here?

    6.  I'm still not clear, how do I make is so that I can map objects based on parent OU memebership?


    '************************begin script**********************************************


    'Look up some of these on Google, it will give you a good idea of what you are really working with and some of the standard properties/methods associated.  The Microsoft documentation on these isn't too bad.  
    'Try having the script echo a few of the properties you find so that you can get used to what you have to work with.

    'WshNetwork Object
    'WshShell Object

    'Here's a trimmed down version of what I think you were trying to accomplish:

    'On Error Resume Next
    'Option Explicit
    'WScript.Sleep 3000 'miliseconds

    Dim EchoStuff
    'Make this False to stop all messages...
    EchoStuff = True

    Dim SYS
    Set SYS = CreateObject("ADSystemInfo")

    Dim ADSUser
    Set ADSUser = GetObject("LDAP://" & SYS.UserName)
    If EchoStuff Then MsgBox "ADSPath for ADSUser:" & vbCrLf & ADSUser.adspath

    Dim ADSUserOU
    Set ADSUserOU = GetObject(ADSUser.parent)
    If EchoStuff Then MsgBox "ADSPath for User OU:" & vbCrLf & ADSUserOU.adspath

    Dim WinntUser
    'Set WinntUser = GetObject("WinNT://" & WSHNet.UserDomain & "/" & WSHNet.UserName & ",user")
    'If EchoStuff Then MsgBox "ADSPath for WinntUser:" & vbCrLf & WinntUser.adspath

    Dim ADSComputer
    Set ADSComputer = GetObject("LDAP://" & SYS.ComputerName)
    If EchoStuff Then MsgBox "ADSPath for ADSComputer:" & vbCrLf & ADSComputer.adspath

    Dim ADSComputerOU
    Set ADSComputerOU = GetObject(ADSComputer.parent)
    If EchoStuff Then MsgBox "ADSPath for Computer OU:" & vbCrLf & ADSComputerOU.adspath

    Dim WSHNet
    Set WSHNet = WScript.CreateObject("WScript.Network")

    Dim objSysInfo, ObjNetwork
    Set objSysInfo = WScript.CreateObject("ADSystemInfo")
    Set objNetwork = WScript.CreateObject("Wscript.Network")

    '****************End of Declarations, beginning of Main Script****************
    'clean the systems

    If EchoStuff Then MsgBox "Adding Common Drives"
    WSHNet.MapNetworkDrive "I:", "\\R105002\intercept"
    WSHNet.MapNetworkDrive "S:", "\\R105002\shared"

    If UserIsMemberOfGroup("DOMAIN ADMINS") Then
       If EchoStuff Then MsgBox "Adding IT Department Drives"
       objNetwork.MapNetworkDrive "N:", "\\R105002\install"
       objNetwork.MapNetworkDrive "H:", "\\R105002\home"
       objNetwork.MapNetworkDrive "V:", "\\R052002\home"
       objNetwork.MapNetworkDrive "P:", "\\R227002\home"
       objNetwork.MapNetworkDrive "M:", "\\R221002\home"
    End If

        If UserIsMemberofGroup("mtp_1st_mapping") Then
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_1st_MainBranch_HP_2300dtn_PCL6", "MtP_1st_MainBranch_HP_2300dtn_PCL6"
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_1st_MainBranch_HP_4200dtn_PCL6", "MtP_1st_MainBranch_HP_4200dtn_PCL6"
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_1st_MainBranch_HP_4250dtn_PCL6", "MtP_1st_MainBranch_HP_4250dtn_PCL6"
             objprinter.SetDefaultPrinter "\\R105009\MtP_1st_MainBranch_HP_4200dtn_PCL6"
        Else If UserIsMemberofGroup("mtp_2nd_mapping")Then
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_2nd_MainBranch_HP_4250_pcl6"
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_2nd_MainBranch_HP_3700dn_PCL6"
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_2nd_MainBranch_HP_8150_PCL5"
        Else If UserIsMemberofGroup("opps_mapping") Then
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_1st_ops_hp_2200_pcl6"
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_1st_ops_hp_4250dtn_pcl6"
             WSHNet.AddWindowsPrinterConnection "\\R105009\MtP_1st_ops_hp_8150n_pcl5"
        End If
     End If

    If echosStuff Then MsgBox "Add Z: DRIVE per Site"
        Select Case UCase(objSysInfo.SiteName)
             Case "MAIN-OFFICE"  
                WSHNet.MapNetworkDrive "Z:", "\\R105002\home\" & ADSUser.SamAccountName
             Case "MB"
                 WSHNet.MapNetworkDrive "Z:", "\\R221002\home\" & ADSUser.SamAccountName
            'Case "PW"
              '   WSHNet.MapNetworkDrive "Z:", "\\R227002\home\" & ADSUser.SamAccountName
             Case "SILLE"
                 WSHNet.MapNetworkDrive "Z:", "\\R052002\home\" & ADSUser.SamAccountName
            Case Else
                MsgBox "NO Z: DRIVE"
        End Select

    'Select Case UCase(ADSUserOU.OU) 'All case statements below should be in capitals

    '   Case "OU_MTP"
    '      WSHNet.MapNetworkDrive "Z:", "\\R105002\home\" & ADSUser.SamAccountName
    '    Case "ManagedAdministrators"
     '     WSHNet.MapNetworkDrive "Z:", "\\R105002\home\" & ADSUser.SamAccountName

    '   Case "OU_OPERATIONS"
    '      WSHNet.MapNetworkDrive "Z:", "\\R105002\home\" & ADSUser.SamAccountName

    '   Case "OU_PWEST"
     '     WSHNet.MapNetworkDrive "Z:", "\\R105002\home\" & ADSUser.SamAccountName
      ' Case "OU_SUMMERVILLE"
       '   WSHNet.MapNetworkDrive "Z:", "\\R052002\home\" & ADSUser.SamAccountName

    '   Case "OU_MBEACH"
     '     WSHNet.MapNetworkDrive "Z:", "\\R221002\home\" & ADSUser.SamAccountName
      ' Case "OU_PWEST"
       '   WSHNet.MapNetworkDrive "Z:", "\\R227002\home" & ADSUser.SamAccountName

    '   Case Else
     '     If EchoStuff Then MsgBox "The " & ADSUserOU.OU & " Organizational Unit isn't listed for drive mappings"

    'End Select
    '******End of Main Script, beginning of Subs & Functions*********************

    Sub RemoveNetworkDrives
       Dim oDrives, d, WshNet3
       Set WSHNet3 = WScript.CreateObject("WScript.Network")
       Set oDrives = WSHNet3.EnumNetworkDrives

       For d = 0 To oDrives.Count-1 Step 2
          If EchoStuff Then MsgBox "Removing " & oDrives.Item(d) & " (" &  oDrives.Item(d + 1) & ")"
          WSHNet3.RemoveNetworkDrive oDrives.Item(d), True, True
    End Sub
    Sub RemoveNetworkPrinters

       Dim oPrinters, p, WshNet2
       Set WSHNet2 = WScript.CreateObject("WScript.Network")

       Set oPrinters = WshNet2.EnumPrinterConnections

       For p = 0 To oPrinters.Count - 1 Step 2
          If EchoStuff Then MsgBox "Removing Printer:" & vbCrLf & oPrinters.Item(p)
          WSHNet2.RemovePrinterConnection oPrinters.Item(p+1), True

    End Sub
    Function UserIsMemberOfGroup(GroupName)
       UserIsMemberOfGroup = False

       Dim objGroup
       Set objGroup = GetObject("WinNT://" & WSHNet.UserDomain & "/" & GroupName & ",group")
       Set WinntUser = GetObject("WinNT://" & WSHNet.UserDomain & "/" & WSHNet.UserName & ",user")

       UserIsMemberOfGroup = objGroup.IsMember(WinntUser.ADsPath)
    End Function
    Function IsMemberOfOU(OUName, OnlyCheckParent)
       IsMemberOfOU = False

       If Ucase(ADSUserOU.OU) = ucase(OUName) then
          IsMemberOfOU = True
       End If

       If OnlyCheckParent then Exit Function

       If InStr(1, UCase(ADSUserOU.adspath), UCase(OUName)) Then
          IsMemberOfOU = True
       End If

    End Function

    End If


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Introduction In a recent article ( for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
    Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
    Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
    Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now