Solved

Creating a Logon Script that maps network drives based on group membership

Posted on 2006-11-13
29
648 Views
Last Modified: 2008-02-20
I have been prowling the internet and trying VBS's and BAT's but I keep running into limitations on the scripts that I have found.  I have a Win2k3 domain and I have about 400 new users that I would like to set up a script through group policy applied to the OU they are in, to map their network drives based on their group membership.  Here is a list of some of the maps I need to create based on group membership.  I really need a script that can detect nested group membership so that I can make this list of maps to just.

Non-Nested Groups (There are a lot more than this)

Domain Users,P:,\\fs1\Public
Pharm13GoodyearTylerPharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SW\13 Goodyear Tyler
Pharm13GoodyearTylerAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SW\13 Goodyear Tyler
Pharm15GoodyearLawtonPharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm15GoodyearLawtonStaffPharm,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm15GoodyearLawtonAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm15GoodyearLawtonTech,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm29BlueRidgePharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm29BlueRidgeStaffPharm,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm29BlueRidgeAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm29BlueRidgeTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm36BMWPharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW
Pharm36BMWStaffPharm,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW
Pharm36BMWAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW
Pharm36BMWTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW

Nested Groups: (There are a lot more than this)

Domain Users,P:,\\fs1\Public
Pharm13GoodyearTyler,O:,\\bna-fs-01\On-Site\Pharmacy\SW\13 Goodyear Tyler
Pharm15GoodyearLawton,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm29BlueRidge,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm36BMW,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW

As you can see there are 4 groups nested inside a main site group, I would like to be able to detect the nested group membership so I don't have to enter all 170 groups into the script.  I have made some .bat scripts using the "ifmember" admin pack add-on which works okay but it doesn't do nested group membership very well, and I need something dependable.  I made the ifmember like this;

@ECHO OFF

IFMEMBER /v /l "Meridian\Domain Users"
IF ERRORLEVEL 1 goto public
IF ERRORLEVEL 0 goto bad

IFMEMBER /v /l "Meridian\Pharm13GoodyearTyler"
IF ERRORLEVEL 1 goto Pharm13GoodyearTyler
IF ERRORLEVEL 0 goto done

:public

net use p: /d
net use p: \\fs1\Public

:Pharm13GoodyearTyler

net use o: /d
net use o: "\\bna-fs-01\On-Site\Pharmacy\SW\13 Goodyear Tyler"
goto done

:done

ECHO Your drives are all mapped now
pause

But that runs into problems and is not consistent as I test it.  I would like to use VBscript to do it but I cannot find one that is consistent either.  Here is one that I found that seemed to work good but is very inconsistent where even if I'm not a member of one of those groups specifically it may just map me to a random shared drive that I don't have any group membership to:

On Error Resume Next

Dim GroupList
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")

GetGroupInfo()

LogonPath = fso.GetParentFolderName(WScript.ScriptFullName)
'**************************************Group Mappings Based on Grouplist.csv*********************************
If fso.FileExists(logonpath&"\Grouplist.csv") Then
   Set grplist = Fso.OpenTextFile(logonpath&"\Grouplist.csv")
   ' make File into an Array
   aGroup = Split(grplist.Readall,vbcrlf)
   For I = 0 to UBound(GroupList) ' Check Every Group Membership the user is in (populated into Grouplist)
      grpname = Grouplist(i)
      For x = 0 to UBound(aGroup) ' Read the entire CSV to make sure all drives are mapped for each Group
         mapline = agroup(x)
         If InStr(LCase(mapline),LCase(grpname)) Then ' If you're in the group
            mapline = Mid(mapline,InStr(mapline,",")+1) ' Remove the GroupName from the line
            drive = Left(mapline,InStr(mapline,",")-1) ' Extract Drive Letter
            path = Mid(mapline,InStr(mapline,",")+1) ' Extract the path

            If (fso.DriveExists(drive) <> True) and (Drive<>"!!") Then ' If The Drive is not already mapped
               WshNetwork.MapNetworkDrive drive,path ' Map The Drive
               wscript.sleep 1000
            End If

        If Drive = "!!" Then
               WSHNetwork.AddWindowsPrinterConnection Path
               wscript.sleep 1000
            end If

         End If
      Next
   Next
End If


Sub GetGroupInfo
Set UserObj = GetObject("LDAP://" & wshNetwork.UserDomain & "/" & WshNetwork.UserName)
Set Groups = UserObj.groups

For Each Group In Groups
GroupCount = GroupCount + 1
Next

ReDim GroupList(GroupCount -1)
i = 0
For Each Group In Groups
GroupList(i) = Group.Name
i = i + 1
Next
End Sub


The Grouplist.csv file contents

Domain Users,P:,\\fs1\Public
Pharm13GoodyearTylerPharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SW\13 Goodyear Tyler
Pharm13GoodyearTylerAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SW\13 Goodyear Tyler
Pharm15GoodyearLawtonPharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm15GoodyearLawtonStaffPharm,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm15GoodyearLawtonAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm15GoodyearLawtonTech,O:,\\bna-fs-01\On-Site\Pharmacy\SW\15 Goodyear Lawton
Pharm29BlueRidgePharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm29BlueRidgeStaffPharm,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm29BlueRidgeAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm29BlueRidgeTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\29 Blue Ridge
Pharm36BMWPharmManager,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW
Pharm36BMWStaffPharm,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW
Pharm36BMWAdminTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW
Pharm36BMWTech,O:,\\bna-fs-01\On-Site\Pharmacy\SE\36 BMW

I need to desperately come up with a solution to get these drives mapped based on group membership so that I can apply them to my OU with all these users and groups in them in group policy.  I need some level of error checking so I can know where it fails because I keep running into anomaly’s using these scripts where they work and then don't work.

Thanks
0
Comment
Question by:Nexall
  • 16
  • 13
29 Comments
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Here is the login script that I currently use to map drives based on group membership in AD.  Feel free to use it or modify it to fit your needs.

Kevin

-- Start of script --

'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'
' File:               Map Network Drives.vbs
' Updated:     October 2006
' Version:      1.3
' Author:        kshays
' Email:      
'
' Desc:             Login Script to map drives based on group
'                membership.
'
'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Dim objNet, objADInfo, objUser
Dim strDC, strFileServer

set objNet            = CreateObject("Wscript.Network")                   'create network object
set objADInfo      = CreateObject("ADSystemInfo")                         'create AD object
set objUser            = GetObject("LDAP://" & objADInfo.UserName) 'create user object
Set localDrives      = objNet.EnumNetworkDrives

sIT_Windows            = "\\servername\IT\"
sIT_Linux            = "\\servername\it"
sPublic_Windows      = "\\servername\public"
sPublic_Linux      = "\\servername\Public"
sFileServer            = "\\servername\"
sHome                  = "\\servername\" & objNet.UserName


'Remove all network drives allready mapped
For i = 0 to localDrives.Count -1 step 2
      If Not localDrives.item(i) = "" Then
            objNet.RemoveNetworkDrive localDrives.Item(i), True, True
            'msgbox(localDrives.item(i))
    End If
Next

' Sleep
Wscript.sleep 200

With objNet
        ' loop through all the groups the current user belongs to.
      For Each GroupObj in objUser.Groups
            Select Case LCase(GroupObj.Name)
                        ' converting the groupobj.name into all lowercase and checking the value.
                  case "cn=information technology"
                        .MapNetworkDrive "I:", sIT_Windows
                        .MapNetworkDrive "J:", sPublic_Windows
                        .MapNetworkDrive "K:", sFileServer & "it"
                        Wscript.sleep 400

                  case "cn=sales"
                        .MapNetworkDrive "P:", sFileServer & "sales"
                        Wscript.sleep 400

                  case "cn=customer service"
                        .MapNetworkDrive "M:", sFileServer & "customer_service"
                        Wscript.sleep 400

                  case "cn=marketing"
                        .MapNetworkDrive "O:", sFileServer & "marketing"
                        Wscript.sleep 400

                  case "cn=human resource"
                        .MapNetworkDrive "Q:", sFileServer & "human_resource"
                        Wscript.sleep 400

            End Select
            'msgbox(GroupObj.Name)
      Next

      .MapNetworkDrive "Y:", sPublic_Linux
      .MapNetworkDrive "Z:", sHome

End With

'cleanup resources
set objNet                  = Nothing
set objADInfo            = Nothing
set objUser                  = Nothing
set sFileServer            = Nothing
set sPublic_Windows      = Nothing
set sPublic_Linux       = Nothing
set sHome                   = Nothing
set sIT_Windows            = Nothing
set sIT_Linux            = Nothing

'quit wscript
WScript.Quit

-- end of script --


PS:  You will need to format since all the formatting was lost when I pasted it.

0
 

Author Comment

by:Nexall
Comment Utility
Kshays, I tried you script but with no luck I cannot get it to run at all.  All it does it just unmap all mounted network drives and the rest of the code isn't even trying.
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Hi nexall, uncomment this line and see what type of output you are getting for your groups ok.

  'msgbox(GroupObj.Name)

Should be -> MsgBox(GroupObj.Name)

Whatever groups a user belongs in should be listed in that messagebox.
Select Case LCase(GroupObj.Name) -----> This converts the output to lowercase so you can just use lowercase in your case selects to make it easier is all.  So in the case "cn=sales" you would make sure you would have this in all lowercase in your situation.

I would first just try this script while you are logged in to get a listing of groups that are a member of right now.  After that and you have tested to make sure it's mapping drives right then you can assign it via a login script in GPO.

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
Well I see the outputs now and that is fine, Minus this script doesn't detect the primary group, so I cannot use it to map say our public drive that all "domain users" should have.  Also it cannot detect nested groups, which means I would have to put 169 entries in two spots within the script.  Is there a way to detect nested groups so I can just put those 40 or so in instead of every individual group?  I'm using Primal Script to write the VBS so I'm executing and running it as me to make sure it works as I add my self to these groups.

Thanks
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
If all the domain users should have a public drive mapped then you could just map that the same way I did which is after the checking for groups.  It's early here and haven't got a lot of sleep so can you explain exactly about the nested groups.

For instance if i'm part of the domain users, information_technology, sales group and the domain admins have the following groups that are under it (information_technology, sales) ?

If not and you are wanting to just check for the group and if it has any groups listed in it, there may be a way, but i'm not sure right off hand though.  Here are a couple of links that might give you some ideas though.

http://www.microsoft.com/technet/scriptcenter/default.mspx
http://www.microsoft.com/technet/scriptcenter/hubs/ad.mspx
http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx?mfr=true

Anytime Nexall,

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
I need to be able to enumerating nested group membership to map my network drives based on those memberships.

A nested group is a group that just has groups in it, so when the script looks for my groups it looks for exactly what is in AD "Member Of" tab.  What I need it to do is look at the "Members" tab of those specific groups that it finds they are members of so it can map because of the nested group.

We have like about 50 remote sites, so I have made a group for each site, for file directory permissions and distribution lists.  A user in these sites are just members of two groups, "Domain User" (by default) and "Their Site Name(Job)"

At these sites there are four job categories:

Pharmacy Manager
Staff Pharmacist
Admin Tech
Tech

So the groups would look like this for any site we have

13GoodYearTyler (Site Group)(All Job Groups are nested inside this group)

13GoodYearTylerPharmManger (The pharmacy Mangers)
13GoodYearTylerStaffPharm (The Staff Pharmacist)
13GoodYearTylerAdminTech (The Admin Tech)
13GoodYearTylerTech (The Tech)

I need to make a logon script that I can map the network drives based on that main nested group (Site group) because the other (Job Groups) don't have to have anything specific they just need to be mapped to their specific site shared drive.

In those links you sent me I saw this script here: http://www.microsoft.com/technet/technetmag/issues/2006/03/ScriptingGuy/default.aspx

On Error Resume Next

SetobjUser=GetObject("LDAP://CN=Ken Myer," & _
    "OU=Finance,DC=fabrikam,DC=com")
Set colGroups = objUser.Groups
For Each objGroup in colGroups
    Wscript.Echo objGroup.CN
    GetNested(objGroup)
Next
Function GetNested(objGroup)
    On Error Resume Next
    colMembers = objGroup.GetEx("memberOf")
    For Each strMember in colMembers
        strPath = "LDAP://" & strMember
        Set objNestedGroup = _
        GetObject(strPath)
        WScript.Echo objNestedGroup.CN
        GetNested(objNestedGroup)
    Next
End Function

Which could work but this line here kills it for me SetobjUser=GetObject("LDAP://CN=Ken Myer," & _
    "OU=Finance,DC=fabrikam,DC=com")  where it makes the AD object for that specific user which means I would need to put it for every user which would be even worse than putting each (Job Group) they are in.  I'm sure there has to be a way to get these drives mapped with VBS that is efficient and works with nested group membership.

Thanks Kevin for so much help so far just hope we can figure this out somehow.

Patrick
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Anytime.  That's what I was thinking when you were talking about nested groups, was just making sure though.  Wow, got a lot of remote sites there :)

Ok, let's see.  Have you tried to replace the cn=Ken myer with objNet.UserName ?  Here is the call I did in my original script.

set objUser          = GetObject("LDAP://" & objADInfo.UserName) 'create user object

Hopefully we'll get it worked out.  I wouldn't want to key in all those groups either if I didn't have to.  :D

I'll keep trying to find something, but hopefully it's just a small line that needs to be modified :)

Kevin


0
 

Author Comment

by:Nexall
Comment Utility
I tried it with your dimensions and it worked fine.  It Echoed out every group I'm a member of because it does that recursive loop and shows the groups that my groups are members of.  Now I guess I can cut up your code somehow to accept this list that it is echoing.

Mack-Daddy group detection:

Dim objNet, objADInfo, objUser
Dim strDC, strFileServer

set objNet          = CreateObject("Wscript.Network")               'create network object
Set objADInfo           = CreateObject("ADSystemInfo")                  'create AD object
set objUser         = GetObject("LDAP://" & objADInfo.UserName)       'create user object
Set localDrives     = objNet.EnumNetworkDrives

On Error Resume Next

set objUser = GetObject("LDAP://" & objADInfo.UserName) 'create user object
Set colGroups = objUser.Groups
For Each objGroup in colGroups
    Wscript.Echo objGroup.CN
    GetNested(objGroup)
Next
Function GetNested(objGroup)
    On Error Resume Next
    colMembers = objGroup.GetEx("memberOf")
    For Each strMember in colMembers
        strPath = "LDAP://" & strMember
        Set objNestedGroup = _
        GetObject(strPath)
        WScript.Echo objNestedGroup.CN
        GetNested(objNestedGroup)
    Next
End Function

I guess we have to take the objNestedGroup.CN and make that be the input for your script so that it can see that list of group membership then map the drives based on that.  Thanks so much for the help now if I can piece a map network drive function in this and it will work like a champion.

Thanks a ton Kevin
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Awesome.  Anytime Patrick.  Good Luck!

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
I have been messing with how to get your end of the script to pickup the results but I can't figure it out.  It is still showing all the groups nested and regular since the echo is still turned on but I cannot get the drives to map.  I figure you or someone could look at this script and see what it is missing.

Thanks Kevin for the help,

Dim objNet, objADInfo, objUser
Dim strDC, strFileServer

set objNet          = CreateObject("Wscript.Network")               'create network object
Set objADInfo           = CreateObject("ADSystemInfo")                  'create AD object
set objUser         = GetObject("LDAP://" & objADInfo.UserName)       'create user object
Set localDrives     = objNet.EnumNetworkDrives

sFS1_Public         = "\\fs1\Public\"
s13GoodYearTyler    = "\\fs1\On-Site\Pharmacy\SW\13 Goodyear Tyler"
s15GoodYearLawton   = "\\fs1\On-Site\Pharmacy\SW\15 Goodyear Lawton"
s29BlueRidge             = "\\fs1\On-Site\Pharmacy\SE\29 Blue Ridge"
s36BMW                    = "\\fs1\On-Site\Pharmacy\SE\36 BMW"
s1Southwire         = "\\fs1\On-Site\Pharmacy\SE\1 Southwire"

On Error Resume Next

set objUser = GetObject("LDAP://" & objADInfo.UserName) 'create user object
Set colGroups = objUser.Groups
For Each objGroup in colGroups
    Wscript.Echo objGroup.CN
    GetNested(objGroup)
Next
Function GetNested(objGroup)
    On Error Resume Next
    colMembers = objGroup.GetEx("memberOf")
    For Each strMember in colMembers
        strPath = "LDAP://" & strMember
        Set objNestedGroup = _
        GetObject(strPath)
        WScript.Echo objNestedGroup.CN
        GetNested(objNestedGroup)
    Next
End Function

Wscript.sleep 200

With objNet
        ' loop through all the groups the current user belongs to.
     For Each GroupObj In objUser.Groups
          Select Case LCase(objNestedGroup.CN)
                        ' converting the groupobj.name into all lowercase and checking the value.
               case "cn=domain users"
                    .MapNetworkDrive "P:", sFS1_Public
                    Wscript.sleep 400

               case "cn=pharm13goodyeartylerpharmmanager"
                    .MapNetworkDrive "L:", s13GoodYearTyler
                    Wscript.sleep 400

               case "cn=pharm15goodyearlawton"
                    .MapNetworkDrive "L:", s15GoodYearLawton
                    Wscript.sleep 400

               case "cn=pharm29blueridge"
                    .MapNetworkDrive "O:", s29BlueRidge
                    Wscript.sleep 400

               case "cn=pharm36bmw"
                    .MapNetworkDrive "O:", s1Southwire
                    Wscript.sleep 400

          End Select
         ' MsgBox(GroupObj.Name)
     Next

     '.MapNetworkDrive "Y:", sFS1_Public
    ' .MapNetworkDrive "Z:", s13GoodYearTyler

End With

'cleanup resources
set objNet                     = Nothing
set objADInfo                      = Nothing
set objUser                     = Nothing
set sFS1_Public                = Nothing
set s13GoodYearTyler           = Nothing
set s15GoodYearLawton         = Nothing
set s29BlueRidge                 = Nothing
Set s36BMW                            = Nothing
Set s1Southwire                    = Nothing

'quit WScript
WScript.Quit
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Ok, I guess the first step is to see if it's falling into the case selects then.  Put a MsgBox("something in here") under each case "cn=*" so you can see if it's getting to the case.

Example would be:
case "cn=pharm15goodyearlawton"
     .MapNetworkDrive "L:", s15GoodYearLawton
     MsgBox("Found s15GoodYearLawton")

It really doesn't make any sense why they are not mapping unless none of the case selects are getting hit.  

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
I have tried that and I don't get any message boxes for any of the mapping network drives.  So not sure what input I need to take from the nested group detection objNestedGroup.CN or objGroup.CN or can I make your script do a

For Each GroupObj In objUser.Groups
          Select Case LCase(objNestedGroup.CN && objGroup.CN)

??
I have tried it a couple different ways but I cannot get it to run, anyway I can think of.  I'm really close now because the nested group detection works perfectly but cannot get the drives to map.

Thanks
Patrick
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Yeah, gotta figure out what you need in the case then.  Find this line and uncomment it ok.

' MsgBox(GroupObj.Name)

Should be:
MsgBox(GroupObj.Name)

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
Did that but all that does is just echo out the basic groups they are a member off and not the Nested groups that comes from objNestedGroup.CN and when I try and echo that in your part of the script it doesn't work at all.  Just need to figure out how to make the output of the first script be the input to your script and it will work.

Thanks
Patrick
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 16

Expert Comment

by:kshays
Comment Utility
ahhh, ok, let's try something else then.

Can you paste the entire code that you are working on and I can try to modify it to reflect my domain and settins so I can test with?

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
'==========================================================================
'
' VBScript Source File -- Created with SAPIEN Technologies PrimalScript 4.0
'
' NAME:
'
' AUTHOR:  ,
' DATE  : 11/16/2006
'
' COMMENT:
'
'==========================================================================
Dim objNet, objADInfo, objUser
Dim strDC, strFileServer

set objNet          = CreateObject("Wscript.Network")               'create network object
Set objADInfo           = CreateObject("ADSystemInfo")                  'create AD object
set objUser         = GetObject("LDAP://" & objADInfo.UserName)       'create user object
Set localDrives     = objNet.EnumNetworkDrives

sFS1_Public         = "\\fs1\Public\"
s13GoodYearTyler    = "\\fs1\On-Site\Pharmacy\SW\13 Goodyear Tyler"
s15GoodYearLawton   = "\\fs1\On-Site\Pharmacy\SW\15 Goodyear Lawton"
s29BlueRidge             = "\\fs1\On-Site\Pharmacy\SE\29 Blue Ridge"
s36BMW                    = "\\fs1\On-Site\Pharmacy\SE\36 BMW"
s1Southwire         = "\\fs1\On-Site\Pharmacy\SE\1 Southwire"

On Error Resume Next

set objUser = GetObject("LDAP://" & objADInfo.UserName) 'create user object
Set colGroups = objUser.Groups
For Each objGroup in colGroups
    Wscript.Echo objGroup.CN
    GetNested(objGroup)
Next
Function GetNested(objGroup)
    On Error Resume Next
    colMembers = objGroup.GetEx("memberOf")
    For Each strMember in colMembers
        strPath = "LDAP://" & strMember
        Set objNestedGroup = _
        GetObject(strPath)
        WScript.Echo objNestedGroup.CN
        GetNested(objNestedGroup)
    Next
End Function

Wscript.sleep 200

With objNet
        ' loop through all the groups the current user belongs to.
     For Each GroupObj In objUser.Groups
          Select Case LCase(objGroup.GetEx)
                        ' converting the groupobj.name into all lowercase and checking the value.
               case "cn=domain users"
                    .MapNetworkDrive "P:", sFS1_Public
                    MsgBox("Found Domain Users")
                    Wscript.sleep 400

               case "cn=pharm13goodyeartylerpharmmanager"
                    .MapNetworkDrive "L:", s13GoodYearTyler
                    MsgBox("Found Goodyear Tyler Pharm Manager")
                    Wscript.sleep 400

               case "cn=pharm15goodyearlawton"
                    .MapNetworkDrive "L:", s15GoodYearLawton
                    MsgBox("Found Goodyear Lawton")
                    Wscript.sleep 400

               case "cn=pharm29blueridge"
                    .MapNetworkDrive "O:", s29BlueRidge
                    MsgBox("Found BlueRidge")
                    Wscript.sleep 400

               case "cn=pharm36bmw"
                    .MapNetworkDrive "O:", s1Southwire
                    MsgBox("Found BMW")
                    Wscript.sleep 400

          End Select
         MsgBox(objGroup.GetEx)
     Next

     '.MapNetworkDrive "Y:", sFS1_Public
    ' .MapNetworkDrive "Z:", s13GoodYearTyler

End With

'cleanup resources
set objNet                     = Nothing
set objADInfo                      = Nothing
set objUser                     = Nothing
set sFS1_Public                = Nothing
set s13GoodYearTyler           = Nothing
set s15GoodYearLawton         = Nothing
set s29BlueRidge                 = Nothing
Set s36BMW            = Nothing
Set s1Southwire                    = Nothing

'quit WScript
WScript.Quit
0
 

Author Comment

by:Nexall
Comment Utility
Any luck yet on anyone finding out how to get this to work?

Thanks
Patrick
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
I did comment out all the msgbox and wscript echo commands then started from the top looking at the groups.  I've not had any luck as of yet either, but sometimes it's pretty hard to find information for vbscript regarding AD though.  I can sense that the script is right there, but it just needs something else though to make it work.

I'll try to test some today on it again and see what I can find.  Hopefully we can get it going for you :)

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
Kevin,

Just wandering if you turned up anything yet on that script, or if anyone else has on how to make it work.  Hope you had a good Thanksgiving.  I will go ahead and start making .bat scripts for each site since I have to get it working soon.

Thanks for your help I know the script is really close to getting it to work just need to get the mapped network drives to take the output of the nested group enumeration.

Thanks
Patrick
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Had a good thanksgiving, you?  Honestly I completely forgot about it.  Does this line give you all the output you need?

Wscript.Echo objGroup.CN

It may be that you need to go ahead and get a temp solution fixed as i've done before and then fine tune the script.  I'm on version 3 of my script.  Version 1 was a really long and drawn out script that had things that was just too over complicated, now it's condensed and more efficient for what i'm doing.
The last I checked I was getting all the groups that I was suppose to, at least I think I was.

:)

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
Yep it was a busy thanksgiving with lots of road time but that is how it supposed to be right.  Well I messed with it some and Wscript.Echo objGroup.CN just shows the groups I'm a direct member of, and WScript.Echo objNestedGroup.CN shows all the nested groups I'm a member of through the groups I'm a direct member off.  The thing that I have noticed by just trying to make a MSGbox that shows the same info at the end of the nested group function is that it doesn't go to your part of the script.  It just finishes that function and doesn't even begin to read any of the lines of code that you made to map the drives, so if we can just get it to at least read your script then we can figure out how to get the input probably.  I guess your scripts input would need to be objGroup.CN  && objNestedGroup.CN  

I guess these 500 points will be well worth it after all this mess that is for sure, have a good day.

Patrick
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Ok, gotcha, i'll get back with you then on that.  Going to do some testing ;)

Kevin
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Well it looks like it's this line that is causing the problem.
Select Case LCase(objGroup.GetEx)

This message box doesn't return anything.

          End Select
         MsgBox(objGroup.GetEx)

So I guess it's finding the correct statement to put in the select case now for it to work right :)

Kevin

0
 
LVL 16

Accepted Solution

by:
kshays earned 500 total points
Comment Utility
Try this and see what you get.  Just replace what I have in the function with the case selects to your groupname ok.

Dim objNet, objADInfo, objUser
Dim strDC, strFileServer

set objNet          = CreateObject("Wscript.Network")               'create network object
Set objADInfo       = CreateObject("ADSystemInfo")                  'create AD object
set objUser         = GetObject("LDAP://" & objADInfo.UserName)      'create user object
Set localDrives     = objNet.EnumNetworkDrives

sFS1_Public         = "\\fs1\Public\"
s13GoodYearTyler    = "\\fs1\On-Site\Pharmacy\SW\13 Goodyear Tyler"
s15GoodYearLawton   = "\\fs1\On-Site\Pharmacy\SW\15 Goodyear Lawton"
s29BlueRidge        = "\\fs1\On-Site\Pharmacy\SE\29 Blue Ridge"
s36BMW              = "\\fs1\On-Site\Pharmacy\SE\36 BMW"
s1Southwire         = "\\fs1\On-Site\Pharmacy\SE\1 Southwire"
array1 = ""

On Error Resume Next

set objUser       = GetObject("LDAP://" & objADInfo.UserName) 'create user object
Set colGroups       = objUser.Groups

Function GetNested(objGroup)
      On Error Resume Next

    colMembers = objGroup.GetEx("memberOf")

    For Each strMember in colMembers
        strPath = "LDAP://" & strMember
        Set objNestedGroup = _
        GetObject(strPath)
        'WScript.Echo objNestedGroup.CN      '7 groups, not the same as the one above.
        GetNested(objNestedGroup)

            Select Case LCase(objNestedGroup.CN)
                  Case "administrators"
                        msgbox("found administrators")
                'objNet.MapNetworkDrive "P:", sFS1_Public
                  Case "backup operators"
                        msgbox("found backup operators")
                'objNet.MapNetworkDrive "P:", sFS1_Public
            End Select
      Next

End Function


For Each objGroup in colGroups
    'Wscript.Echo objGroup.CN      '5 groups I belong to.
    GetNested(objGroup)
Next

'.MapNetworkDrive "Y:", sFS1_Public
' .MapNetworkDrive "Z:", s13GoodYearTyler


'cleanup resources
set objNet                    = Nothing
set objADInfo                    = Nothing
set objUser                    = Nothing
set sFS1_Public               = Nothing
set s13GoodYearTyler          = Nothing
set s15GoodYearLawton        = Nothing
set s29BlueRidge                = Nothing
Set s36BMW          = Nothing
Set s1Southwire                  = Nothing

'quit WScript
WScript.Quit


Kevin
0
 

Author Comment

by:Nexall
Comment Utility
Sorry about taking forever to get back.  We are going through a SOX audit.  I have tried the script that we have made and it works good minus is in the group selection and mapping part.


          Select Case LCase(objNestedGroup.CN)
               Case "pharm13goodyeartyler"
                    msgbox("found 13GoodyearTyler")
                objNet.MapNetworkDrive "O:", s13GoodYearTyler
               Case "domain users"
                    msgbox("found domain users")
                objNet.MapNetworkDrive "P:", sFS1_Public
          End Select

It is only matching the first match.  So if I'm in both of those groups then it will only map the first one. The only thing I can think is the Case doesn't like domain users because it has a space in it.  Any Ideas?  Thanks for the help, and hope you have a Merry Christmas this weekend.
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
I don't think it picks up domain users on my end either from what I can recall.  Hmm, by putting it inside the Foreach statement, it should loop through the select for each member that you are in.  Are those the only two groups you are in?  If so can you create a security group and add yourself to it, add the case to the select case for it with a message box to see if it picks it up.

Actually I got tied up doing some other things also the past few weeks and completely forgot about it.

Have a Merry Christmas,

Kevin
0
 

Author Comment

by:Nexall
Comment Utility
Hey Kevin,

I have had some more time to mess with it.  I'm in about 20 groups or so and I got it where it Echo’s everyone of them and some that are just double nested groups which is fine just shows I need to clean it up some.  But the problem I have now is it actually mapping the drives based on those results.  I would like to map about 5 drives based on groups and every time I put them in to map and it and run the script and nothing happens.  I'm not sure what is holding it back because the paths to network drives are fully defined.  Could you get it to work with more than one drive matching because I can get one match to map then anything more than that it just sits there.  Hope you had a Happy New Year.

Thanks
Patrick
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
I would think I could with no problem.  I'll have to test tomorrow when I go back to work to make sure though.

It could have been different that's for sure.  Hope you had a good one :)

Kevin
0
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Patrick, I forgot to post back, but the script maps fine here at work.  Not sure why it will not map on your system :(

Kevin
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now