I'm moving to a recursive group structure in AD that will be as follows:
- Job Function
Now, user accounts will only be added to the bottom group, their job function, and they inherit the group permissions etc for their department and site. Now, I'm writing a fairly long login script in VBscript that does certain things based on either site or department, but rarely job function. I have a small function that I found in someone else's loging script that does a great job of determining if a user is in a group, but it doesn't work for the scenario above, as the user would need to be a member of all 3 groups for it to apply to them.
The function I have is:
Dim oDict, oUser, oGroup
If IsEmpty(oDict) Then
Set oDict = CreateObject("Scripting.Dictionary")
oDict.CompareMode = vbTextCompare
Set oUser = GetObject("WinNT://" & strAdsPath & ",user")
For Each oGroup In oUser.Groups
oDict.Add oGroup.Name, "-"
Set oUser = Nothing
IsMember = CBool(oDict.Exists(sGroup))
if IsMember and bolWriteLog then objLogFile.WriteLine(Now() & ": Success: User is member of " & sGroup)
What I need is one that can somehow tell that if the account is in a group called "Accounts - Managers", then that group in in the group "Accounts Department". Perhaps there is another way to accomplish the same thing that I haven't thought of.
Thanks in advance :-)