VB Script determine if user is domain admin

Posted on 2007-07-27
Last Modified: 2008-05-30
How can I get a VB Script to check whether the user that is running it has Domain Admin rights?

If the user isn't a Domain Admin I want the script to display an error and quit.
Question by:DeVereGroup
    1 Comment
    LVL 70

    Accepted Solution


    This should do, it's a bit long, but it chases down nested group memberships:

    Function RecursiveIsMember(strGroup, arrGroups, x)
          ' Return Type: Boolean
          ' Goes through Nested Groups until either booIsMember is True or there are no more groups to check
          Dim objADSystemInfo, objUser, objGroup
          Dim strGroupDN
          Dim arrTemp
          Dim booIsMember

          booIsMember = False

          On Error Resume Next
          If Not IsArray(arrGroups) Then
                Set objADSystemInfo = CreateObject("ADSystemInfo")
                Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
                arrGroups = objUser.GetEx("memberOf")
                Set objUser = Nothing
                Set objADSystemInfo = Nothing
          End If

          For Each strGroupDN in arrGroups
                Set objGroup = GetObject("LDAP://" & strGroupDN)
                ' WScript.Echo Space(x) & objGroup.Get("name")
                If Err.Number = 0 Then
                      If LCase(objGroup.Get("name")) = LCase(strGroup) Then
                            booIsMember = True
                            Exit For
                            arrTemp = objGroup.GetEx("memberOf")
                            If Err.Number = 0 Then
                                  y = x + 2
                                  booIsMember = IsMember(strGroup, arrTemp, y)
                                  If booIsMember = True Then
                                        Exit For
                                  End If
                            End If
                      End If
                End If
                Set objGroup = Nothing
          On Error Goto 0
          IsMember = booIsMember
    End Function

    If RecursiveIsMember("Domain Admins", "", 0) = False Then
          WScript.Echo "Error: Script must be executed by Domain Admin"
    End If

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now