Solved

ifmember no longer working in new logon script

Posted on 2008-06-19
3
1,385 Views
Last Modified: 2010-04-21
Using Server 2003 Active Directory with XP clients;
We have a logon script (logon.bat) that works fine using ifmember to map network drives based on group membership.
I created another logon script using the same syntax (see code snippet) and in stead of executing the commands based on group membership, it executes all command for all groups.
So when a user logs on, the script behaves as if the user is member of all groups.
As far as I can see this can only be because in my new script, ifmember is not recognised as a valid function and errorlevel equals 1, so all commands execute.
I tested the same script locally after logon by copying our ifmember.exe from \\OURSERVER\NETLOGON into a local folder and running the script from that same folder; the script works fine.

The original script was created years ago and since then, we have had all our domain controllers replaced and renamed, although they all have ifmember.exe in the \\SERVER\NETLOGON share.
I even copied the original script to a different gpo and the same problem appears; the copy of the script behaves as if the ifmember.exe function cannot be found.

Any idea why the old script would work and the new one does not?
@echo off
 
:group1
ifmember firstgroup
if not errorlevel 1 goto group2
firstgroup.vbs
 
:group2
ifmember secondgroup
if not errorlevel 1 goto group3
secondgroup.vbs
 
:group3
ifmember thirdgroup
if not errorlevel 1 goto end
thirdgroup.vbs
 
:end
exit

Open in new window

0
Comment
Question by:DorisOnline
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 400 total points
ID: 21821132
How are you running this script, through the logon script in the user's properties, or through a GPO? And if the latter, where is the logon script physically stored, in the netlogon folder or in the GPO folder? If the latter, put the new logon script into the netlogon share, and then use "%logonserver%\netlogon\NewLogonScript.cmd" as path to the logon script in the GPO.
0
 

Author Comment

by:DorisOnline
ID: 21821279
Both the original working one and the new one are run through a GPO and are physically located in the GPO folder.
The netlogon folder had neither.
I put the new one in the netlogon folder like you advised and the new script worked perfectly.
I also figured out now why the original script runs ok; ifmember.exe was copied into its GPO folder so wasn't using the netlogon anyway. I thought a script checks the netlogon folder if it can't find ifmember in the current directory, but apparently not..
I think I will copy ifmember.exe into the new script's GPO folder as well and use my original script since it seems tidier to use separate GPO folders rather put everything in netlogon.
Thanks for the solution!
0
 

Author Closing Comment

by:DorisOnline
ID: 31468708
spot on, thanks for the quick help
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question