[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

ifmember no longer working in new logon script

Posted on 2008-06-19
3
Medium Priority
?
1,398 Views
Last Modified: 2010-04-21
Using Server 2003 Active Directory with XP clients;
We have a logon script (logon.bat) that works fine using ifmember to map network drives based on group membership.
I created another logon script using the same syntax (see code snippet) and in stead of executing the commands based on group membership, it executes all command for all groups.
So when a user logs on, the script behaves as if the user is member of all groups.
As far as I can see this can only be because in my new script, ifmember is not recognised as a valid function and errorlevel equals 1, so all commands execute.
I tested the same script locally after logon by copying our ifmember.exe from \\OURSERVER\NETLOGON into a local folder and running the script from that same folder; the script works fine.

The original script was created years ago and since then, we have had all our domain controllers replaced and renamed, although they all have ifmember.exe in the \\SERVER\NETLOGON share.
I even copied the original script to a different gpo and the same problem appears; the copy of the script behaves as if the ifmember.exe function cannot be found.

Any idea why the old script would work and the new one does not?
@echo off
 
:group1
ifmember firstgroup
if not errorlevel 1 goto group2
firstgroup.vbs
 
:group2
ifmember secondgroup
if not errorlevel 1 goto group3
secondgroup.vbs
 
:group3
ifmember thirdgroup
if not errorlevel 1 goto end
thirdgroup.vbs
 
:end
exit

Open in new window

0
Comment
Question by:DorisOnline
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1600 total points
ID: 21821132
How are you running this script, through the logon script in the user's properties, or through a GPO? And if the latter, where is the logon script physically stored, in the netlogon folder or in the GPO folder? If the latter, put the new logon script into the netlogon share, and then use "%logonserver%\netlogon\NewLogonScript.cmd" as path to the logon script in the GPO.
0
 

Author Comment

by:DorisOnline
ID: 21821279
Both the original working one and the new one are run through a GPO and are physically located in the GPO folder.
The netlogon folder had neither.
I put the new one in the netlogon folder like you advised and the new script worked perfectly.
I also figured out now why the original script runs ok; ifmember.exe was copied into its GPO folder so wasn't using the netlogon anyway. I thought a script checks the netlogon folder if it can't find ifmember in the current directory, but apparently not..
I think I will copy ifmember.exe into the new script's GPO folder as well and use my original script since it seems tidier to use separate GPO folders rather put everything in netlogon.
Thanks for the solution!
0
 

Author Closing Comment

by:DorisOnline
ID: 31468708
spot on, thanks for the quick help
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question