• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1404
  • Last Modified:

ifmember no longer working in new logon script

Using Server 2003 Active Directory with XP clients;
We have a logon script (logon.bat) that works fine using ifmember to map network drives based on group membership.
I created another logon script using the same syntax (see code snippet) and in stead of executing the commands based on group membership, it executes all command for all groups.
So when a user logs on, the script behaves as if the user is member of all groups.
As far as I can see this can only be because in my new script, ifmember is not recognised as a valid function and errorlevel equals 1, so all commands execute.
I tested the same script locally after logon by copying our ifmember.exe from \\OURSERVER\NETLOGON into a local folder and running the script from that same folder; the script works fine.

The original script was created years ago and since then, we have had all our domain controllers replaced and renamed, although they all have ifmember.exe in the \\SERVER\NETLOGON share.
I even copied the original script to a different gpo and the same problem appears; the copy of the script behaves as if the ifmember.exe function cannot be found.

Any idea why the old script would work and the new one does not?
@echo off
 
:group1
ifmember firstgroup
if not errorlevel 1 goto group2
firstgroup.vbs
 
:group2
ifmember secondgroup
if not errorlevel 1 goto group3
secondgroup.vbs
 
:group3
ifmember thirdgroup
if not errorlevel 1 goto end
thirdgroup.vbs
 
:end
exit

Open in new window

0
DorisOnline
Asked:
DorisOnline
  • 2
1 Solution
 
oBdACommented:
How are you running this script, through the logon script in the user's properties, or through a GPO? And if the latter, where is the logon script physically stored, in the netlogon folder or in the GPO folder? If the latter, put the new logon script into the netlogon share, and then use "%logonserver%\netlogon\NewLogonScript.cmd" as path to the logon script in the GPO.
0
 
DorisOnlineAuthor Commented:
Both the original working one and the new one are run through a GPO and are physically located in the GPO folder.
The netlogon folder had neither.
I put the new one in the netlogon folder like you advised and the new script worked perfectly.
I also figured out now why the original script runs ok; ifmember.exe was copied into its GPO folder so wasn't using the netlogon anyway. I thought a script checks the netlogon folder if it can't find ifmember in the current directory, but apparently not..
I think I will copy ifmember.exe into the new script's GPO folder as well and use my original script since it seems tidier to use separate GPO folders rather put everything in netlogon.
Thanks for the solution!
0
 
DorisOnlineAuthor Commented:
spot on, thanks for the quick help
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows PowershellĀ® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now