Solved

map drives based on group membership

Posted on 2009-03-30
9
598 Views
Last Modified: 2012-08-14
I have a new Server 2008 domain that I want to have certain drives/printers mapped when a user logs on based on their group membership.  How can I go about accomplishing this?  Thank you.
0
Comment
Question by:mandyquinn
  • 5
  • 3
9 Comments
 
LVL 5

Expert Comment

by:kollenh
ID: 24022700
Depends on how dymanic you'd like things to be.  If it's mostly a one-time setup, I have a login script that can do that - maps drives based on group memberships, easy enough to add printers, as well.
By one-time setup I mean that group A will map to \\server\share and printer 1 and that wont change too often.  You can change it easily enough in the script, but if it's frequent could become a pain.
Let me know if you want the script, I'll need to make some tweaks to make it more generic.
0
 

Author Comment

by:mandyquinn
ID: 24022733
I would love that as it is going to be pretty static as it won't change often at all.

I would really aprreciate the script.

Thank you!
0
 
LVL 5

Expert Comment

by:kollenh
ID: 24022852
I'll sanitize it up and share it out.  Will you ever have any instance where a user, due to being a member of multiple groups, would map to the same drive letter?
0
 

Author Comment

by:mandyquinn
ID: 24022964
What we are wating to so is have our departmental drives map to S: and the admins in each department will have an admin drive that we would like to map to T: and their may be a couple of users that will be a part of multiple groups but that will only be 4 or 5 user out of 100.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 5

Expert Comment

by:kollenh
ID: 24023426
How are you going to handle the printer mapping?  It's easy enough to add a network printer but things can get a little messed up if you want to start tweaking local printers or printing to a network printer via a local TCP/IP port.
Typically what I do is enumerate the installed network printers and then if the one I want to have mapped isn't there, add it and ignore everything else.  You said it will be based on their group memberships?
0
 
LVL 5

Expert Comment

by:kollenh
ID: 24023781
I went ahead and put something together based and what makes sense given the information I have so far.  This is what I call a "bare-bones" script; it doesn't do much other than add what you want, very little in the way of checking and error handling.  If you want to do things like evaluate the printers (and drivers) installed and make sure you're not trying to map a network drive to a letter in use by a physical drive or just more error handling in general, let me know.  
You'll want to edit lines 7-13 for your environment but it should work fine from there.  You can remark-out line 5 if you're having problems to see if there are errors.  Let me know if you have other questions.

'login.vbs

'

'Function:  Map drives and printers according to group membership
 

On Error Resume Next
 

Const strDomain = "DC=domain,dc=com"	'AD domain

Const DeptGroup = "GroupName"

Const AdminGroup = "AdminGroupName"

Const DeptShare = "\\Server\Share"

Const AdminShare = "\\Server\Share"

Const DeptPrinter = "\\Server\Printer-Shared-name"

Const AdminPrinter = "\\Server\Printer-Shared-name"
 

Set wshNet = CreateObject("Wscript.Network")

Set objfso = CreateObject("Scripting.FileSystemObject")
 

blnAddDeptPrinter=True

blnAddAdminPrinter=True

' Enumerate the network printers

Set colPrinters = wshNet.EnumPrinterConnections

If colPrinters.Count > 0 Then

	For p = 0 To colPrinters.Count -1 Step 2

		 ' compare the printers by name CASE SENSITIVE

		If colprinters.item(p+1) = DeptPrinter Then blnAddDeptPrinter=False 

		

		If colprinters.item(p+1) = Adminprinter Then blnAddAdminPrinter=False
 

		 ' add new/additional printers here using above format

	Next

End If
 

' Search AD for user

strUser = CreateObject("Wscript.Network").Username

Set objconn = CreateObject("ADODB.Connection")

Set objcmd = CreateObject("ADODB.Command")

objconn.Provider = "ADsDSOObject"

objconn.Open "Active Directory Provider"

Set objcmd.ActiveConnection = objconn
 

objcmd.commandtext = _

  "<LDAP://" & strDomain & ">;(&(&objectCategory=User)" & _

    "(samAccountName=" & strUser & "));distinguishedname;subtree"
 

Set objrs = objcmd.Execute

While Not objrs.eof

	If objrs.recordcount = 0 Then

		 ' cannot continue w/o finding user group memberships

	Else

		 ' connect to the user object and enumerate their groups

		Set objUser = GetObject("LDAP://" & objrs.fields("distinguishedName"))

		arrGroups = objUser.GetEx("memberOf")

		 ' memberOf is an extended value so treat as an array

		For Each group in arrGroups

			'If using "distinguished" group names:

'			strGroup = group
 

			'otherwise use "friendly" group names

			Set objGroup = GetObject("LDAP://" & group)

			strGroup = objGroup.SAMaccountName
 

			If strGroup = DeptGroupt Then

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("S:") Then wshNet.RemoveNetworkDrive "S:",True

				 ' map drive

				wshNet.MapNetworkDrive "S:", DeptShare

				 ' add printer if it wasn't found initially

				If blnAddDeptPrinter Then wshNet.AddWindowsPrinterConnection DeptPrinter

			

			ElseIf strGroup = AdminGroup Then

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", AdminShare

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			End If

		Next

	

	End If

	objrs.movenext

Wend

objconn.close()
 

' Optional command to set the default

wshNet.SetDefaultPrinter DeptPrinter
 

' Release objects

If IsObject(objGroup)	Then Set objGroup = Nothing

If IsObject(objUser)	 Then Set objUser = Nothing

If IsObject(objfso)	Then Set objfso = Nothing

If IsObject(wshNet)	Then Set wshNet = Nothing

Open in new window

0
 

Author Comment

by:mandyquinn
ID: 24027934
Thank you so much!

As for the printers what we plan on doing is having network printers installed on our print server and then we want to map them on the clients as necessary.

As for the script what do I do if I have multiple admin shares and department shares?  What I'm asking is I have the shares below that need to be mapped based on group membership.  All admin shares should map to the T: drive and deparment shares should map to S: as we will have some users that need the admin and department drive.  As an example let's say a user that is a Highway department admin then they will need LC_HWYadmin mapped to T: and the LC_HWYuser mapped to S: and then I will have a user that is not an admin of the Probate office that will only need the S: drive mapped to LC_PROuser.

Admin Group Shares (need to map to T:)
     LC_HWYadmin
     LC_APRadmin
     LC_COMadmin
     LC_PROadmin
     LC_REVadmin

Department Group Shares (need to map to S: )
     LC_HWYuser
     LC_APRuser
     LC_COMuser
     LC_PROuser
     LC_REVuser
     LC_ACuser
     LC_SWuser
     LC_ENVuser
0
 
LVL 5

Accepted Solution

by:
kollenh earned 50 total points
ID: 24030644
Working off the assumption that you have a different group for each department, it's simply a matter of editing to script to look for and take action based on the groups each user belongs to.  Given the groups you're using, I switched to a 'Select Case' statement - it's easy to add more groups as time goes on, if you follow the format.
I also want to mention that while I define all the printer and server shares at the beginning of the script, you don't have to do that.  I like it because everything is identified at the top of the script for easy reference.
Not sure if you're mapping different printers for each group; I would guess not but I left it that way in the script, just in case.  It's easier to delete a line than add it later.  I'm also going off the assumption you have a little working knowledge of vbs.  If you need help understanding what I put together, I can go into more detail.
The best way to test this is add yourself to a group and then run the script (manually) and make sure it's doing what you want.  Remove yourself from that group, remove the drive/printer mapping, add to another group, run the script.  Rinse & repeat to your satisfaction.  I've used variations of this script for many years at several different companies and has worked well for me.
There is a big caveat with this script.  If a user belongs to more than one of these groups (for whatever reason), it's a toss-up which share they'll be mapped to due to the way the script cycles through the group memberships.  What will happen is that the LAST group read will be the one that they're mapped to.  Make sense?

'login.vbs

'

'Function:  Map drives and printers according to group membership
 

On Error Resume Next		'Rem for testing
 

Const strDomain = "DC=domain,dc=com"	'AD domain

' Printers

Const DeptPrinter = "\\Server\Printer-Shared-name"

Const AdminPrinter = "\\Server\Printer-Shared-name"

' Groups for the T: drive

Const LC_HWYadmin = "\\Server\LC_HWYadmin"

Const LC_APRadmin = "\\Server\LC_APRadmin"

Const LC_COMadmin = "\\Server\LC_COMadmin"

Const LC_PROadmin = "\\Server\LC_PROadmin"

Const LC_REVadmin = "\\Server\LC_REVadmin"

' Groups for the S: drive

Const LC_HWYuser = "\\Server\LC_HWYuser"

Const LC_APRuser = "\\Server\LC_APRuser"

Const LC_COMuser = "\\Server\LC_COMuser"

Const LC_PROuser = "\\Server\LC_PROuser"

Const LC_REVuser = "\\Server\LC_REVuser"

Const LC_ACuser = "\\Server\LC_ACuser"

Const LC_SWuser = "\\Server\LC_SWuser"

Const LC_ENVuser = "\\Server\LC_ENVuser"
 

Set wshNet = CreateObject("Wscript.Network")

Set objfso = CreateObject("Scripting.FileSystemObject")
 

blnAddDeptPrinter=True

blnAddAdminPrinter=True

' Enumerate the network printers

Set colPrinters = wshNet.EnumPrinterConnections

If colPrinters.Count > 0 Then

	For p = 0 To colPrinters.Count -1 Step 2

		 ' compare the printers by name CASE SENSITIVE

		If colprinters.item(p+1) = DeptPrinter Then blnAddDeptPrinter=False 

		

		If colprinters.item(p+1) = Adminprinter Then blnAddAdminPrinter=False
 

		 ' add new/additional printers here using above format

	Next

End If
 

' Search AD for user

strUser = CreateObject("Wscript.Network").Username

Set objconn = CreateObject("ADODB.Connection")

Set objcmd = CreateObject("ADODB.Command")

objconn.Provider = "ADsDSOObject"

objconn.Open "Active Directory Provider"

Set objcmd.ActiveConnection = objconn
 

objcmd.commandtext = _

  "<LDAP://" & strDomain & ">;(&(&objectCategory=User)" & _

    "(samAccountName=" & strUser & "));distinguishedname;subtree"
 

Set objrs = objcmd.Execute

While Not objrs.eof

	If objrs.recordcount = 0 Then

		 ' cannot continue w/o finding user group memberships

	Else

		 ' connect to the user object and enumerate their groups

		Set objUser = GetObject("LDAP://" & objrs.fields("distinguishedName"))

		arrGroups = objUser.GetEx("memberOf")

		 ' memberOf is an extended value so treat as an array

		For Each group in arrGroups

			' wscript.echo group		'Un-remark for TESTING

			'If using "distinguished" group names:

'			strGroup = group
 

			'otherwise use "friendly" group names

			Set objGroup = GetObject("LDAP://" & group)

			strGroup = objGroup.SAMaccountName
 

			Select Case LCase(strGroup)

			   ' Admin groups

			  Case "lc_hwyadmin"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_HWYadmin

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_apradmin"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_APRadmin

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_comadmin"

  				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_COMadmin

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_proadmin"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_PROadmin

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_revadmin"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_REVadmin

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  

			   ' Departmental groups

			  Case "lc_hwyuser"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_HWYuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_apruser"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_APuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_comuser"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_COMuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_prouser"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_PROuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_revuser"					 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_REVuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_acuser"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_ACuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_swuser"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_SWuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			  Case "lc_envuser"

				 ' make sure drive isn't mapped already

				If objfso.FolderExists("T:") Then wshNet.RemoveNetworkDrive "T:",True

				 ' map drive

				wshNet.MapNetworkDrive "T:", LC_ENVuser

				 ' add printer if it wasn't found initially

				If blnAddAdminPrinter Then wshNet.AddWindowsPrinterConnection AdminPrinter

			End Select
 

		Next

	End If

	objrs.movenext

Wend

objconn.close()
 

' Optional command to set the default (not recommended, tends to disgruntle employees)

'wshNet.SetDefaultPrinter DeptPrinter
 

' Release objects

If IsObject(objGroup)	Then Set objGroup = Nothing

If IsObject(objUser)	 Then Set objUser = Nothing

If IsObject(objfso)	Then Set objfso = Nothing

If IsObject(wshNet)	Then Set wshNet = Nothing

Open in new window

0
 
LVL 5

Expert Comment

by:indi001
ID: 35734074
You could use batch/cmd scripts as well.
Here a script I created for a similar purpose some months ago, using the "ifmember.exe" and "con2prt.exe", download from Microsoft:
"ifmember.exe" and "con2prt.exe" should be in your netlogon share.
here the relevant part of my script:

echo disconnect drives
net use * /delete /y
echo.
echo.
echo net use h: \\XXXfscluster\DAT /persistent:no
net use h: \\XXXfscluster\DAT /persistent:no
echo.
echo net use j: \\XXXfscluster\home$\%username% /persistent:no
net use j: \\XXXfscluster\home$\%username% /persistent:no
echo.
echo.
echo net use k: \\XXXSQL\WINDVSW2 /persistent:no
net use k: \\XXXSQL\WINDVSW2 /persistent:no
echo.
echo.
\\XXXlaw\netlogon\ifmember.exe ReuCash
if errorlevel=1 (
echo net use o: \\XXXfscluster\ReuCash /persistent:no
net use o: \\XXXfscluster\ReuCash /persistent:no
)
echo.
echo.
echo net use p: \\XXXfscluster\PROGS /persistent:no
net use p: \\XXXfscluster\PROGS /persistent:no
echo.
echo net use q: \\XXXfscluster\INSTALL /persistent:no
net use q: \\XXXfscluster\INSTALL /persistent:no
echo.
echo net use t: \\XXXfscluster\Daten /persistent:no
net use t: \\XXXfscluster\Daten /persistent:no
echo.
echo Mapping Kopierer
echo.
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG2-BIB-color
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG2-BIB-sw
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG2-BriennerStr-color
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG2-BriennerStr-sw
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG2-ZV-Abt-color
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG2-ZV-Abt-sw
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG4-Serverraum-color
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG4-Serverraum-sw
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG5-Kicker-color
\\XXXlaw\netlogon\con2prt.exe /c \\XXXmnt01\Kopierer-OG5-Kicker-sw


The printers/copiers above are accessable for all users.

A second script for the smaller office printers in each floor, one script for each floor.

\\XYZdomain\netlogon\con2prt.exe /c \\XYZmnt01\204
\\XYZdomain\netlogon\con2prt.exe /c \\XYZmnt01\206
\\XYZdomain\netlogon\con2prt.exe /c \\XYZmnt01\209

The printers are all shared on a print server, the numbers 204, 206, 209 are printer names (I named them as the rooms where they stand).

In my case I had 160 users in a building with 5 floors, about 100 of these users were secretaries which circulated between these floors.
Each floor had 2 big copy/printers and at least 10 office printers in several offices.
To make only the relevant printers in each floor available, I created OUs for each floor and linked the appropriate printerscripts by GPOs. The secretaries were in the actual OU for the floor they worked on, but could be in different groups. So the first script (also by GPO) "ifmember" found out in which group a secretary actually is (even in this particular script it looks only for one group membership) and maps her network shares as necessary.
For that system it is essential to find an optimal system of OUs and groups and group nesting. But if you create all that, you have a highly flexible  system to control and share all resources.
Cheers
Werner

PS: sorry, the script comments are in German sometimes, because the company was a German company. But anyway, the comments are not relevant ;-)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now