Windows 2008 VBscript problem. Group within a group...

We have a login script that maps drives based on groups.  We have been using this script on windows 2003 with no problems.  The scripts actually will run on a 2008 server as this is a terminal server.  If I put a user directly in the group that we have in the login script it works fine, however if there is a group within the group that we call in the login script it does not work.  Again it works fine on 2003 but will not work on 2008.

Thanks
LSB-ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

exx1976Commented:
Please post the script so I can take a look at it..
0
LSB-ITAuthor Commented:
I have tried two differant scripts. Here is one of them. (both work on 2003)

' VBScript to map drives based on group membership
'---------------------------------------------------
On Error Resume Next
 
Set WshNetwork = CreateObject("WScript.Network")
 
DomainString = WshNetwork.UserDomain
UserString = WshNetwork.UserName
 
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
 
'unmap all drives
'WshNetwork.RemoveNetworkDrive "G:",true,true
'WshNetwork.RemoveNetworkDrive "W:",true,true
'WshNetwork.RemoveNetworkDrive "X:",true,true
 
 
For Each GroupObject In UserObj.Groups
      Select Case GroupObject.Name
            Case "G Drive Map"
                  WshNetwork.MapNetworkDrive "G:", "\\server\share"
            Case "Group 2"
                  WshNetwork.MapNetworkDrive "Y:", "\\<Server>\<Share>"
            Case "Group 3"
                  WshNetwork.MapNetworkDrive "X:", "\\<Server>\<Share>"
      End Select
Next
 
WScript.Quit
0
exx1976Commented:
Yeah, but that's not going to handle nested groups, e.g.

User A is a member of group B.   Group B is a member of group C.  You are trying to take action based on Group C.   That won't work.

Well, actually, now I'm not sure, because you are using the WinNT provider instead of the LDAP provider.  I suspect this might be part of your problem with 2008, since it no longer supports NT...

Take a look at this post.  I wrote some code that allows for recursive lookup of group memberships.

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_25370650.html


HTH,
exx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

exx1976Commented:
To clarify - the WinNT provider may have allowed for recursive lookup in 2003, but since NT is not supported in 2008, the WinNT provider may no longer be valid, either.  And since you have    On Error Resume Next     in there, it wouldn't even bother to tell you the error.   If you want to verify, then comment out that line and try to run it on your 2008 server and see what happens.


-exx
0
LSB-ITAuthor Commented:
I am not a VB guy at all, I just find scripts that I need and change them to fit my environment.  If I shouldn’t use the WinNT provider should I be using a different script?  I also don’t want to slow down login scripts, we are having issues with that already so the faster the better.
0
LSB-ITAuthor Commented:
Oh I forgot to mention that I dont get any errors at all.  The script runs fine, just doesnt look past the root of the group.
0
exx1976Commented:
If you're not a VB guy (not capable of modifying/rewriting/merging the code you're asking for), then you'll need someone to write it for you.  In that case, this question isn't enough points..

You'll also need to supply more information.


As far as "should I be using a different script", well, you probably just need to modify that one to use the LDAP provider, and then use the recursive IsMember function that's in that post I referenced above, and you'd be fine..
0
LSB-ITAuthor Commented:
Thanks, I will try and get one working.  If not I will post another question worth more points.

Thanks
0
exx1976Commented:
Sounds good.  I'll keep an eye out in case you still need help.

-exx
0
exx1976Commented:
That post I referenced was long.  This is the function you want to do nested group membership evaluation.

Feed it the ADSPath of the group and it will return true or false.


Function IsMember(GroupName)
        wscript.echo groupname     
	Set oGroup = GetObject(groupname)
        Set members = oGroup.members  
        For Each member In members  
                If member.class = "user" Then  
                        If member.Name = UserName Then    
                                IsMember = True    
                                Exit Function  
                        End If  
                Else  
                        If member.class = "group" Then  
                                If IsMember(member.adspath) Then  
                                        IsMember = True  
                                        Exit Function  
                                End If  
                        End If  
                End If  
        Next    
        IsMember = False  
End Function

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.