?
Solved

Windows 2008 VBscript problem.  Group within a group...

Posted on 2010-03-29
10
Medium Priority
?
451 Views
Last Modified: 2012-05-09
We have a login script that maps drives based on groups.  We have been using this script on windows 2003 with no problems.  The scripts actually will run on a 2008 server as this is a terminal server.  If I put a user directly in the group that we have in the login script it works fine, however if there is a group within the group that we call in the login script it does not work.  Again it works fine on 2003 but will not work on 2008.

Thanks
0
Comment
Question by:LSB-IT
  • 6
  • 4
10 Comments
 
LVL 18

Expert Comment

by:exx1976
ID: 29011300
Please post the script so I can take a look at it..
0
 

Author Comment

by:LSB-IT
ID: 29014359
I have tried two differant scripts. Here is one of them. (both work on 2003)

' VBScript to map drives based on group membership
'---------------------------------------------------
On Error Resume Next
 
Set WshNetwork = CreateObject("WScript.Network")
 
DomainString = WshNetwork.UserDomain
UserString = WshNetwork.UserName
 
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
 
'unmap all drives
'WshNetwork.RemoveNetworkDrive "G:",true,true
'WshNetwork.RemoveNetworkDrive "W:",true,true
'WshNetwork.RemoveNetworkDrive "X:",true,true
 
 
For Each GroupObject In UserObj.Groups
      Select Case GroupObject.Name
            Case "G Drive Map"
                  WshNetwork.MapNetworkDrive "G:", "\\server\share"
            Case "Group 2"
                  WshNetwork.MapNetworkDrive "Y:", "\\<Server>\<Share>"
            Case "Group 3"
                  WshNetwork.MapNetworkDrive "X:", "\\<Server>\<Share>"
      End Select
Next
 
WScript.Quit
0
 
LVL 18

Accepted Solution

by:
exx1976 earned 1000 total points
ID: 29016678
Yeah, but that's not going to handle nested groups, e.g.

User A is a member of group B.   Group B is a member of group C.  You are trying to take action based on Group C.   That won't work.

Well, actually, now I'm not sure, because you are using the WinNT provider instead of the LDAP provider.  I suspect this might be part of your problem with 2008, since it no longer supports NT...

Take a look at this post.  I wrote some code that allows for recursive lookup of group memberships.

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_25370650.html


HTH,
exx
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 18

Expert Comment

by:exx1976
ID: 29016812
To clarify - the WinNT provider may have allowed for recursive lookup in 2003, but since NT is not supported in 2008, the WinNT provider may no longer be valid, either.  And since you have    On Error Resume Next     in there, it wouldn't even bother to tell you the error.   If you want to verify, then comment out that line and try to run it on your 2008 server and see what happens.


-exx
0
 

Author Comment

by:LSB-IT
ID: 29085947
I am not a VB guy at all, I just find scripts that I need and change them to fit my environment.  If I shouldn’t use the WinNT provider should I be using a different script?  I also don’t want to slow down login scripts, we are having issues with that already so the faster the better.
0
 

Author Comment

by:LSB-IT
ID: 29089063
Oh I forgot to mention that I dont get any errors at all.  The script runs fine, just doesnt look past the root of the group.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 29090288
If you're not a VB guy (not capable of modifying/rewriting/merging the code you're asking for), then you'll need someone to write it for you.  In that case, this question isn't enough points..

You'll also need to supply more information.


As far as "should I be using a different script", well, you probably just need to modify that one to use the LDAP provider, and then use the recursive IsMember function that's in that post I referenced above, and you'd be fine..
0
 

Author Comment

by:LSB-IT
ID: 29090484
Thanks, I will try and get one working.  If not I will post another question worth more points.

Thanks
0
 
LVL 18

Expert Comment

by:exx1976
ID: 29091312
Sounds good.  I'll keep an eye out in case you still need help.

-exx
0
 
LVL 18

Expert Comment

by:exx1976
ID: 29091617
That post I referenced was long.  This is the function you want to do nested group membership evaluation.

Feed it the ADSPath of the group and it will return true or false.


Function IsMember(GroupName)
        wscript.echo groupname     
	Set oGroup = GetObject(groupname)
        Set members = oGroup.members  
        For Each member In members  
                If member.class = "user" Then  
                        If member.Name = UserName Then    
                                IsMember = True    
                                Exit Function  
                        End If  
                Else  
                        If member.class = "group" Then  
                                If IsMember(member.adspath) Then  
                                        IsMember = True  
                                        Exit Function  
                                End If  
                        End If  
                End If  
        Next    
        IsMember = False  
End Function

Open in new window

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question