login script, map url attribute of membership group with 20 in it´s name:)

Posted on 2011-03-04
Last Modified: 2012-05-11
Is it doable or too complicated to create a login script which map the url attribute of a membership group with 20 in it´s name.
I´m tinking, something like first enumerating groups for the user, then picking the group from this list with 20 in it´s name, then grabbing the url attribute (objUser.Get("url")) of the group and mapping it as a driver letter.
Question by:Ducknaldi
  • 5
  • 4
LVL 11

Expert Comment

ID: 35037866
I think it's a bit more complicated what you want to achieve.
You should explain us better what is your need, how you provide information to map drives for users ...
there's a lot of way to map drivers for users, and this can be achieved with security groups (ie one map per group)

But ... to answer to your question, you can do exactly what you want with this:
You can put this code in a logon script batch file. If you set it in a script, you need to use %% syntax.

for /f "tokens=*" %%i in ('dsquery user -name %username% ^| dsget user -memberof ^| find "20"') do for /f "tokens=* skip=1" %%j in ('dsquery * %%i -attr url') do net use z: %%j

Open in new window

for /f "tokens=*" %i in ('dsquery user -name %username% ^| dsget user -memberof ^| find "20"') do for /f "tokens=* skip=1" %j in ('dsquery * %i -attr url') do net use z: %j

Open in new window


Author Comment

ID: 35044215
Hi Tasmant

I have a lot of students in my AD, these students are members of several groups.
One of these groups is their class group and this group has the url attribute set for there class home drive.
Insted of having a policy for each class mapping this drive, I want one script to do it for all students.
The group names with the url attribute set, are all named after the year the students started on the school, like val_2000A, tin_2003B, rod_2010C etc..
Other groups are not named in the same fashion, which is why I´d like to distingiush on the number 20, since it would apply for all the relevant groups and noone else.
I do not have access to test it before monday, but it looks like you understand what I want to achieve and I think this might be it.

Author Comment

ID: 35044230
Oh and by the way, class folders and the url attribute is already in place due to the existing structure, which is why I want to use it for mapping class drives also, so I can get rid of all our time demanding class home drive mapping policies.
LVL 11

Expert Comment

ID: 35055557
if they are members of several groups but only one with "20" in the name, my script works.
if you want another (maybe vbs), sure we could, just need a bit more time :)
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.


Author Comment

ID: 35056268
I would prefer vbs, in case the script needs extra functions some day or need to be combined with existing scripts.
I haven´t tested your cmd line yet, cause today seems to be dhcp problems day:)

Author Comment

ID: 35059922
I´d have to copy dsquery to the clients for this cmd line to work, or?
LVL 11

Expert Comment

ID: 35068706
yes, or launch it within their logonscript.
if you use direct command, take the one % syntax command
if you use logon script (.bat file), take the double %% syntax command
i'll try to post the vbs soon
LVL 11

Accepted Solution

Tasmant earned 500 total points
ID: 35083516
sorry for the wait
On Error Resume Next

Set WshNetwork = CreateObject("Wscript.Network")

'Get username
strUser = WshNetwork.UserName

'LDAP Request
Set rootDSE = GetObject("LDAP://RootDSE")
strDomain = "LDAP://" & rootDSE.Get("defaultNamingContext")
strfilter = "(&(objectCategory=Person)(objectClass=User)(samaccountname=" & strUser & "))"
strAttributes = "ADsPath" 
strScope = "subtree"

'ADO Initialization
Set objConnection = CreateObject("ADODB.Connection") 
Set objcommand = CreateObject("ADODB.Command") 
objConnection.Provider = "ADsDSOObject" 
objConnection.Open "Active Directory Provider" 
objcommand.ActiveConnection = objConnection

'ADO Properties
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Cache Results") = True

'Execute Query
objCommand.CommandText = "<" & strDomain & ">;" & strFilter & ";" & strAttributes & ";" & strScope
Set objRecordSet = objCommand.Execute

'Only one record should be returned
Do Until objRecordSet.EOF

	'Bind to User
	Set objUser = GetObject(objRecordSet.Fields("ADsPath").Value)
	'Enumerate direct groups the user is member of
	For Each strGroup in objUser.GetEx("memberOf")
		'Bind to current group
		Set objGroup = GetObject("LDAP://" & strGroup)
		'Test if "20" is in the group name
		If InStr(1,objGroup.Name,"20") > 0 Then
			'Map Network Drive with the group URL attribute
			WshNetwork.MapNetworkDrive "Z:",objgroup.Url
		End If		

Open in new window


Author Closing Comment

ID: 35095341
It worked perfectly with no corrections at all.
Furthermore, I see many other uses for this script.
Thank you alot.
I just got rid of hundreds of policies thanks to you;)

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Welcome to part one of a multi-part tutorial series, VBScript for Windows System Administrators.  The goal of this series is to teach non-programmers how to write useful VBS code to automate their environment, and perform tasks faster, and in a more…
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
This video discusses moving either the default database or any database to a new volume.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now