Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 434
  • Last Modified:

login script, map url attribute of membership group with 20 in it´s name:)

Is it doable or too complicated to create a login script which map the url attribute of a membership group with 20 in it´s name.
I´m tinking, something like first enumerating groups for the user, then picking the group from this list with 20 in it´s name, then grabbing the url attribute (objUser.Get("url")) of the group and mapping it as a driver letter.
0
Ducknaldi
Asked:
Ducknaldi
  • 5
  • 4
1 Solution
 
TasmantCommented:
I think it's a bit more complicated what you want to achieve.
You should explain us better what is your need, how you provide information to map drives for users ...
there's a lot of way to map drivers for users, and this can be achieved with security groups (ie one map per group)

But ... to answer to your question, you can do exactly what you want with this:
You can put this code in a logon script batch file. If you set it in a script, you need to use %% syntax.


for /f "tokens=*" %%i in ('dsquery user -name %username% ^| dsget user -memberof ^| find "20"') do for /f "tokens=* skip=1" %%j in ('dsquery * %%i -attr url') do net use z: %%j

Open in new window

for /f "tokens=*" %i in ('dsquery user -name %username% ^| dsget user -memberof ^| find "20"') do for /f "tokens=* skip=1" %j in ('dsquery * %i -attr url') do net use z: %j

Open in new window

0
 
DucknaldiAuthor Commented:
Hi Tasmant

I have a lot of students in my AD, these students are members of several groups.
One of these groups is their class group and this group has the url attribute set for there class home drive.
Insted of having a policy for each class mapping this drive, I want one script to do it for all students.
The group names with the url attribute set, are all named after the year the students started on the school, like val_2000A, tin_2003B, rod_2010C etc..
Other groups are not named in the same fashion, which is why I´d like to distingiush on the number 20, since it would apply for all the relevant groups and noone else.
I do not have access to test it before monday, but it looks like you understand what I want to achieve and I think this might be it.
0
 
DucknaldiAuthor Commented:
Oh and by the way, class folders and the url attribute is already in place due to the existing structure, which is why I want to use it for mapping class drives also, so I can get rid of all our time demanding class home drive mapping policies.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
TasmantCommented:
if they are members of several groups but only one with "20" in the name, my script works.
if you want another (maybe vbs), sure we could, just need a bit more time :)
0
 
DucknaldiAuthor Commented:
I would prefer vbs, in case the script needs extra functions some day or need to be combined with existing scripts.
I haven´t tested your cmd line yet, cause today seems to be dhcp problems day:)
0
 
DucknaldiAuthor Commented:
I´d have to copy dsquery to the clients for this cmd line to work, or?
0
 
TasmantCommented:
yes, or launch it within their logonscript.
if you use direct command, take the one % syntax command
if you use logon script (.bat file), take the double %% syntax command
i'll try to post the vbs soon
0
 
TasmantCommented:
sorry for the wait
On Error Resume Next

Set WshNetwork = CreateObject("Wscript.Network")

'Get username
strUser = WshNetwork.UserName

'LDAP Request
Set rootDSE = GetObject("LDAP://RootDSE")
strDomain = "LDAP://" & rootDSE.Get("defaultNamingContext")
strfilter = "(&(objectCategory=Person)(objectClass=User)(samaccountname=" & strUser & "))"
strAttributes = "ADsPath" 
strScope = "subtree"

'ADO Initialization
Set objConnection = CreateObject("ADODB.Connection") 
Set objcommand = CreateObject("ADODB.Command") 
objConnection.Provider = "ADsDSOObject" 
objConnection.Open "Active Directory Provider" 
objcommand.ActiveConnection = objConnection

'ADO Properties
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Cache Results") = True

'Execute Query
objCommand.CommandText = "<" & strDomain & ">;" & strFilter & ";" & strAttributes & ";" & strScope
Set objRecordSet = objCommand.Execute

'Only one record should be returned
Do Until objRecordSet.EOF

	'Bind to User
	Set objUser = GetObject(objRecordSet.Fields("ADsPath").Value)
	
	'Enumerate direct groups the user is member of
	For Each strGroup in objUser.GetEx("memberOf")
		
		'Bind to current group
		Set objGroup = GetObject("LDAP://" & strGroup)
			
		'Test if "20" is in the group name
		If InStr(1,objGroup.Name,"20") > 0 Then
			
			'Map Network Drive with the group URL attribute
			WshNetwork.MapNetworkDrive "Z:",objgroup.Url
			
		End If		
	Next
	objRecordSet.MoveNext
Loop

Open in new window

0
 
DucknaldiAuthor Commented:
It worked perfectly with no corrections at all.
Furthermore, I see many other uses for this script.
Thank you alot.
I just got rid of hundreds of policies thanks to you;)
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now