Omitting members of an AD group from script that populates "jpegPhoto" attribute for Outlook photos

Greetings all,

I have a VB Script that takes images in a folder, converts them, and populates the jpegPhoto, thumbnailPhoto, and thumbnailLogo properties of our Active Directory users. We have a few users that have opted out of having their photos populated and visible in Outlook and I have put them in a security group in AD named Picture Opt Out. I have attempted to ignore these users based on the membership of this group by editing the script but it isn't working. I would greatly appreciate any of you taking a look at my script and trying to find where I'm going wrong.

Thanks!
Const ForReading = 1
Dim objGroupList, strGroup,objUser,strOptOutGroup


strOptOutGroup = "Picture Opt Out"
InDir = "C:\temp\Staff Photos"
Set fso = CreateObject("Scripting.FileSystemObject")
set oIADS = GetObject("LDAP://RootDSE")
strDefaultNC = oIADS.Get("defaultnamingcontext")
Set theConn = CreateObject("ADODB.Connection")
theConn.Provider = "ADsDSOObject"
theConn.Open "ADs Provider"
Set theCmd  = CreateObject("ADODB.Command")
theCmd.ActiveConnection = theConn
Set objRecordSet = CreateObject("ADODB.Recordset")

FlowCount = 1
For Each tFile In fso.GetFolder(InDir).Files
'If FlowCount > 1 then exit For 'Comment out this line if you want to run on all records
    'If not tName = "5000092182.jpg" then
    'Else

    tName = tFile.Name
    'Gets the persons Name from the file by stripping the extention.
    tName = Left(tName, InStrRev(tName,".")-1)
    'You may need to tweak this bit depending on your naming conventions.
    strQuery = "<LDAP://" & strDefaultNC & ">;" & _
                              "(&(objectClass=user)(extensionAttribute2=" & tName & "));name,adspath;subtree"
    theCmd.CommandText = strQuery
    Set objRS = theCmd.Execute
    If objRS.RecordCount = 0 Then
      MsgBox "Can't find account for " & tName
    Else

	Set objUser = GetObject(objRS("adspath"))
	'msgbox objrs("adspath")
	If not IsMember(strOptOutGroup) Then
	      ObjUser.Put "jpegPhoto", ReadByteArray(tFile.Path)
	      ObjUser.Put "thumbnailPhoto", ReadByteArray(tFile.Path)
	      ObjUser.Put "thumbnailLogo", ReadByteArray(tFile.Path)
	      ObjUser.SetInfo
              'msgbox "I Ran"
	End If
    End If
	
    'End If

FlowCount = Flowcount + 1
Next

Function ReadByteArray(strFileName)
    Const adTypeBinary = 1
    Dim bin
    Set bin = CreateObject("ADODB.Stream")
    bin.Type = adTypeBinary
    bin.Open
    bin.LoadFromFile strFileName
    ReadByteArray = bin.Read
End Function


Function IsMember(strGroup)
' Function to test for user group membership.
' strGroup is the NT name (sAMAccountName) of the group to test.
' objGroupList is a dictionary object, with global scope.
' Returns True if the user is a member of the group.

  Call LoadGroups
  IsMember = objGroupList.Exists(strGroup)
End Function

Sub LoadGroups
' Subroutine to populate dictionary object with group memberships.
' objUser is the user object, with global scope.
' objGroupList is a dictionary object, with global scope.

  Dim objGroup
  Set objGroupList = Nothing
  Set objGroupList = CreateObject("Scripting.Dictionary")
  objGroupList.CompareMode = vbTextCompare
  For Each objGroup In objUser.Groups
    objGroupList(objGroup.name) = True
  Next
  Set objGroup = Nothing
End Sub

Open in new window

robbie_woodleyAsked:
Who is Participating?
 
RobSampsonConnect With a Mentor Commented:
Hi, change this bit in your LoadGroups function:
  For Each objGroup In objUser.Groups
    objGroupList(objGroup.name) = True
  Next

to this
  For Each objGroup In objUser.Groups
    objGroupList(Mid(objGroup.name, 4)) = True
  Next


That's all.  The original line was loading the group names as
CN=Opt Out Group

Regards,

Rob.
0
 
Ron MalmsteadInformation Services ManagerCommented:
The way to do this would be to exampt them from the group policy object that applies this script.

Put the script in a GPO by itself, then use group policy management console,  to filter out that group from applying the object.
0
 
robbie_woodleyAuthor Commented:
Never done that before...any tips on putting the script on a GPO?
0
 
Ron MalmsteadInformation Services ManagerCommented:
Yes..

Simple.

First...install GPMC (group policy management console)

Download it from Microsoft.

Open it...

Look here > http://www.youtube.com/watch?v=KgxhrNjx2QI
That video will show you how to create a policy...add the script and assign it to an OU in AD.

Next... add "authenticated Users"...to the security filtering section in GPMC console
Then add your "group to exclude" ...to the security filtering section in GPMC console

Click on the Delegation tab....at the bottom there is an "advanced" button.  click it.
Select the group that you want to filter out, ....where it says "apply group policy" select DENY...
0
 
robbie_woodleyAuthor Commented:
Perfect solution, simple implementation. Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.