Solved

Omitting members of an AD group from script that populates "jpegPhoto" attribute for Outlook photos

Posted on 2011-03-08
5
620 Views
Last Modified: 2012-05-11
Greetings all,

I have a VB Script that takes images in a folder, converts them, and populates the jpegPhoto, thumbnailPhoto, and thumbnailLogo properties of our Active Directory users. We have a few users that have opted out of having their photos populated and visible in Outlook and I have put them in a security group in AD named Picture Opt Out. I have attempted to ignore these users based on the membership of this group by editing the script but it isn't working. I would greatly appreciate any of you taking a look at my script and trying to find where I'm going wrong.

Thanks!
Const ForReading = 1
Dim objGroupList, strGroup,objUser,strOptOutGroup


strOptOutGroup = "Picture Opt Out"
InDir = "C:\temp\Staff Photos"
Set fso = CreateObject("Scripting.FileSystemObject")
set oIADS = GetObject("LDAP://RootDSE")
strDefaultNC = oIADS.Get("defaultnamingcontext")
Set theConn = CreateObject("ADODB.Connection")
theConn.Provider = "ADsDSOObject"
theConn.Open "ADs Provider"
Set theCmd  = CreateObject("ADODB.Command")
theCmd.ActiveConnection = theConn
Set objRecordSet = CreateObject("ADODB.Recordset")

FlowCount = 1
For Each tFile In fso.GetFolder(InDir).Files
'If FlowCount > 1 then exit For 'Comment out this line if you want to run on all records
    'If not tName = "5000092182.jpg" then
    'Else

    tName = tFile.Name
    'Gets the persons Name from the file by stripping the extention.
    tName = Left(tName, InStrRev(tName,".")-1)
    'You may need to tweak this bit depending on your naming conventions.
    strQuery = "<LDAP://" & strDefaultNC & ">;" & _
                              "(&(objectClass=user)(extensionAttribute2=" & tName & "));name,adspath;subtree"
    theCmd.CommandText = strQuery
    Set objRS = theCmd.Execute
    If objRS.RecordCount = 0 Then
      MsgBox "Can't find account for " & tName
    Else

	Set objUser = GetObject(objRS("adspath"))
	'msgbox objrs("adspath")
	If not IsMember(strOptOutGroup) Then
	      ObjUser.Put "jpegPhoto", ReadByteArray(tFile.Path)
	      ObjUser.Put "thumbnailPhoto", ReadByteArray(tFile.Path)
	      ObjUser.Put "thumbnailLogo", ReadByteArray(tFile.Path)
	      ObjUser.SetInfo
              'msgbox "I Ran"
	End If
    End If
	
    'End If

FlowCount = Flowcount + 1
Next

Function ReadByteArray(strFileName)
    Const adTypeBinary = 1
    Dim bin
    Set bin = CreateObject("ADODB.Stream")
    bin.Type = adTypeBinary
    bin.Open
    bin.LoadFromFile strFileName
    ReadByteArray = bin.Read
End Function


Function IsMember(strGroup)
' Function to test for user group membership.
' strGroup is the NT name (sAMAccountName) of the group to test.
' objGroupList is a dictionary object, with global scope.
' Returns True if the user is a member of the group.

  Call LoadGroups
  IsMember = objGroupList.Exists(strGroup)
End Function

Sub LoadGroups
' Subroutine to populate dictionary object with group memberships.
' objUser is the user object, with global scope.
' objGroupList is a dictionary object, with global scope.

  Dim objGroup
  Set objGroupList = Nothing
  Set objGroupList = CreateObject("Scripting.Dictionary")
  objGroupList.CompareMode = vbTextCompare
  For Each objGroup In objUser.Groups
    objGroupList(objGroup.name) = True
  Next
  Set objGroup = Nothing
End Sub

Open in new window

0
Comment
Question by:robbie_woodley
  • 2
  • 2
5 Comments
 
LVL 25

Expert Comment

by:Ron M
Comment Utility
The way to do this would be to exampt them from the group policy object that applies this script.

Put the script in a GPO by itself, then use group policy management console,  to filter out that group from applying the object.
0
 

Author Comment

by:robbie_woodley
Comment Utility
Never done that before...any tips on putting the script on a GPO?
0
 
LVL 25

Expert Comment

by:Ron M
Comment Utility
Yes..

Simple.

First...install GPMC (group policy management console)

Download it from Microsoft.

Open it...

Look here > http://www.youtube.com/watch?v=KgxhrNjx2QI
That video will show you how to create a policy...add the script and assign it to an OU in AD.

Next... add "authenticated Users"...to the security filtering section in GPMC console
Then add your "group to exclude" ...to the security filtering section in GPMC console

Click on the Delegation tab....at the bottom there is an "advanced" button.  click it.
Select the group that you want to filter out, ....where it says "apply group policy" select DENY...
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
Comment Utility
Hi, change this bit in your LoadGroups function:
  For Each objGroup In objUser.Groups
    objGroupList(objGroup.name) = True
  Next

to this
  For Each objGroup In objUser.Groups
    objGroupList(Mid(objGroup.name, 4)) = True
  Next


That's all.  The original line was loading the group names as
CN=Opt Out Group

Regards,

Rob.
0
 

Author Closing Comment

by:robbie_woodley
Comment Utility
Perfect solution, simple implementation. Thanks!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now