robbie_woodley
asked on
Omitting members of an AD group from script that populates "jpegPhoto" attribute for Outlook photos
Greetings all,
I have a VB Script that takes images in a folder, converts them, and populates the jpegPhoto, thumbnailPhoto, and thumbnailLogo properties of our Active Directory users. We have a few users that have opted out of having their photos populated and visible in Outlook and I have put them in a security group in AD named Picture Opt Out. I have attempted to ignore these users based on the membership of this group by editing the script but it isn't working. I would greatly appreciate any of you taking a look at my script and trying to find where I'm going wrong.
Thanks!
I have a VB Script that takes images in a folder, converts them, and populates the jpegPhoto, thumbnailPhoto, and thumbnailLogo properties of our Active Directory users. We have a few users that have opted out of having their photos populated and visible in Outlook and I have put them in a security group in AD named Picture Opt Out. I have attempted to ignore these users based on the membership of this group by editing the script but it isn't working. I would greatly appreciate any of you taking a look at my script and trying to find where I'm going wrong.
Thanks!
Const ForReading = 1
Dim objGroupList, strGroup,objUser,strOptOutGroup
strOptOutGroup = "Picture Opt Out"
InDir = "C:\temp\Staff Photos"
Set fso = CreateObject("Scripting.FileSystemObject")
set oIADS = GetObject("LDAP://RootDSE")
strDefaultNC = oIADS.Get("defaultnamingcontext")
Set theConn = CreateObject("ADODB.Connection")
theConn.Provider = "ADsDSOObject"
theConn.Open "ADs Provider"
Set theCmd = CreateObject("ADODB.Command")
theCmd.ActiveConnection = theConn
Set objRecordSet = CreateObject("ADODB.Recordset")
FlowCount = 1
For Each tFile In fso.GetFolder(InDir).Files
'If FlowCount > 1 then exit For 'Comment out this line if you want to run on all records
'If not tName = "5000092182.jpg" then
'Else
tName = tFile.Name
'Gets the persons Name from the file by stripping the extention.
tName = Left(tName, InStrRev(tName,".")-1)
'You may need to tweak this bit depending on your naming conventions.
strQuery = "<LDAP://" & strDefaultNC & ">;" & _
"(&(objectClass=user)(extensionAttribute2=" & tName & "));name,adspath;subtree"
theCmd.CommandText = strQuery
Set objRS = theCmd.Execute
If objRS.RecordCount = 0 Then
MsgBox "Can't find account for " & tName
Else
Set objUser = GetObject(objRS("adspath"))
'msgbox objrs("adspath")
If not IsMember(strOptOutGroup) Then
ObjUser.Put "jpegPhoto", ReadByteArray(tFile.Path)
ObjUser.Put "thumbnailPhoto", ReadByteArray(tFile.Path)
ObjUser.Put "thumbnailLogo", ReadByteArray(tFile.Path)
ObjUser.SetInfo
'msgbox "I Ran"
End If
End If
'End If
FlowCount = Flowcount + 1
Next
Function ReadByteArray(strFileName)
Const adTypeBinary = 1
Dim bin
Set bin = CreateObject("ADODB.Stream")
bin.Type = adTypeBinary
bin.Open
bin.LoadFromFile strFileName
ReadByteArray = bin.Read
End Function
Function IsMember(strGroup)
' Function to test for user group membership.
' strGroup is the NT name (sAMAccountName) of the group to test.
' objGroupList is a dictionary object, with global scope.
' Returns True if the user is a member of the group.
Call LoadGroups
IsMember = objGroupList.Exists(strGroup)
End Function
Sub LoadGroups
' Subroutine to populate dictionary object with group memberships.
' objUser is the user object, with global scope.
' objGroupList is a dictionary object, with global scope.
Dim objGroup
Set objGroupList = Nothing
Set objGroupList = CreateObject("Scripting.Dictionary")
objGroupList.CompareMode = vbTextCompare
For Each objGroup In objUser.Groups
objGroupList(objGroup.name) = True
Next
Set objGroup = Nothing
End Sub
ASKER
Never done that before...any tips on putting the script on a GPO?
Yes..
Simple.
First...install GPMC (group policy management console)
Download it from Microsoft.
Open it...
Look here > http://www.youtube.com/watch?v=KgxhrNjx2QI
That video will show you how to create a policy...add the script and assign it to an OU in AD.
Next... add "authenticated Users"...to the security filtering section in GPMC console
Then add your "group to exclude" ...to the security filtering section in GPMC console
Click on the Delegation tab....at the bottom there is an "advanced" button. click it.
Select the group that you want to filter out, ....where it says "apply group policy" select DENY...
Simple.
First...install GPMC (group policy management console)
Download it from Microsoft.
Open it...
Look here > http://www.youtube.com/watch?v=KgxhrNjx2QI
That video will show you how to create a policy...add the script and assign it to an OU in AD.
Next... add "authenticated Users"...to the security filtering section in GPMC console
Then add your "group to exclude" ...to the security filtering section in GPMC console
Click on the Delegation tab....at the bottom there is an "advanced" button. click it.
Select the group that you want to filter out, ....where it says "apply group policy" select DENY...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect solution, simple implementation. Thanks!
Put the script in a GPO by itself, then use group policy management console, to filter out that group from applying the object.