Need to Map Drives Using Nested Group Memberships via Login Script in Group Policy VB Script

Here's my script UserA is a member of GroupA. Script works if UserA is a direct member of GroupA, but when I nest another group let's call it GroupA.1, the script doesn't work. Can someone tweak the VB code to recognize nested groups?

GroupA group
      GroupA.1 group
            UserA user

Thank you!

Set wshNetwork = WScript.CreateObject("WScript.Network")
      workstation = WshNetwork.computername

wshnetwork.mapnetworkdrive "V:", "\\server1\Folder"
On Error Resume Next
Dim strUserName
Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("Wscript.Network")
      strUserPath = "LDAP://" & objSysInfo.UserName
      strUserName = objNetwork.Username
      Set objUser = GetObject(strUserPath)
For Each strGroup in objUser.MemberOf
      strGroupPath = "LDAP://" & strGroup
Set objGroup = GetObject(strGroupPath)
      strGroupName = objGroup.CN

Select Case strGroupName

Case "GroupA"
      objNetwork.MapNetworkDrive "V:", "\\server1\Folder"
End Select
Nested groups are more difficult, but this should work, provided that you do not have any circular references.  If you have a circular recursive group membership, this will run forever.

Change GROUPA and GROUPB to suit.


Set objNetwork = CreateObject("WScript.Network")
Set objSysInfo = CreateObject("ADSystemInfo")
'MsgBox objSysInfo.UserName
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)

strGroups = ""

intLevel = 0

GetMemberOfNames objUser, intLevel

If InStr(LCase(";" & Join(Split(Replace(strGroups, ">", ""), VbCrLf), ";") & ";"), LCase(";GROUPA;")) > 0 Then
	objNetwork.MapNetworkDrive "V:", "\\server1\Folder"
ElseIf InStr(LCase(";" & Join(Split(Replace(strGroups, ">", ""), VbCrLf), ";") & ";"), LCase(";GROUPB;")) > 0 Then
	objNetwork.MapNetworkDrive "V:", "\\server2\Folder2"
End If

Sub GetMemberOfNames(objObjectToCheck, intLevel)
	' This function can get caught in a loop if there is a circular
	' group membership.  There is a method of using a Dictionary object
	' here:
	' which checks if the group has been used before.
	intLevel = intLevel + 1
	' Retrieve ALL of the user groups that a user is a member of
	On Error Resume Next
	objMemberOf = objObjectToCheck.GetEx("MemberOf")
	If Err.Number = 0 Then
		On Error GoTo 0
		For Each objGroup in objMemberOf
			strGroupName = Left(Mid(objGroup, InStr(objGroup, "CN=") + 3),InStr(Mid(objGroup, InStr(objGroup, "CN=") + 3), ",") - 1)
			If strGroups = "" Then
				strGroups = String(intLevel, ">") & strGroupName
				strGroups = strGroups & VbCrLf & String(intLevel, ">") & strGroupName
			End If
			Set objNextGroup = GetObject("LDAP://" & objGroup)
			GetMemberOfNames objNextGroup, intLevel
		intLevel = intLevel - 1
		intLevel = intLevel - 1
		On Error GoTo 0
	End If
End Sub

Open in new window

mmoyaAuthor Commented:
@RobSampson: - Thank you!
