Solved

vbs isMember script - Active directory check

Posted on 2013-11-26
5
2,638 Views
Last Modified: 2014-04-13
hi

i am looking for a vbs script that will check if a user belongs in a particular active directory group.

i have tried using the isMember function but it just keeps failing, im not sure what im doing wrong... does anybody have a simple isMember example i can use?

it needs to be as simple as


IF isMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window



i have tried using the logic from here
http://ss64.com/vb/syntax-ismember.html

but i cant get it to work.. not sure whats going on and my vbs knowledge is limited


any ideas?


cheers!
0
Comment
Question by:BakerSyd
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:chaau
ID: 39679393
Have you copied the whole function in your VBS script?
Also, according to the article the usage of this function is as follows:
'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)

'Check whether objADUser is a member of Group SS64
If (IsMember(objADUser, "SS64") = True) Then
  WScript.Echo "You are a member of the group"
End If

Open in new window

Basically, you need to initialise objADUser variable for the current user (which the first two lines do). If you really want to call the function with one argument then create a new function, like this:
Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function

Open in new window

Then the usage will be as simple as yours:
IF isMeAMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window

Remember, you must still include the code for IsMember and IsMeAMember in your vbs file (they can be put in your file at the en, after your main function)
0
 

Author Comment

by:BakerSyd
ID: 39679429
hey... thanks for replying...
i ran the following code


Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function


IF isMeAMember ("GROUPNAME") then
    wscript.echo "i am a member"
Else
    wscript.echo "i am here"
End IF

Open in new window



and i got a type mismatch at isMember
0
 
LVL 24

Expert Comment

by:chaau
ID: 39679441
Have you put the code for IsMember function from the link you have provided? To re-iterate, you need to also include this function:
Function IsMember(ByVal objADObject, ByVal strGroupNTName)
  ' Function to test for group membership.
  ' objADObject is a user or computer object.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' objGroupList is a dictionary object, with global scope.
  ' Returns True if the user or computer is a member of the group.
  ' Subroutine LoadGroups is called once for each different objADObject.

    Dim objRootDSE, strDNSDomain

  ' The first time IsMember is called, setup the dictionary object
  ' and objects required for ADO.
    If (IsEmpty(objGroupList) = True) Then
        Set objGroupList = CreateObject("Scripting.Dictionary")
        objGroupList.CompareMode = vbTextCompare

        Set adoCommand = CreateObject("ADODB.Command")
        Set adoConnection = CreateObject("ADODB.Connection")
        adoConnection.Provider = "ADsDSOObject"
        adoConnection.Open "Active Directory Provider"
        adoCommand.ActiveConnection = adoConnection

        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")

        adoCommand.Properties("Page Size") = 100
        adoCommand.Properties("Timeout") = 30
        adoCommand.Properties("Cache Results") = False

        ' Search entire domain.
        strBase = "<LDAP://" & strDNSDomain & ">"
        ' Retrieve NT name of each group.
        strAttributes = "sAMAccountName"

        ' Load group memberships for this user or computer into dictionary
        ' object.
        Call LoadGroups(objADObject)
        Set objRootDSE = Nothing
    End If
    If (objGroupList.Exists(objADObject.sAMAccountName & "\") = False) Then
        ' Dictionary object established, but group memberships for this
        ' user or computer must be added.
        Call LoadGroups(objADObject)
    End If
    ' Return True if this user or computer is a member of the group.
    IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" _
        & strGroupNTName)
End Function

Open in new window

0
 

Accepted Solution

by:
BakerSyd earned 0 total points
ID: 39679510
the code you posted above didnt run at all... nothing popped up


i managed to get it working using the following code

'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
Set objGroup = GetObject("LDAP://CN=GroupName,OU=1,OU=2,OU=3,OU=4,DC=5,DC=com")

'Check whether objADUser is a member of Group SS64
If objGroup.IsMember(objADUser.ADsPath) Then
 WScript.Echo "You are a member of the group"
Else
   WScript.Echo "Not a member of Group" 
 
End If

Open in new window



so this works... but it doesnt scan nested groups... which is a problem
0
 

Author Closing Comment

by:BakerSyd
ID: 39997093
closing as this is a old issue which has now been resolved.

do not remember if we ended up using this code.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question