Solved

vbs isMember script - Active directory check

Posted on 2013-11-26
5
2,567 Views
Last Modified: 2014-04-13
hi

i am looking for a vbs script that will check if a user belongs in a particular active directory group.

i have tried using the isMember function but it just keeps failing, im not sure what im doing wrong... does anybody have a simple isMember example i can use?

it needs to be as simple as


IF isMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window



i have tried using the logic from here
http://ss64.com/vb/syntax-ismember.html

but i cant get it to work.. not sure whats going on and my vbs knowledge is limited


any ideas?


cheers!
0
Comment
Question by:BakerSyd
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:chaau
ID: 39679393
Have you copied the whole function in your VBS script?
Also, according to the article the usage of this function is as follows:
'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)

'Check whether objADUser is a member of Group SS64
If (IsMember(objADUser, "SS64") = True) Then
  WScript.Echo "You are a member of the group"
End If

Open in new window

Basically, you need to initialise objADUser variable for the current user (which the first two lines do). If you really want to call the function with one argument then create a new function, like this:
Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function

Open in new window

Then the usage will be as simple as yours:
IF isMeAMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window

Remember, you must still include the code for IsMember and IsMeAMember in your vbs file (they can be put in your file at the en, after your main function)
0
 

Author Comment

by:BakerSyd
ID: 39679429
hey... thanks for replying...
i ran the following code


Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function


IF isMeAMember ("GROUPNAME") then
    wscript.echo "i am a member"
Else
    wscript.echo "i am here"
End IF

Open in new window



and i got a type mismatch at isMember
0
 
LVL 24

Expert Comment

by:chaau
ID: 39679441
Have you put the code for IsMember function from the link you have provided? To re-iterate, you need to also include this function:
Function IsMember(ByVal objADObject, ByVal strGroupNTName)
  ' Function to test for group membership.
  ' objADObject is a user or computer object.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' objGroupList is a dictionary object, with global scope.
  ' Returns True if the user or computer is a member of the group.
  ' Subroutine LoadGroups is called once for each different objADObject.

    Dim objRootDSE, strDNSDomain

  ' The first time IsMember is called, setup the dictionary object
  ' and objects required for ADO.
    If (IsEmpty(objGroupList) = True) Then
        Set objGroupList = CreateObject("Scripting.Dictionary")
        objGroupList.CompareMode = vbTextCompare

        Set adoCommand = CreateObject("ADODB.Command")
        Set adoConnection = CreateObject("ADODB.Connection")
        adoConnection.Provider = "ADsDSOObject"
        adoConnection.Open "Active Directory Provider"
        adoCommand.ActiveConnection = adoConnection

        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")

        adoCommand.Properties("Page Size") = 100
        adoCommand.Properties("Timeout") = 30
        adoCommand.Properties("Cache Results") = False

        ' Search entire domain.
        strBase = "<LDAP://" & strDNSDomain & ">"
        ' Retrieve NT name of each group.
        strAttributes = "sAMAccountName"

        ' Load group memberships for this user or computer into dictionary
        ' object.
        Call LoadGroups(objADObject)
        Set objRootDSE = Nothing
    End If
    If (objGroupList.Exists(objADObject.sAMAccountName & "\") = False) Then
        ' Dictionary object established, but group memberships for this
        ' user or computer must be added.
        Call LoadGroups(objADObject)
    End If
    ' Return True if this user or computer is a member of the group.
    IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" _
        & strGroupNTName)
End Function

Open in new window

0
 

Accepted Solution

by:
BakerSyd earned 0 total points
ID: 39679510
the code you posted above didnt run at all... nothing popped up


i managed to get it working using the following code

'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
Set objGroup = GetObject("LDAP://CN=GroupName,OU=1,OU=2,OU=3,OU=4,DC=5,DC=com")

'Check whether objADUser is a member of Group SS64
If objGroup.IsMember(objADUser.ADsPath) Then
 WScript.Echo "You are a member of the group"
Else
   WScript.Echo "Not a member of Group" 
 
End If

Open in new window



so this works... but it doesnt scan nested groups... which is a problem
0
 

Author Closing Comment

by:BakerSyd
ID: 39997093
closing as this is a old issue which has now been resolved.

do not remember if we ended up using this code.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to part one of a multi-part tutorial series, VBScript for Windows System Administrators.  The goal of this series is to teach non-programmers how to write useful VBS code to automate their environment, and perform tasks faster, and in a more…
Unlike scripting languages such as C# where a semi-colon is used to indicate the end of a command, Microsoft's VBScript language relies on line breaks to determine when a command begins and ends. As you can imagine, this quickly results in messy cod…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now