Solved

vbs isMember script - Active directory check

Posted on 2013-11-26
5
2,793 Views
Last Modified: 2014-04-13
hi

i am looking for a vbs script that will check if a user belongs in a particular active directory group.

i have tried using the isMember function but it just keeps failing, im not sure what im doing wrong... does anybody have a simple isMember example i can use?

it needs to be as simple as


IF isMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window



i have tried using the logic from here
http://ss64.com/vb/syntax-ismember.html

but i cant get it to work.. not sure whats going on and my vbs knowledge is limited


any ideas?


cheers!
0
Comment
Question by:BakerSyd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 25

Expert Comment

by:chaau
ID: 39679393
Have you copied the whole function in your VBS script?
Also, according to the article the usage of this function is as follows:
'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)

'Check whether objADUser is a member of Group SS64
If (IsMember(objADUser, "SS64") = True) Then
  WScript.Echo "You are a member of the group"
End If

Open in new window

Basically, you need to initialise objADUser variable for the current user (which the first two lines do). If you really want to call the function with one argument then create a new function, like this:
Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function

Open in new window

Then the usage will be as simple as yours:
IF isMeAMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window

Remember, you must still include the code for IsMember and IsMeAMember in your vbs file (they can be put in your file at the en, after your main function)
0
 

Author Comment

by:BakerSyd
ID: 39679429
hey... thanks for replying...
i ran the following code


Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function


IF isMeAMember ("GROUPNAME") then
    wscript.echo "i am a member"
Else
    wscript.echo "i am here"
End IF

Open in new window



and i got a type mismatch at isMember
0
 
LVL 25

Expert Comment

by:chaau
ID: 39679441
Have you put the code for IsMember function from the link you have provided? To re-iterate, you need to also include this function:
Function IsMember(ByVal objADObject, ByVal strGroupNTName)
  ' Function to test for group membership.
  ' objADObject is a user or computer object.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' objGroupList is a dictionary object, with global scope.
  ' Returns True if the user or computer is a member of the group.
  ' Subroutine LoadGroups is called once for each different objADObject.

    Dim objRootDSE, strDNSDomain

  ' The first time IsMember is called, setup the dictionary object
  ' and objects required for ADO.
    If (IsEmpty(objGroupList) = True) Then
        Set objGroupList = CreateObject("Scripting.Dictionary")
        objGroupList.CompareMode = vbTextCompare

        Set adoCommand = CreateObject("ADODB.Command")
        Set adoConnection = CreateObject("ADODB.Connection")
        adoConnection.Provider = "ADsDSOObject"
        adoConnection.Open "Active Directory Provider"
        adoCommand.ActiveConnection = adoConnection

        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")

        adoCommand.Properties("Page Size") = 100
        adoCommand.Properties("Timeout") = 30
        adoCommand.Properties("Cache Results") = False

        ' Search entire domain.
        strBase = "<LDAP://" & strDNSDomain & ">"
        ' Retrieve NT name of each group.
        strAttributes = "sAMAccountName"

        ' Load group memberships for this user or computer into dictionary
        ' object.
        Call LoadGroups(objADObject)
        Set objRootDSE = Nothing
    End If
    If (objGroupList.Exists(objADObject.sAMAccountName & "\") = False) Then
        ' Dictionary object established, but group memberships for this
        ' user or computer must be added.
        Call LoadGroups(objADObject)
    End If
    ' Return True if this user or computer is a member of the group.
    IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" _
        & strGroupNTName)
End Function

Open in new window

0
 

Accepted Solution

by:
BakerSyd earned 0 total points
ID: 39679510
the code you posted above didnt run at all... nothing popped up


i managed to get it working using the following code

'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
Set objGroup = GetObject("LDAP://CN=GroupName,OU=1,OU=2,OU=3,OU=4,DC=5,DC=com")

'Check whether objADUser is a member of Group SS64
If objGroup.IsMember(objADUser.ADsPath) Then
 WScript.Echo "You are a member of the group"
Else
   WScript.Echo "Not a member of Group" 
 
End If

Open in new window



so this works... but it doesnt scan nested groups... which is a problem
0
 

Author Closing Comment

by:BakerSyd
ID: 39997093
closing as this is a old issue which has now been resolved.

do not remember if we ended up using this code.
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question