Solved

vbs isMember script - Active directory check

Posted on 2013-11-26
5
2,517 Views
Last Modified: 2014-04-13
hi

i am looking for a vbs script that will check if a user belongs in a particular active directory group.

i have tried using the isMember function but it just keeps failing, im not sure what im doing wrong... does anybody have a simple isMember example i can use?

it needs to be as simple as


IF isMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window



i have tried using the logic from here
http://ss64.com/vb/syntax-ismember.html

but i cant get it to work.. not sure whats going on and my vbs knowledge is limited


any ideas?


cheers!
0
Comment
Question by:BakerSyd
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:chaau
ID: 39679393
Have you copied the whole function in your VBS script?
Also, according to the article the usage of this function is as follows:
'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)

'Check whether objADUser is a member of Group SS64
If (IsMember(objADUser, "SS64") = True) Then
  WScript.Echo "You are a member of the group"
End If

Open in new window

Basically, you need to initialise objADUser variable for the current user (which the first two lines do). If you really want to call the function with one argument then create a new function, like this:
Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function

Open in new window

Then the usage will be as simple as yours:
IF isMeAMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window

Remember, you must still include the code for IsMember and IsMeAMember in your vbs file (they can be put in your file at the en, after your main function)
0
 

Author Comment

by:BakerSyd
ID: 39679429
hey... thanks for replying...
i ran the following code


Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function


IF isMeAMember ("GROUPNAME") then
    wscript.echo "i am a member"
Else
    wscript.echo "i am here"
End IF

Open in new window



and i got a type mismatch at isMember
0
 
LVL 24

Expert Comment

by:chaau
ID: 39679441
Have you put the code for IsMember function from the link you have provided? To re-iterate, you need to also include this function:
Function IsMember(ByVal objADObject, ByVal strGroupNTName)
  ' Function to test for group membership.
  ' objADObject is a user or computer object.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' objGroupList is a dictionary object, with global scope.
  ' Returns True if the user or computer is a member of the group.
  ' Subroutine LoadGroups is called once for each different objADObject.

    Dim objRootDSE, strDNSDomain

  ' The first time IsMember is called, setup the dictionary object
  ' and objects required for ADO.
    If (IsEmpty(objGroupList) = True) Then
        Set objGroupList = CreateObject("Scripting.Dictionary")
        objGroupList.CompareMode = vbTextCompare

        Set adoCommand = CreateObject("ADODB.Command")
        Set adoConnection = CreateObject("ADODB.Connection")
        adoConnection.Provider = "ADsDSOObject"
        adoConnection.Open "Active Directory Provider"
        adoCommand.ActiveConnection = adoConnection

        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")

        adoCommand.Properties("Page Size") = 100
        adoCommand.Properties("Timeout") = 30
        adoCommand.Properties("Cache Results") = False

        ' Search entire domain.
        strBase = "<LDAP://" & strDNSDomain & ">"
        ' Retrieve NT name of each group.
        strAttributes = "sAMAccountName"

        ' Load group memberships for this user or computer into dictionary
        ' object.
        Call LoadGroups(objADObject)
        Set objRootDSE = Nothing
    End If
    If (objGroupList.Exists(objADObject.sAMAccountName & "\") = False) Then
        ' Dictionary object established, but group memberships for this
        ' user or computer must be added.
        Call LoadGroups(objADObject)
    End If
    ' Return True if this user or computer is a member of the group.
    IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" _
        & strGroupNTName)
End Function

Open in new window

0
 

Accepted Solution

by:
BakerSyd earned 0 total points
ID: 39679510
the code you posted above didnt run at all... nothing popped up


i managed to get it working using the following code

'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
Set objGroup = GetObject("LDAP://CN=GroupName,OU=1,OU=2,OU=3,OU=4,DC=5,DC=com")

'Check whether objADUser is a member of Group SS64
If objGroup.IsMember(objADUser.ADsPath) Then
 WScript.Echo "You are a member of the group"
Else
   WScript.Echo "Not a member of Group" 
 
End If

Open in new window



so this works... but it doesnt scan nested groups... which is a problem
0
 

Author Closing Comment

by:BakerSyd
ID: 39997093
closing as this is a old issue which has now been resolved.

do not remember if we ended up using this code.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now