[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

vbs isMember script - Active directory check

Posted on 2013-11-26
5
Medium Priority
?
2,982 Views
Last Modified: 2014-04-13
hi

i am looking for a vbs script that will check if a user belongs in a particular active directory group.

i have tried using the isMember function but it just keeps failing, im not sure what im doing wrong... does anybody have a simple isMember example i can use?

it needs to be as simple as


IF isMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window



i have tried using the logic from here
http://ss64.com/vb/syntax-ismember.html

but i cant get it to work.. not sure whats going on and my vbs knowledge is limited


any ideas?


cheers!
0
Comment
Question by:BakerSyd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 25

Expert Comment

by:chaau
ID: 39679393
Have you copied the whole function in your VBS script?
Also, according to the article the usage of this function is as follows:
'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)

'Check whether objADUser is a member of Group SS64
If (IsMember(objADUser, "SS64") = True) Then
  WScript.Echo "You are a member of the group"
End If

Open in new window

Basically, you need to initialise objADUser variable for the current user (which the first two lines do). If you really want to call the function with one argument then create a new function, like this:
Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function

Open in new window

Then the usage will be as simple as yours:
IF isMeAMember ("groupName") then
    do this
Else
    do this
End IF

Open in new window

Remember, you must still include the code for IsMember and IsMeAMember in your vbs file (they can be put in your file at the en, after your main function)
0
 

Author Comment

by:BakerSyd
ID: 39679429
hey... thanks for replying...
i ran the following code


Function IsMeAMember(ByVal strGroupNTName)
  ' Function to test for group membership.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' Returns True if the current user is a member of the group.
  'Create an Active Directory object
  Set objADSystemInfo = CreateObject("ADSystemInfo")

  'Create an object for the current user
  Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
  IsMeAMember = IsMember(objADUser, strGroupNTName) 
End Function


IF isMeAMember ("GROUPNAME") then
    wscript.echo "i am a member"
Else
    wscript.echo "i am here"
End IF

Open in new window



and i got a type mismatch at isMember
0
 
LVL 25

Expert Comment

by:chaau
ID: 39679441
Have you put the code for IsMember function from the link you have provided? To re-iterate, you need to also include this function:
Function IsMember(ByVal objADObject, ByVal strGroupNTName)
  ' Function to test for group membership.
  ' objADObject is a user or computer object.
  ' strGroupNTName is the NT name (sAMAccountName) of the group to test.
  ' objGroupList is a dictionary object, with global scope.
  ' Returns True if the user or computer is a member of the group.
  ' Subroutine LoadGroups is called once for each different objADObject.

    Dim objRootDSE, strDNSDomain

  ' The first time IsMember is called, setup the dictionary object
  ' and objects required for ADO.
    If (IsEmpty(objGroupList) = True) Then
        Set objGroupList = CreateObject("Scripting.Dictionary")
        objGroupList.CompareMode = vbTextCompare

        Set adoCommand = CreateObject("ADODB.Command")
        Set adoConnection = CreateObject("ADODB.Connection")
        adoConnection.Provider = "ADsDSOObject"
        adoConnection.Open "Active Directory Provider"
        adoCommand.ActiveConnection = adoConnection

        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")

        adoCommand.Properties("Page Size") = 100
        adoCommand.Properties("Timeout") = 30
        adoCommand.Properties("Cache Results") = False

        ' Search entire domain.
        strBase = "<LDAP://" & strDNSDomain & ">"
        ' Retrieve NT name of each group.
        strAttributes = "sAMAccountName"

        ' Load group memberships for this user or computer into dictionary
        ' object.
        Call LoadGroups(objADObject)
        Set objRootDSE = Nothing
    End If
    If (objGroupList.Exists(objADObject.sAMAccountName & "\") = False) Then
        ' Dictionary object established, but group memberships for this
        ' user or computer must be added.
        Call LoadGroups(objADObject)
    End If
    ' Return True if this user or computer is a member of the group.
    IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" _
        & strGroupNTName)
End Function

Open in new window

0
 

Accepted Solution

by:
BakerSyd earned 0 total points
ID: 39679510
the code you posted above didnt run at all... nothing popped up


i managed to get it working using the following code

'Create an Active Directory object
Set objADSystemInfo = CreateObject("ADSystemInfo")

'Create an object for the current user
Set objADUser = GetObject("LDAP://" & objADSystemInfo.UserName)
Set objGroup = GetObject("LDAP://CN=GroupName,OU=1,OU=2,OU=3,OU=4,DC=5,DC=com")

'Check whether objADUser is a member of Group SS64
If objGroup.IsMember(objADUser.ADsPath) Then
 WScript.Echo "You are a member of the group"
Else
   WScript.Echo "Not a member of Group" 
 
End If

Open in new window



so this works... but it doesnt scan nested groups... which is a problem
0
 

Author Closing Comment

by:BakerSyd
ID: 39997093
closing as this is a old issue which has now been resolved.

do not remember if we ended up using this code.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question