Tags: active, asp, drives, function, greetings, group, groups, ismemberof, loginscript, map, membership, nested, nesting, page, programming, server

Nesting Question for LoginScript

On Programmer » Active Server Page (ASP)

14,338 words with 7 Comments; publish: Tue, 27 May 2008 11:27:00 GMT; (20078.13, « »)

Greetings,

I am using a function IsMemberOf to check group membership to map drives.

Currently I am nesting some groups within groups but the nested group

members don't map the drive for the group being nested within. Is this

because IsMemberOf doesn't check nested group membership?

All Comments

Leave a comment...

  • 7 Comments
    • Nvm, answered my own question. Thanks anyways!

      "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      news:%239kyqVRfHHA.4188.asp.todaysummary.com.TK2MSFTNGP02.phx.gbl...

      > Greetings,

      > I am using a function IsMemberOf to check group membership to map drives.

      > Currently I am nesting some groups within groups but the nested group

      > members don't map the drive for the group being nested within. Is this

      > because IsMemberOf doesn't check nested group membership?

      >

      #1; Tue, 27 May 2008 11:28:00 GMT
    • I have some example VBScript functions to check for group membership linked

      here:

      http://www.rlmueller.net/freecode1.htm

      The tokenGroups attribute is good because this multi-valued collection of

      group SID values includes all nested group memberships, plus the "primary"

      group of the user. The only memberships missing are distribution groups

      (because they are not security groups) and memberships in other domains.

      Otherwise, most of the other methods involve recursive methods to track down

      the group nesting. Dictionary objects are used to improve performance and

      prevent an infinite loop if the group nesting is circular.

      I also have some example VBScript logon scripts that map drives according to

      group membership linked here:

      http://www.rlmueller.net/freecode2.htm

      --

      Richard Mueller

      Microsoft MVP Scripting and ADSI

      Hilltop Lab - http://www.rlmueller.net

      --

      "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      news:uewuCgRfHHA.4596.asp.todaysummary.com.TK2MSFTNGP05.phx.gbl...

      > Nvm, answered my own question. Thanks anyways!

      > "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      > news:%239kyqVRfHHA.4188.asp.todaysummary.com.TK2MSFTNGP02.phx.gbl...

      >> Greetings,

      >> I am using a function IsMemberOf to check group membership to map drives.

      >> Currently I am nesting some groups within groups but the nested group

      >> members don't map the drive for the group being nested within. Is this

      >> because IsMemberOf doesn't check nested group membership?

      >

      #2; Tue, 27 May 2008 11:30:00 GMT
    • Thanks Richard, I already have a script worked up and now find I need to

      alter it some. Basically I call a function to check for membership, but i

      didn't count on nesting being a problem. Here is the function I am using:

      Function IsMemberOf(strGroupName)

      Set objNetwork = CreateObject("WScript.Network")

      strDomain = objNetwork.UserDomain

      strUser = objNetwork.UserName

      bIsMember = False

      Set objUser = GetObject("WinNT://" & strDomain & "/" & _

      strUser & ",user")

      For Each objGroup In objUser.Groups

      If objGroup.Name = strGroupName Then

      bIsMember = True

      Exit For

      End If

      Next

      IsMemberOf = bIsMember

      End Function

      I am going to check you links out and hope I can figure out how to add what

      I need to what I already have, since I am beginner and all :) Thanks again

      "Richard Mueller [MVP]" <rlmueller-nospam.asp.todaysummary.com.ameritech.nospam.net> wrote in

      message news:eu$8OmRfHHA.4636.asp.todaysummary.com.TK2MSFTNGP03.phx.gbl...

      >I have some example VBScript functions to check for group membership linked

      >here:

      > http://www.rlmueller.net/freecode1.htm

      > The tokenGroups attribute is good because this multi-valued collection of

      > group SID values includes all nested group memberships, plus the "primary"

      > group of the user. The only memberships missing are distribution groups

      > (because they are not security groups) and memberships in other domains.

      > Otherwise, most of the other methods involve recursive methods to track

      > down the group nesting. Dictionary objects are used to improve performance

      > and prevent an infinite loop if the group nesting is circular.

      > I also have some example VBScript logon scripts that map drives according

      > to group membership linked here:

      > http://www.rlmueller.net/freecode2.htm

      > --

      > Richard Mueller

      > Microsoft MVP Scripting and ADSI

      > Hilltop Lab - http://www.rlmueller.net

      > --

      > "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      > news:uewuCgRfHHA.4596.asp.todaysummary.com.TK2MSFTNGP05.phx.gbl...

      >> Nvm, answered my own question. Thanks anyways!

      >> "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      >> news:%239kyqVRfHHA.4188.asp.todaysummary.com.TK2MSFTNGP02.phx.gbl...

      >> Greetings,

      >> I am using a function IsMemberOf to check group membership to map

      >> drives. Currently I am nesting some groups within groups but the nested

      >> group members don't map the drive for the group being nested within. Is

      >> this because IsMemberOf doesn't check nested group membership?

      >>

      >

      #3; Tue, 27 May 2008 11:31:00 GMT
    • Your first problem is that the WinNT provider is blind to domain group

      nesting (and all AD hierarchy). You will need to use the LDAP provider. If

      all of your clients have Windows 2000 or better, you can use the

      ADSystemInfo object to retrieve the current user's Distinguished Name, so

      you can bind to the user object with the LDAP provider. For example (as in

      my Logon3.vbs):

      =============Set objSysInfo = CreateObject("ADSystemInfo")

      strUserDN = objSysInfo.userName

      ' Bind to the user object with the LDAP provider.

      Set objUser = GetObject("LDAP://" & strUserDN)

      ============

      Logon3.vbs uses a recursive method to work out the group nesting. It may

      help you.

      http://www.rlmueller.net/Logon3.htm

      --

      Richard Mueller

      Microsoft MVP Scripting and ADSI

      Hilltop Lab - http://www.rlmueller.net

      --

      "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      news:e3x06vRfHHA.3508.asp.todaysummary.com.TK2MSFTNGP03.phx.gbl...

      > Thanks Richard, I already have a script worked up and now find I need to

      > alter it some. Basically I call a function to check for membership, but i

      > didn't count on nesting being a problem. Here is the function I am using:

      > Function IsMemberOf(strGroupName)

      > Set objNetwork = CreateObject("WScript.Network")

      > strDomain = objNetwork.UserDomain

      > strUser = objNetwork.UserName

      > bIsMember = False

      > Set objUser = GetObject("WinNT://" & strDomain & "/" & _

      > strUser & ",user")

      > For Each objGroup In objUser.Groups

      > If objGroup.Name = strGroupName Then

      > bIsMember = True

      > Exit For

      > End If

      > Next

      > IsMemberOf = bIsMember

      > End Function

      >

      > I am going to check you links out and hope I can figure out how to add

      > what I need to what I already have, since I am beginner and all :) Thanks

      > again

      >

      > "Richard Mueller [MVP]" <rlmueller-nospam.asp.todaysummary.com.ameritech.nospam.net> wrote in

      > message news:eu$8OmRfHHA.4636.asp.todaysummary.com.TK2MSFTNGP03.phx.gbl...

      >>I have some example VBScript functions to check for group membership

      >>linked here:

      >> http://www.rlmueller.net/freecode1.htm

      >> The tokenGroups attribute is good because this multi-valued collection of

      >> group SID values includes all nested group memberships, plus the

      >> "primary" group of the user. The only memberships missing are

      >> distribution groups (because they are not security groups) and

      >> memberships in other domains. Otherwise, most of the other methods

      >> involve recursive methods to track down the group nesting. Dictionary

      >> objects are used to improve performance and prevent an infinite loop if

      >> the group nesting is circular.

      >> I also have some example VBScript logon scripts that map drives according

      >> to group membership linked here:

      >> http://www.rlmueller.net/freecode2.htm

      >> --

      >> Richard Mueller

      >> Microsoft MVP Scripting and ADSI

      >> Hilltop Lab - http://www.rlmueller.net

      >> --

      >> "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      >> news:uewuCgRfHHA.4596.asp.todaysummary.com.TK2MSFTNGP05.phx.gbl...

      >> Nvm, answered my own question. Thanks anyways!

      >> "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      >> news:%239kyqVRfHHA.4188.asp.todaysummary.com.TK2MSFTNGP02.phx.gbl...

      >> Greetings,

      >> I am using a function IsMemberOf to check group membership to map

      >> drives. Currently I am nesting some groups within groups but the nested

      >> group members don't map the drive for the group being nested within. Is

      >> this because IsMemberOf doesn't check nested group membership?

      >>

      >>

      >

      #4; Tue, 27 May 2008 11:32:00 GMT
    • This is exactly what I am looking for. I see I have a long way to go in

      learning VBS, my way was completely different and a bit off. One question

      though, how would I add in the ability to map a home drive in your logon3

      script? Or should I say, what would be your way of doing it. I barely got

      mine worked out the first time, now I see entirely different code here and

      it's throwing me off.

      #5; Tue, 27 May 2008 11:32:00 GMT
    • "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      news:eRLESMTfHHA.2052.asp.todaysummary.com.TK2MSFTNGP05.phx.gbl...

      > This is exactly what I am looking for. I see I have a long way to go in

      > learning VBS, my way was completely different and a bit off. One question

      > though, how would I add in the ability to map a home drive in your logon3

      > script? Or should I say, what would be your way of doing it. I barely got

      > mine worked out the first time, now I see entirely different code here and

      > it's throwing me off.

      >

      Usually the home drive is mapped automatically by the client during logon.

      Otherwise, you can bind to the user and retrieve the values of the homeDrive

      and homeDirectory attributes. These correspond to the values on the Profile

      tab of the user properties dialog in ADUC. For example, assuming objUser and

      objNetwork are bound earlier:

      ================strHomeShare = objUser.homeDirectory

      If (strHomeShare <> "") Then

      strHomeDrive = objUser.homeDrive

      If (strHomeDrive = "") Then

      strHomeDrive = "H:"

      End If

      On Error Resume Next

      objNetwork.MapNetworkDrive strHomeDrive, strHomeShare

      If (Err.Number <> 0) Then

      On Error GoTo 0

      objNetwork.RemoveNetworkDrive strHomeDrive, True, True

      objNetwork.MapNetworkDrive strHomeDrive, strHomeShare

      End If

      On Error GoTo 0

      End If

      =============Or using the MapDrive function in Logon3.vbs

      ==============strHomeShare = objUser.homeDirectory

      If (strHomeShare <> "") Then

      strHomeDrive = objUser.homeDrive

      If (strHomeDrive = "") Then

      strHomeDrive = "H:"

      End If

      If (MapDrive(strHomeDrive, strHomeShare) = False) Then

      MsgBox "Unable to map home drive"

      End If

      End If

      --

      Richard Mueller

      Microsoft MVP Scripting and ADSI

      Hilltop Lab - http://www.rlmueller.net

      --

      #6; Tue, 27 May 2008 11:34:00 GMT
    • Ah I see, thanks for the help!

      "Richard Mueller [MVP]" <rlmueller-nospam.asp.todaysummary.com.ameritech.nospam.net> wrote in

      message news:uyVQYSXfHHA.2408.asp.todaysummary.com.TK2MSFTNGP04.phx.gbl...

      > "Mac" <bcmchenry.asp.todaysummary.com.nmrc.state.ms.us> wrote in message

      > news:eRLESMTfHHA.2052.asp.todaysummary.com.TK2MSFTNGP05.phx.gbl...

      >> This is exactly what I am looking for. I see I have a long way to go in

      >> learning VBS, my way was completely different and a bit off. One question

      >> though, how would I add in the ability to map a home drive in your logon3

      >> script? Or should I say, what would be your way of doing it. I barely got

      >> mine worked out the first time, now I see entirely different code here

      >> and it's throwing me off.

      > Usually the home drive is mapped automatically by the client during logon.

      > Otherwise, you can bind to the user and retrieve the values of the

      > homeDrive and homeDirectory attributes. These correspond to the values on

      > the Profile tab of the user properties dialog in ADUC. For example,

      > assuming objUser and objNetwork are bound earlier:

      > ================> strHomeShare = objUser.homeDirectory

      > If (strHomeShare <> "") Then

      > strHomeDrive = objUser.homeDrive

      > If (strHomeDrive = "") Then

      > strHomeDrive = "H:"

      > End If

      > On Error Resume Next

      > objNetwork.MapNetworkDrive strHomeDrive, strHomeShare

      > If (Err.Number <> 0) Then

      > On Error GoTo 0

      > objNetwork.RemoveNetworkDrive strHomeDrive, True, True

      > objNetwork.MapNetworkDrive strHomeDrive, strHomeShare

      > End If

      > On Error GoTo 0

      > End If

      > =============> Or using the MapDrive function in Logon3.vbs

      > ==============> strHomeShare = objUser.homeDirectory

      > If (strHomeShare <> "") Then

      > strHomeDrive = objUser.homeDrive

      > If (strHomeDrive = "") Then

      > strHomeDrive = "H:"

      > End If

      > If (MapDrive(strHomeDrive, strHomeShare) = False) Then

      > MsgBox "Unable to map home drive"

      > End If

      > End If

      > --

      > Richard Mueller

      > Microsoft MVP Scripting and ADSI

      > Hilltop Lab - http://www.rlmueller.net

      > --

      >

      #7; Tue, 27 May 2008 11:35:00 GMT