W
Tue Dec 27 15:43:04 CST 2005
Rob,
>
> Here is a previous post I made. Perhaps this will help
> you.....................
>
>
>
> Ben,
>
> Here is how we do it in our logon script...... Basically we get the
> distinguished name in the first sub. When we invoke the Load_Group_Array
> we
> load the root level group membership which is the lowest level group
> around.
> Department has no lower level groups in it but department is a member of
> Division which is a member of a Company. We get the low level goups and
> we
> then specify that if that group is a member of OU=department then we want
> to
> send the distuished name of the group down to the Load_Nested_Groups
> routine
> that get higher level (i.e. Division) going a level until you run out of
> groups to get. Hope you get the picture.
>
> Dim arrUserGroups()
> ReDim arrUserGroups(-1)
> '************************************************************************************
> '* This routine uses ADSystemInfo to get the users fully qualified
> distinguished *
> '* name as well as fully qualifed machine information to use in the
> program.
> Once *
> '* the informatin has been retrieved, an LDAP call is made to get the
> additional *
> '* information from the system. The information retrieved from both calls
> is then *
> '* used in the remainder of the program in other routines.
> *
> '************************************************************************************
> Sub GET_LOGIN_INFO()
> On Error Resume Next
> Set LoginInfo = CreateObject("ADSystemInfo")
> Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
> SiteName = UCase(LoginInfo.SiteName)
> End Sub
> '************************************************************************************
> '* This routine gets the users root level user groups and passes the
> Distinguished *
> '* Name of the group to the AddToGroupArray subroutine to load the members
> into an *
> '* array. Note that because of group nesting, when the department group
> is
> found *
> '* The Department Distuished Name is passed to the Load_Nested_Groups
> routine *
> '* so the nested groups can also be loaded into the array.
> *
> '************************************************************************************
> Sub Load_Group_Array()
> Dim
> UserObj,MemberOfObj,Group,StartOfArray,EndOfArray,ArrayString,IDX1,GroupArrayString
> DepartmentDN = ""
> Set UserObj = GetObject("LDAP://" & LoginInfo.UserName & "")
> MemberOfObj = UserObj.GetEx("MemberOf")
> For Each Group In MemberOfObj
> GroupArrayString = Split(Group,",",3)
> GroupArrayString(0) = Mid(GroupArrayString(0),4)
> GroupArrayString(1) = Mid(GroupArrayString(1),4)
> ReDim Preserve ArrUserGroups(UBound(ArrUserGroups) + 1)
> ArrUserGroups(UBound(ArrUserGroups)) = GroupArrayString(0)
> If GroupArrayString(1) = "Departments" Then
> If IsNumeric(Right(GroupArrayString(0),1)) Then
> UserDepartment = GroupArrayString(0)
> DepartmentDN = Group
> Elseif InStr(GroupArrayString(0),"Building-") Then
> UserBuilding = GroupArrayString(0)
> End If
> End If
> If GroupArrayString(1) = "Offices" Then
> If IsNumeric(Right(GroupArrayString(0),1)) Then
> ClmOffice = GroupArrayString(0)
> DepartmentDN = Group
> End If
> End If
> Next
> If DepartmentDN <> "" Then
> Call Load_Nested_Groups(DepartmentDN)
> End If
> Do While DepartmentGroup <> ""
> Call Load_Nested_Groups(DepartmentGroup)
> Loop
> End Sub
>
> '************************************************************************************
> '* This routine will retrieve nested groups from a distinguished group
> name
> passed *
> '* in as a parameter. Note that if additional groups are identified that
> must also *
> '* have their nested groups exposed, the DepartmentGroup variable is set
> and
> this *
> '* group will be passed into this routine by a subsequent call.
> *
> '************************************************************************************
> Sub Load_Nested_Groups(DistinguishedName)
> Dim
> GroupObj,ArrMembersOf,StrMemberOf,StartOfArray,EndOfArray,ArrayString,MemberOfArrayString
> Set GroupObj = GetObject("LDAP://" & DistinguishedName)
> DepartmentGroup = ""
> GroupObj.GetInfo
> ArrMembersOf = GroupObj.GetEx("memberOf")
> For Each StrMemberOf In ArrMembersOf
> MemberOfArrayString = Split(StrMemberOf,",",3)
> MemberOfArrayString(0) = Mid(MemberofarrayString(0),4)
> MemberOfArrayString(1) = Mid(MemberofarrayString(1),4)
> ReDim Preserve ArrUserGroups(UBound(ArrUserGroups) + 1)
> arrUserGroups(UBound(ArrUserGroups)) = MemberOfArrayString(0)
> If MemberOfArrayString(1) = "Divisions" Then
> If IsNumeric(Right(MemberOfArrayString(0),1)) Then
> UserMgtCode = MemberOfArrayString(0)
> DepartmentGroup = StrMemberOf
> End If
> End If
> If InStr(UCase(MemberOfArrayString(0)),"COMPANY-") Then
> DepartmentGroup = StrMemberOf
> End If
> If MemberOfArrayString(1) = "Offices" Then
> If IsNumeric(Right(MemberOfArrayString(0),1)) Then
> ClmOffice = MemberOfArrayString(0)
> DepartmentGroup = StrMemberOf
> End If
> End If
> If MemberOfArrayString(1)= "DeptDivsBldg" Then
> If InStr(MemberOfArrayString(0),"Building-") Then
> UserBuilding = MemberOfArrayString(0)
> End If
> End If
> Next
> End Sub
>
>
>
>
> "Ben" <benNOSPAMhough@comcast.net> wrote in message
> news:uxY3onDAGHA.272@TK2MSFTNGP09.phx.gbl...
>> Part of my logon scripts checks group membership and then maps drive,
>> printers, etc. based on that membership. Works great if the member is a
>> direct member of that group, but if the user is a member of a group
>> nested
>> within the group the VBScript is checking it does not work. How can I
>> have the script read into nested groups as well? Here is a snippit of my
>> script. Thanks.
>>
>> Ben
>>
>> ON ERROR RESUME NEXT
>>
>> Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj,
>> Path
>>
>>
>> Set WSHShell = CreateObject("WScript.Shell")
>> Set WSHNetwork = CreateObject("WScript.Network")
>> Set objDomain = getObject("LDAP://rootDse")
>> DomainString = objDomain.Get("dnsHostName")
>>
>> For Each GroupObj In UserObj.Groups
>> Select Case GroupObj.Name
>> Case "Group1"
>> WSHNetwork.MapNetworkDrive "f:",\\server1\share, True
>>
>> End Select
>> Next
>>
>>
>
>
>
>
>
> ----- Original Message -----
> From: "Rob Commarota" <RobCommarota@discussions.microsoft.com>
> Newsgroups: microsoft.public.scripting.vbscript
> Sent: Tuesday, December 27, 2005 12:53 PM
> Subject: Enumerate group membership
>
>
>>I am trying to enumerate the group membership for a user at logon. I need
>>to
>> know about every group, so I must use a recursive function to check the
>> group
>> membership of each group (I use a different procedure to get the primary
>> group as the memberOf attribute does not contain this info). I have the
>> following which I modeled on the work of Richard Mueller -
>> www.rlmueller.net.
>> His program works great, but I wanted something that did not rely on a
>> dictionary object outside of the procedure to store values. I am storing
>> and
>> passing values within the function. My function works, but I get
>> repeated
>> group names if the group type is domain local. I can't seem to add logic
>> that corrects this problem. Any suggestions?
>>
>> Call to the function from main program is something like this:
>>
>> strValue=EnumGroups(ADObject, "",TRUE)
>>
>>
>>
>>
>> Function EnumGroups(fobjADObject,fstrStoreValue,fCallFirst)
>>
>> Dim arrGroups
>> Dim objGroup
>> Dim intCount
>> Dim strMyTempValue
>> Dim strSAMname
>>
>> strMyTempValue = ""
>> strSAMname = UCase(fobjADObject.sAMAccountName)
>>
>> If fCallFirst = False Then
>> If Not InStr(fstrStoreValue,"CN=" & strSAMName) Then
>> If Not fstrStoreValue = "" Then
>> strMyTempValue = fstrStoreValue & "CN=" & strSAMname & Chr(10)
>> Else
>> strMyTempValue = "CN=" & strSAMname & Chr(10)
>> End If
>> End If
>> End If
>>
>> arrGroups = fobjADObject.memberOf
>>
>> '** The AD object contains no groups. In this case, the function is set
>> '** to the value of the passed value holder if it is NOT empty and if
>> '** the string isn't already there.
>>
>> If IsEmpty(arrGroups) Then
>> If Not InStr(fstrStoreValue,"CN=" & strSAMname) Then
>> EnumGroups = strMyTempValue
>> End If
>> Exit Function
>> End If
>>
>> '** If the item returned from the memberOf method is a string, then
>> '** recurse for the group to check for its memberships and add results
>> '** to the value of the function.
>>
>> If TypeName(arrGroups) = "String" Then
>> Set objGroup = GetObject("LDAP://" & arrGroups)
>> strMyTempValue = EnumGroups(objGroup,strMyTempValue,False)
>> EnumGroups = strMyTempValue
>> Set objGroup = Nothing
>> Exit Function
>> End If
>>
>>
>> '** The arrGroups is NOT empty and is not a string, so it must be an
>> '** array of groups. Recurse for each group in the array and add
>> results
>> '** to the value of the function.
>>
>> For intCount = 0 To UBound(arrGroups)
>> Set objGroup = GetObject("LDAP://" & arrGroups(intCount))
>> strMyTempValue = EnumGroups(objGroup,strMyTempValue,False)
>> Set objGroup = Nothing
>> Next
>>
>> EnumGroups = strMyTempValue
>>
>> End Function '** EnumGroups
>>
>
>
>
--
----------------------------------------------------
This mailbox protected from junk email by MailFrontier Desktop
from MailFrontier, Inc.
http://info.mailfrontier.com
"Rob Commarota" <RobCommarota@discussions.microsoft.com> wrote in message
news:E2133DB3-A1D9-4A1E-832A-A7DDF19AA53B@microsoft.com...
>I am trying to enumerate the group membership for a user at logon. I need
>to
> know about every group, so I must use a recursive function to check the
> group
> membership of each group (I use a different procedure to get the primary
> group as the memberOf attribute does not contain this info). I have the
> following which I modeled on the work of Richard Mueller -
> www.rlmueller.net.
> His program works great, but I wanted something that did not rely on a
> dictionary object outside of the procedure to store values. I am storing
> and
> passing values within the function. My function works, but I get repeated
> group names if the group type is domain local. I can't seem to add logic
> that corrects this problem. Any suggestions?
>
> Call to the function from main program is something like this:
>
> strValue=EnumGroups(ADObject, "",TRUE)
>
>
>
>
> Function EnumGroups(fobjADObject,fstrStoreValue,fCallFirst)
>
> Dim arrGroups
> Dim objGroup
> Dim intCount
> Dim strMyTempValue
> Dim strSAMname
>
> strMyTempValue = ""
> strSAMname = UCase(fobjADObject.sAMAccountName)
>
> If fCallFirst = False Then
> If Not InStr(fstrStoreValue,"CN=" & strSAMName) Then
> If Not fstrStoreValue = "" Then
> strMyTempValue = fstrStoreValue & "CN=" & strSAMname & Chr(10)
> Else
> strMyTempValue = "CN=" & strSAMname & Chr(10)
> End If
> End If
> End If
>
> arrGroups = fobjADObject.memberOf
>
> '** The AD object contains no groups. In this case, the function is set
> '** to the value of the passed value holder if it is NOT empty and if
> '** the string isn't already there.
>
> If IsEmpty(arrGroups) Then
> If Not InStr(fstrStoreValue,"CN=" & strSAMname) Then
> EnumGroups = strMyTempValue
> End If
> Exit Function
> End If
>
> '** If the item returned from the memberOf method is a string, then
> '** recurse for the group to check for its memberships and add results
> '** to the value of the function.
>
> If TypeName(arrGroups) = "String" Then
> Set objGroup = GetObject("LDAP://" & arrGroups)
> strMyTempValue = EnumGroups(objGroup,strMyTempValue,False)
> EnumGroups = strMyTempValue
> Set objGroup = Nothing
> Exit Function
> End If
>
>
> '** The arrGroups is NOT empty and is not a string, so it must be an
> '** array of groups. Recurse for each group in the array and add results
> '** to the value of the function.
>
> For intCount = 0 To UBound(arrGroups)
> Set objGroup = GetObject("LDAP://" & arrGroups(intCount))
> strMyTempValue = EnumGroups(objGroup,strMyTempValue,False)
> Set objGroup = Nothing
> Next
>
> EnumGroups = strMyTempValue
>
> End Function '** EnumGroups
>