Rory
Tue May 13 16:31:01 CDT 2008
Thanks for the help. I found a fix by rewriting this script a little
different. Here is the changed code for anyon interested. Thanks
' Check for Site Messages and mappings
'Get username in two Parts
'First get DN of User
Set objSysInfo = CreateObject("ADSystemInfo")
StrUser = ObjSysInfo.UserName
'Second Resolve User Name
Set ObjUser = GetObject("LDAP://" & StrUser)
LogN = ObjUser.sAMAccountName
Set objUsr = GetObject("WinNT://" & DomainN & "/" & LogN & ",user")
'confirm user has a group assigned to them
If ISNULL(objUsr.Groups) = False then
For each Group in objUsr.Groups
' Check for a message for each Group
Messagepath = Scrpath & "\" & Group.name & ".txt"
WScript.Echo Messagepath
If (fso.FileExists(Messagepath)) Then
Set f = fso.OpenTextFile(Messagepath, ForReading, True)
temp = WShShell.Popup(f.Readall,30,ExtremeM, 0 + 48)
End If
' Chech for a Script for each Group
Scriptpath = Scrpath & "\" & Group.name & ".VBS"
WScript.Echo Scriptpath
If (fso.FileExists(Scriptpath)) Then
Temp = WshShell.Run(Scriptpath ,1 , True)
End If
Next
End If
"Richard Mueller [MVP]" wrote:
> Rory wrote:
>
> >I have an old script I use to verify what groups a user is in and then run
> > scripts based on thoughs groups. This script run perfectly fine on my
> > current
> > domain/forest with all users.
> > However when I created a new domain/forest for a sub company that is
> > braking
> > off from us the script no longer works.
> > The funny part is that for Domain admins it works fine but not for a
> > regluar
> > user. I think it is some permission change in AD and would like to know
> > what
> > I have to change to get this to work.
> >
> > Here is the part of the script I use to vailadate groups:
> >
> >
> > ' Check For Group Messages and Mappings
> >
> > Set ADSysInfo = CreateObject("ADSystemInfo")
> > Set CurrentUser = GetObject("LDAP://" &ADSysInfo.UserName)
> > arrMemberOf = CurrentUser.MemberOf
> >
> > For each Group in arrMemberOf
> > Group = Mid(Group,4)
> > intLeft = Instr(Group,",") - 1
> > Group = Left(Group, intLeft)
> > 'WScript.Echo Group
> >
> > ' Check for a message for each Group
> >
> > Messagepath = Scrpath & "\" & Group & ".txt"
> > 'WScript.Echo Messagepath
> >
> > If (fso.FileExists(Messagepath)) Then
> > Set f = fso.OpenTextFile(Messagepath, ForReading, True)
> > temp = WShShell.Popup(f.Readall,30,ExtremeM, 0 + 48)
> > End If
> >
> > ' Chech for a Script for each Group
> >
> > Scriptpath = Scrpath & "\" & Group & ".VBS"
> > 'WScript.Echo Scriptpath
> >
> > If (fso.FileExists(Scriptpath)) Then
> > Temp = WshShell.Run(Scriptpath ,1 , True)
> > End If
> >
> >
> > Next
> >
>
>
> More likely the error is raised when the user does not have at least two
> direct group memberships (not counting the "primary" group). See this
> discussion:
>
>
http://www.rlmueller.net/MemberOf.htm
>
> The "For Each" statement expects an array of values, but
> CurrentUser.memberOf is "String" if memberOf has one group DN, "Empty" if
> memberOf has no DN's, and only the expected "Variant()" if memberOf has at
> least two DN's. The link has a fix, plus other ways to check for direct
> group membership.
>
> I would recommend not attempting to parse the DN's. Your algorithm will fail
> if the Common Name of the group has an embedded comma, for example. You
> could bind to the group object and retrieve the value of the cn or
> sAMAccountName attributes instead.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab -
http://www.rlmueller.net
> --
>
>
>