I have a group of students in an OU group that I wanted to give permission to
logon to a new computer we have added. My hope was that there would be a
group policy object that would allow me to do this - but no luck - so I wrote
the script below with the help of the Scripting Guy articles.

It works great, the only problem is that if the computer is already listed
as one they can logon to, it will duplicate, but of course tell me that they
are already allowed to logon to it. I know what the issue is, I just don't
know the best way to correct the problem. Please take a look and let me know
if you have suggestions about how best to rewrite this to fix the problem.

Option Explicit



Dim strComputer, objUser, strWorkstations, arrNames, k, objOU

' Bind to user object.
Set objOU = GetObject _
("LDAP://OU=Students,OU=HS,DC=EXAMPLE,DC=LOCAL")
objOU.Filter = Array("user")

' Specify NetBIOS name of computer to add.
strComputer = "hsrm105s2"

For Each objUser in objOU
' Retrieve value of userWorkstations attribute.
strWorkstations = objUser.userWorkstations

' Check if new computer name already included.
arrNames = Split(strWorkstations, ",")
For k = 0 To UBound(arrNames)
If (LCase(strComputer) = LCase(arrNames(k))) Then
' This computer already included. Abort.
Wscript.Echo "User already allowed to logon to " & strComputer
End If
Next

' Append new computer name.
If (strWorkstations = "") Then
strWorkstations = strComputer
Else
strWorkstations = strWorkstations & "," & strComputer
End If

' Save new value.
objUser.userWorkstations = strWorkstations
objUser.SetInfo

Next

"jnet77" <jnet77@xxxxxx> wrote in message
news:7837427E-8CF7-47E5-BDC3-655680555057@xxxxxx

>I have a group of students in an OU group that I wanted to give permission
>to
> logon to a new computer we have added. My hope was that there would be a
> group policy object that would allow me to do this - but no luck - so I
> wrote
> the script below with the help of the Scripting Guy articles.
>
> It works great, the only problem is that if the computer is already listed
> as one they can logon to, it will duplicate, but of course tell me that
> they
> are already allowed to logon to it. I know what the issue is, I just
> don't
> know the best way to correct the problem. Please take a look and let me
> know
> if you have suggestions about how best to rewrite this to fix the problem.
>
> Option Explicit
>
> Dim strComputer, objUser, strWorkstations, arrNames, k, objOU
>
> ' Bind to user object.
> Set objOU = GetObject _
> ("LDAP://OU=Students,OU=HS,DC=EXAMPLE,DC=LOCAL")
> objOU.Filter = Array("user")
>
> ' Specify NetBIOS name of computer to add.
> strComputer = "hsrm105s2"
>
> For Each objUser in objOU
> ' Retrieve value of userWorkstations attribute.
> strWorkstations = objUser.userWorkstations
>
> ' Check if new computer name already included.
> arrNames = Split(strWorkstations, ",")
> For k = 0 To UBound(arrNames)
> If (LCase(strComputer) = LCase(arrNames(k))) Then
> ' This computer already included. Abort.
> Wscript.Echo "User already allowed to logon to " & strComputer
> End If
> Next
>
> ' Append new computer name.
> If (strWorkstations = "") Then
> strWorkstations = strComputer
> Else
> strWorkstations = strWorkstations & "," & strComputer
> End If
>
> ' Save new value.
> objUser.userWorkstations = strWorkstations
> objUser.SetInfo
>
> Next

You neglect to abort when you find the computer name already in the list.
You could use:

arrNames = Split(strWorkstations, ",")
For k = 0 To UBound(arrNames)
If (LCase(strComputer) = LCase(arrNames(k))) Then
' This computer already included. Abort.
Wscript.Echo "User already allowed to logon to " & strComputer
Wscript.Quit ' <<-- new statement.
End If
Next

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Richard,

Thanks for the response, and what you suggested is originally how the script
worked. The problem was, though, if I had 500 students and the 100th one
already had the computer, the script would end at student 100. That meant
the other 400 wouldn't get the new computer added.

I need the script to only not execute on a user when the computer is already
found, but then go on and move to the next user.

Your assistance in advance is appreciated.

"jnet77" <jnet77@xxxxxx> wrote in message
news:F13662A0-F432-4E68-BB30-5C86865C75E6@xxxxxx

> Richard,
>
> Thanks for the response, and what you suggested is originally how the
> script
> worked. The problem was, though, if I had 500 students and the 100th one
> already had the computer, the script would end at student 100. That meant
> the other 400 wouldn't get the new computer added.
>
> I need the script to only not execute on a user when the computer is
> already
> found, but then go on and move to the next user.
>
> Your assistance in advance is appreciated.

Then one solution would be a boolean variable to indicate if the name is
found. For example (in part):
========
Dim blnFound

For Each objUser in objOU
' Retrieve value of userWorkstations attribute.
strWorkstations = objUser.userWorkstations

' Check if new computer name already included.
arrNames = Split(strWorkstations, ",")
blnFound = False
For k = 0 To UBound(arrNames)
If (LCase(strComputer) = LCase(arrNames(k))) Then
' This computer already included. Abort.
Wscript.Echo "User already allowed to logon to " & strComputer
blnFound = True
Exit For
End If
Next

If (blnFound = False) then
' Append new computer name.
If (strWorkstations = "") Then
strWorkstations = strComputer
Else
strWorkstations = strWorkstations & "," & strComputer
End If

' Save new value.
objUser.userWorkstations = strWorkstations
objUser.SetInfo
End If

Next
=========
Note that the "Exit For" statement exits from the inner "For" statement, not
the outer "For Each".

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

Domain Name: NOSPAM.NET

Registrant [1418766]:
Brendhan, Hight dnsadmin (at) mdnhinc (dot) com
Mdnh Inc
4425 W Spring Mountain Rd
Suite 210
Las Vegas NV
89102 United States

Do you have the owners permission to use a subdomain of nospam.net?

> You neglect to abort when you find the computer name already in the list.
> You could use:
>
> arrNames = Split(strWorkstations, ",")
> For k = 0 To UBound(arrNames)
> If (LCase(strComputer) = LCase(arrNames(k))) Then

An alternative solution which avoids both splitting and then
looping/searching through the array:

If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer & ",")) > 0) Then

Stefan

"Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
news:eBDhe1CQJHA.1168@xxxxxx

> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:
>
> Domain Name: NOSPAM.NET
>
> Registrant [1418766]:
> Brendhan, Hight dnsadmin (at) mdnhinc (dot) com
> Mdnh Inc
> 4425 W Spring Mountain Rd
> Suite 210
> Las Vegas NV
> 89102 United States
>
> Do you have the owners permission to use a subdomain of nospam.net?

No. When I started using it years ago it was suggested by "experts".

>

>> You neglect to abort when you find the computer name already in the list.
>> You could use:
>>
>> arrNames = Split(strWorkstations, ",")
>> For k = 0 To UBound(arrNames)
>> If (LCase(strComputer) = LCase(arrNames(k))) Then

>
> An alternative solution which avoids both splitting and then
> looping/searching through the array:
>
> If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer &
> ",")) > 0) Then
>
> Stefan

I thought of that, but decided against it because there could be a partial
match. For example, if strComputer is "Computer1" it could match with
"Computer11" and Computer12", etc. Your idea of appending commas doesn't
work if the computer is either the first or last in the list. Even though it
seems like more work, I decided the loop is more reliable.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

>
> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
> news:eBDhe1CQJHA.1168@xxxxxx

>> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

>> Do you have the owners permission to use a subdomain of nospam.net?

>
> No. When I started using it years ago it was suggested by "experts".

Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
is appropriate IF permitted by the resp. newsmaster. Any other
"mangling" will lead to backscatter to uninvolved third parties.
Dont lay off your spam problem to others.
And don't forget to provide a VALID "Reply-To:".

>> If (InStr(LCase("," & strWorkstations & ","), LCase("," & strComputer &
>> ",")) > 0) Then

> I thought of that, but decided against it because there could be a partial
> match.

No! Both the comma-separated list of workstation names and the single
computer name are enclosed in commas. This guarantees a complete match
only.

Stefan

"Al Dunbar" <alandrub@xxxxxx> wrote:

>
> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
> news:OC10HoNQJHA.4256@xxxxxx

>> Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
>> is appropriate IF permitted by the resp. newsmaster. Any other
>> "mangling" will lead to backscatter to uninvolved third parties.
>> Dont lay off your spam problem to others.
>> And don't forget to provide a VALID "Reply-To:".

>
> For the benefit of most of us, could you indicate where these regulations
> are documented and explained?

<http://www.ietf.org/rfc/rfc822.txt> especially with

| 6.2. SEMANTICS
|
| A mailbox receives mail. [...]

<http://www.ietf.org/rfc/rfc1036.txt>

<http://www.ietf.org/rfc/rfc1855.txt>


The benefit of using your correct mailbox address is that even Joe
Average can reply to any message by simply hitting the [Reply] button.
Programs and machines (and even smart people.-) are quite dumb in
guessing where to send a message to if the address is syntactically
correct but semantically wrong.


Stefan

"Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
news:OC10HoNQJHA.4256@xxxxxx

> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

>>
>> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
>> news:eBDhe1CQJHA.1168@xxxxxx

>>> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote:

>

>>> Do you have the owners permission to use a subdomain of nospam.net?

>>
>> No. When I started using it years ago it was suggested by "experts".

>
> Nowadays (and years ago too) <mailbox@xxxxxx> or <mailbox@*.invalid>
> is appropriate IF permitted by the resp. newsmaster. Any other
> "mangling" will lead to backscatter to uninvolved third parties.
> Dont lay off your spam problem to others.
> And don't forget to provide a VALID "Reply-To:".

For the benefit of most of us, could you indicate where these regulations
are documented and explained?

/Al