Hey everybody:

Quick question for everyone out there. I'm currently trying to write
my logon scripts for my users. I want to write only one / two
vbscripts and do an IF / ElseIF statement (or a case statement) and
match the user who is logging in up to a security group and that's how
they will get their network drives mapped to them.

I've been able to find examples on how to write these scripts based on
the OU the user is in but I havent found one on how to do it based on
a security group.

If anyone has an example could you pass it over.



Thanks - much appriciated in advance.

Boyle

"RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message
news:5329a57e-7da5-452b-a98e-6555d3380fdc@xxxxxx

> Hey everybody:
>
> Quick question for everyone out there. I'm currently trying to write
> my logon scripts for my users. I want to write only one / two
> vbscripts and do an IF / ElseIF statement (or a case statement) and
> match the user who is logging in up to a security group and that's how
> they will get their network drives mapped to them.
>
> I've been able to find examples on how to write these scripts based on
> the OU the user is in but I havent found one on how to do it based on
> a security group.
>
> If anyone has an example could you pass it over.
>
> Thanks - much appriciated in advance.
>
> Boyle

First a link for example VBScript logon scripts, most of which map drives
(and printers) according to group membership:

http://www.rlmueller.net/freecode2.htm

The examples Logon3.vbs and Logon4.vbs are the most relevant. The method you
use depends on the OS's supported, the number of groups to check, whether
you want to recognize membership in nested groups, and whether you want to
recognize membership in the "primary" group (not likely). Also I have this
link for example VBScript functions to check membership:

http://www.rlmueller.net/freecode1.htm

The last link on this page discusses various other methods seen in the
newsgroups (some recommended by Microsoft) and the flaws or limitations in
these methods (and ways to avoid them).

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

On Aug 16, 1:07*pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:

> "RBoyle" <ryan.j.boyle....@xxxxxx> wrote in message
>
> news:5329a57e-7da5-452b-a98e-6555d3380fdc@xxxxxx
>
>
>
>
>

> > Hey everybody:

>

> > Quick question for everyone out there. *I'm currently trying to write
> > my logon scripts for my users. *I want to write only one / two
> > vbscripts and do an IF / ElseIF statement (or a case statement) and
> > match the user who is logging in up to a security group and that's how
> > they will get their network drives mapped to them.

>

> > I've been able to find examples on how to write these scripts based on
> > the OU the user is in but I havent found one on how to do it based on
> > a security group.

>

> > If anyone has an example could you pass it over.

>

> > Thanks - much appriciated in advance.

>

> > Boyle

>
> First a link for example VBScript logon scripts, most of which map drives
> (and printers) according to group membership:
>
> http://www.rlmueller.net/freecode2.htm
>
> The examples Logon3.vbs and Logon4.vbs are the most relevant. The method you
> use depends on the OS's supported, the number of groups to check, whether
> you want to recognize membership in nested groups, and whether you want to
> recognize membership in the "primary" group (not likely). Also I have this
> link for example VBScript functions to check membership:
>
> http://www.rlmueller.net/freecode1.htm
>
> The last link on this page discusses various other methods seen in the
> newsgroups (some recommended by Microsoft) and the flaws or limitations in
> these methods (and ways to avoid them).
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab -http://www.rlmueller.net
> --- Hide quoted text -
>
> - Show quoted text -

Richard,

Thanks for your quick response:

I'm going to take a look at your site right now -- just to add on to
my previous post:

My Clients are Windows XP clients. They are on a Windows Server 2003
Domain environment -- most of my servers are Windows Server 2003 boxes
(I have a few outstanding Windows 2000 Server boxes in my environment
-- they are on the 03 domain.)

Thanks again.

Ryan

On Aug 16, 1:35*pm, RBoyle <ryan.j.boyle....@xxxxxx> wrote:

> On Aug 16, 1:07*pm, "Richard Mueller [MVP]" <rlmueller-
>
>
>
>
>
> nos...@xxxxxx> wrote:

> > "RBoyle" <ryan.j.boyle....@xxxxxx> wrote in message

>

> >news:5329a57e-7da5-452b-a98e-6555d3380fdc@xxxxxx

>

> > > Hey everybody:

>

> > > Quick question for everyone out there. *I'm currently trying to write
> > > my logon scripts for my users. *I want to write only one / two
> > > vbscripts and do an IF / ElseIF statement (or a case statement) and
> > > match the user who is logging in up to a security group and that's how
> > > they will get their network drives mapped to them.

>

> > > I've been able to find examples on how to write these scripts based on
> > > the OU the user is in but I havent found one on how to do it based on
> > > a security group.

>

> > > If anyone has an example could you pass it over.

>

> > > Thanks - much appriciated in advance.

>

> > > Boyle

>

> > First a link for example VBScript logon scripts, most of which map drives
> > (and printers) according to group membership:

>

> >http://www.rlmueller.net/freecode2.htm

>

> > The examples Logon3.vbs and Logon4.vbs are the most relevant. The method you
> > use depends on the OS's supported, the number of groups to check, whether
> > you want to recognize membership in nested groups, and whether you wantto
> > recognize membership in the "primary" group (not likely). Also I have this
> > link for example VBScript functions to check membership:

>

> >http://www.rlmueller.net/freecode1.htm

>

> > The last link on this page discusses various other methods seen in the
> > newsgroups (some recommended by Microsoft) and the flaws or limitationsin
> > these methods (and ways to avoid them).

>

> > --
> > Richard Mueller
> > MVP Directory Services
> > Hilltop Lab -http://www.rlmueller.net
> > --- Hide quoted text -

>

> > - Show quoted text -

>
> Richard,
>
> Thanks for your quick response:
>
> I'm going to take a look at your site right now -- just to add on to
> my previous post:
>
> My Clients are Windows XP clients. *They are on a Windows Server 2003
> Domain environment -- most of my servers are Windows Server 2003 boxes
> (I have a few outstanding Windows 2000 Server boxes in my environment
> -- they are on the 03 domain.)
>
> Thanks again.
>
> Ryan- Hide quoted text -
>
> - Show quoted text -

Richard,

To add on to my first reply.

My domain name is cph.local

I'm Trying to pull my security groups out of the following OU (we'll
name the first one testGroup) - Security Groups \ File Access Groups

What would the query would look like (just so I can get my variable
assigned similar to how you have the following set up in your
logon4.txt file) -- Set objGroup1 = GetObject("LDAP://
cn=TestGroup,ou=Sales,dc=MyDomain,dc=com")


Thanks - again the help is much appriciated in advance.

Boyle

Richard,

To add on to my first reply.

My domain name is cph.local

I'm Trying to pull my security groups out of the following OU (we'll
name the first one testGroup) - Security Groups \ File Access Groups

What would the query would look like (just so I can get my variable
assigned similar to how you have the following set up in your
logon4.txt file) -- Set objGroup1 = GetObject("LDAP://
cn=TestGroup,ou=Sales,dc=MyDomain,dc=com")


Thanks - again the help is much appriciated in advance.

Boyle
--------------
If your domain is cph.local, and the Common Name of the group is
"TestGroup", and it resides in an ou called "ou=File Access Groups", which
in turn resides in "ou=Security Groups" (which is at the root of the
domain), then you would bind with:

Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access
groups,ou=Security Groups,dc=cph,dc=local")

The binding string (the string in quotes above) can be difficult to
determine if you are not used to the syntax. It reflects the hierarchy of
your AD domain. You can use ADSI Edit to browse objects in AD and view the
value of the distinguishedName attribute. Or, in ADUC, look at the "Fully
qualified domain name of the object" on the "Object" tab. This lists the
components in reverse order. For example, if the "Fully qualified domain
name" is:

cph.local/Security Groups/File Access Groups/TestGroup

then your binding string will match my example above. The only thing is you
cannot tell if the components are ou, dc, or cn from the fully qualified
name.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

On Aug 16, 3:18*pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:

> Richard,
>
> To add on to my first reply.
>
> My domain name is cph.local
>
> I'm Trying to pull my security groups out of the following OU (we'll
> name the first one testGroup) - Security Groups \ File Access Groups
>
> What would the query would look like (just so I can get my variable
> assigned similar to how you have the following set up in your
> logon4.txt file) *-- Set objGroup1 = GetObject("LDAP://
> cn=TestGroup,ou=Sales,dc=MyDomain,dc=com")
>
> Thanks - again the help is much appriciated in advance.
>
> Boyle
> --------------
> If your domain is cph.local, and the Common Name of the group is
> "TestGroup", and it resides in an ou called "ou=File Access Groups", which
> in turn resides in "ou=Security Groups" (which is at the root of the
> domain), then you would bind with:
>
> Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access
> groups,ou=Security Groups,dc=cph,dc=local")
>
> The binding string (the string in quotes above) can be difficult to
> determine if you are not used to the syntax. It reflects the hierarchy of
> your AD domain. You can use ADSI Edit to browse objects in AD and view the
> value of the distinguishedName attribute. Or, in ADUC, look at the "Fully
> qualified domain name of the object" on the "Object" tab. This lists the
> components in reverse order. For example, if the "Fully qualified domain
> name" is:
>
> cph.local/Security Groups/File Access Groups/TestGroup
>
> then your binding string will match my example above. The only thing is you
> cannot tell if the components are ou, dc, or cn from the fully qualified
> name.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab -http://www.rlmueller.net
> --

Richard,

Thanks again for the quick response ---

Here is what my logon script currently looks like:

Const ENGINEERING_GROUP = "cn=engineering"
Const FINANCE_GROUP = "cn=finance"
Const HUMAN_RESOURCES_GROUP = "cn=human resources"
Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)"


Set wshNetwork = CreateObject("WScript.Network")
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)

Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File
Access Groups,ou=Security Groups,dc=cph,dc=local")


strGroups = LCase(Join(CurrentUser.MemberOf))

If InStr(objGroup1) Then

wshNetwork.RemoveNetworkDrive "I:"
wshNetwork.RemoveNetworkDrive "Z:"
wshNetwork.RemoveNetworkDrive "K:"

wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\"
wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\"
wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\"

End If

----------------

When I go to login into a box on my cph.local domain I'm getting the
following error message:

Line 16 / Char 1
Error - Wrong number of arguments or invalid property assignment:
'InStr'
Code - 800A01C2
MS VBScript error.

----

Any ideas on what this error message is comming from and how to fix
it.

Thanks again Richard, the help is much appriciated.

Ryan

"RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message
news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx

> On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller-
> nos...@xxxxxx> wrote:

>> Richard,
>>
>> To add on to my first reply.
>>
>> My domain name is cph.local
>>
>> I'm Trying to pull my security groups out of the following OU (we'll
>> name the first one testGroup) - Security Groups \ File Access Groups
>>
>> What would the query would look like (just so I can get my variable
>> assigned similar to how you have the following set up in your
>> logon4.txt file) -- Set objGroup1 = GetObject("LDAP://
>> cn=TestGroup,ou=Sales,dc=MyDomain,dc=com")
>>
>> Thanks - again the help is much appriciated in advance.
>>
>> Boyle
>> --------------
>> If your domain is cph.local, and the Common Name of the group is
>> "TestGroup", and it resides in an ou called "ou=File Access Groups",
>> which
>> in turn resides in "ou=Security Groups" (which is at the root of the
>> domain), then you would bind with:
>>
>> Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access
>> groups,ou=Security Groups,dc=cph,dc=local")
>>
>> The binding string (the string in quotes above) can be difficult to
>> determine if you are not used to the syntax. It reflects the hierarchy of
>> your AD domain. You can use ADSI Edit to browse objects in AD and view
>> the
>> value of the distinguishedName attribute. Or, in ADUC, look at the "Fully
>> qualified domain name of the object" on the "Object" tab. This lists the
>> components in reverse order. For example, if the "Fully qualified domain
>> name" is:
>>
>> cph.local/Security Groups/File Access Groups/TestGroup
>>
>> then your binding string will match my example above. The only thing is
>> you
>> cannot tell if the components are ou, dc, or cn from the fully qualified
>> name.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab -http://www.rlmueller.net
>> --

>
> Richard,
>
> Thanks again for the quick response ---
>
> Here is what my logon script currently looks like:
>
> Const ENGINEERING_GROUP = "cn=engineering"
> Const FINANCE_GROUP = "cn=finance"
> Const HUMAN_RESOURCES_GROUP = "cn=human resources"
> Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)"
>
>
> Set wshNetwork = CreateObject("WScript.Network")
> Set ADSysInfo = CreateObject("ADSystemInfo")
> Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)
>
> Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File
> Access Groups,ou=Security Groups,dc=cph,dc=local")
>
>
> strGroups = LCase(Join(CurrentUser.MemberOf))
>
> If InStr(objGroup1) Then
>
> wshNetwork.RemoveNetworkDrive "I:"
> wshNetwork.RemoveNetworkDrive "Z:"
> wshNetwork.RemoveNetworkDrive "K:"
>
> wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\"
> wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\"
> wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\"
>
> End If
>
> ----------------
>
> When I go to login into a box on my cph.local domain I'm getting the
> following error message:
>
> Line 16 / Char 1
> Error - Wrong number of arguments or invalid property assignment:
> 'InStr'
> Code - 800A01C2
> MS VBScript error.
>
> ----
>
> Any ideas on what this error message is comming from and how to fix
> it.

instr takes a minimum of two parameters, as you seem to have known when you
created your other post on this subject "Creating logon scripts - the script
will map different sets of drives..."

/Al

> Thanks again Richard, the help is much appriciated.
>
> Ryan
>

"RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message
news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx
On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:

> Richard,
>
> To add on to my first reply.
>
> My domain name is cph.local
>
> I'm Trying to pull my security groups out of the following OU (we'll
> name the first one testGroup) - Security Groups \ File Access Groups
>
> What would the query would look like (just so I can get my variable
> assigned similar to how you have the following set up in your
> logon4.txt file) -- Set objGroup1 = GetObject("LDAP://
> cn=TestGroup,ou=Sales,dc=MyDomain,dc=com")
>
> Thanks - again the help is much appriciated in advance.
>
> Boyle
> --------------
> If your domain is cph.local, and the Common Name of the group is
> "TestGroup", and it resides in an ou called "ou=File Access Groups", which
> in turn resides in "ou=Security Groups" (which is at the root of the
> domain), then you would bind with:
>
> Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access
> groups,ou=Security Groups,dc=cph,dc=local")
>
> The binding string (the string in quotes above) can be difficult to
> determine if you are not used to the syntax. It reflects the hierarchy of
> your AD domain. You can use ADSI Edit to browse objects in AD and view the
> value of the distinguishedName attribute. Or, in ADUC, look at the "Fully
> qualified domain name of the object" on the "Object" tab. This lists the
> components in reverse order. For example, if the "Fully qualified domain
> name" is:
>
> cph.local/Security Groups/File Access Groups/TestGroup
>
> then your binding string will match my example above. The only thing is
> you
> cannot tell if the components are ou, dc, or cn from the fully qualified
> name.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab -http://www.rlmueller.net
> --

Richard,

Thanks again for the quick response ---

Here is what my logon script currently looks like:

Const ENGINEERING_GROUP = "cn=engineering"
Const FINANCE_GROUP = "cn=finance"
Const HUMAN_RESOURCES_GROUP = "cn=human resources"
Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)"


Set wshNetwork = CreateObject("WScript.Network")
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)

Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File
Access Groups,ou=Security Groups,dc=cph,dc=local")


strGroups = LCase(Join(CurrentUser.MemberOf))

If InStr(objGroup1) Then

wshNetwork.RemoveNetworkDrive "I:"
wshNetwork.RemoveNetworkDrive "Z:"
wshNetwork.RemoveNetworkDrive "K:"

wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\"
wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\"
wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\"

End If

----------------

When I go to login into a box on my cph.local domain I'm getting the
following error message:

Line 16 / Char 1
Error - Wrong number of arguments or invalid property assignment:
'InStr'
Code - 800A01C2
MS VBScript error.

----

Any ideas on what this error message is comming from and how to fix
it.

Thanks again Richard, the help is much appriciated.

Ryan
-----------------------------------------------
I'm just guessing (and I hate counting lines), but I think this is the line
in question:
If InStr(objGroup1) Then

My reading of the scripting help file script56.chm shows this as the syntax
for the InStr function:
InStr([start, ]string1, string2[, compare])
Maybe you are not providing enough arguments to the function.

It is often useful to paste the exact contents of the error message into
your post. It is easy to copy. Just make the error message window the
active window, press Control-C, and then paste the result into Notepad.
Select the meaningful part from Notepad and copy it to your post. And then
copy the line mentioned in the error message too. Then it is very easy for
the volunteers in the newsgroup to understand exactly where and what the
error is.

-Paul Randall

"RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message
news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx
On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:

> Richard,
>
> To add on to my first reply.
>
> My domain name is cph.local
>
> I'm Trying to pull my security groups out of the following OU (we'll
> name the first one testGroup) - Security Groups \ File Access Groups
>
> What would the query would look like (just so I can get my variable
> assigned similar to how you have the following set up in your
> logon4.txt file) -- Set objGroup1 = GetObject("LDAP://
> cn=TestGroup,ou=Sales,dc=MyDomain,dc=com")
>
> Thanks - again the help is much appriciated in advance.
>
> Boyle
> --------------
> If your domain is cph.local, and the Common Name of the group is
> "TestGroup", and it resides in an ou called "ou=File Access Groups", which
> in turn resides in "ou=Security Groups" (which is at the root of the
> domain), then you would bind with:
>
> Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access
> groups,ou=Security Groups,dc=cph,dc=local")
>
> The binding string (the string in quotes above) can be difficult to
> determine if you are not used to the syntax. It reflects the hierarchy of
> your AD domain. You can use ADSI Edit to browse objects in AD and view the
> value of the distinguishedName attribute. Or, in ADUC, look at the "Fully
> qualified domain name of the object" on the "Object" tab. This lists the
> components in reverse order. For example, if the "Fully qualified domain
> name" is:
>
> cph.local/Security Groups/File Access Groups/TestGroup
>
> then your binding string will match my example above. The only thing is
> you
> cannot tell if the components are ou, dc, or cn from the fully qualified
> name.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab -http://www.rlmueller.net
> --

Richard,

Thanks again for the quick response ---

Here is what my logon script currently looks like:

Const ENGINEERING_GROUP = "cn=engineering"
Const FINANCE_GROUP = "cn=finance"
Const HUMAN_RESOURCES_GROUP = "cn=human resources"
Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)"


Set wshNetwork = CreateObject("WScript.Network")
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)

Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File
Access Groups,ou=Security Groups,dc=cph,dc=local")


strGroups = LCase(Join(CurrentUser.MemberOf))

If InStr(objGroup1) Then

wshNetwork.RemoveNetworkDrive "I:"
wshNetwork.RemoveNetworkDrive "Z:"
wshNetwork.RemoveNetworkDrive "K:"

wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\"
wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\"
wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\"

End If

----------------

When I go to login into a box on my cph.local domain I'm getting the
following error message:

Line 16 / Char 1
Error - Wrong number of arguments or invalid property assignment:
'InStr'
Code - 800A01C2
MS VBScript error.

----

Any ideas on what this error message is comming from and how to fix
it.

Thanks again Richard, the help is much appriciated.

Ryan
-----------
You pass the object reference objGroup1 to the InStr function, which will
raise an error. You probably need something like:

If (InStr(strGroups, ENGINEERING_GROUP) > 0) Then

Using this technique, there is no need to bind to the group objects, since
you are comparing to the Common Names of the groups, using the constants you
defined. Unless you use the group object reference, don't bind since it
slows down the script.

There is one gotcha you need to look out for. The Join function will raise
an error unless the memberOf attribute of the user has at least two values.
It may have one or even no values. In place of:

strGroups = LCase(Join(CurrentUser.MemberOf))

I would use
=======
On Error Resume Next
arrGroups = CurrentUser.GetEx("memberOf")
If (Err.Number <> 0) Then
On Error GoTo 0
strGroups = ""
Else
On Error GoTo 0
strGroups = LCase(Join(arrGroups)
End If
=======
This is one of those commonly used methods (I think even suggested by
Microsoft), which is flawed. The GetEx method improves on the situation,
because it only raises an error if there are no groups. If there is one
group, it retrieves the attribute as an array with one value. You still must
trap the error if there are no groups. I explain this, and other issues, in
this link:

http://www.rlmueller.net/MemberOf.htm

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

On Aug 16, 4:35*pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:

> "RBoyle" <ryan.j.boyle....@xxxxxx> wrote in message
>
> news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx
> On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller-
>
>
>
>
>
> nos...@xxxxxx> wrote:

> > Richard,

>

> > To add on to my first reply.

>

> > My domain name is cph.local

>

> > I'm Trying to pull my security groups out of the following OU (we'll
> > name the first one testGroup) - Security Groups \ File Access Groups

>

> > What would the query would look like (just so I can get my variable
> > assigned similar to how you have the following set up in your
> > logon4.txt file) -- Set objGroup1 = GetObject("LDAP://
> > cn=TestGroup,ou=Sales,dc=MyDomain,dc=com")

>

> > Thanks - again the help is much appriciated in advance.

>

> > Boyle
> > --------------
> > If your domain is cph.local, and the Common Name of the group is
> > "TestGroup", and it resides in an ou called "ou=File Access Groups", which
> > in turn resides in "ou=Security Groups" (which is at the root of the
> > domain), then you would bind with:

>

> > Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access
> > groups,ou=Security Groups,dc=cph,dc=local")

>

> > The binding string (the string in quotes above) can be difficult to
> > determine if you are not used to the syntax. It reflects the hierarchy of
> > your AD domain. You can use ADSI Edit to browse objects in AD and view the
> > value of the distinguishedName attribute. Or, in ADUC, look at the "Fully
> > qualified domain name of the object" on the "Object" tab. This lists the
> > components in reverse order. For example, if the "Fully qualified domain
> > name" is:

>

> > cph.local/Security Groups/File Access Groups/TestGroup

>

> > then your binding string will match my example above. The only thing is
> > you
> > cannot tell if the components are ou, dc, or cn from the fully qualified
> > name.

>

> > --
> > Richard Mueller
> > MVP Directory Services
> > Hilltop Lab -http://www.rlmueller.net
> > --

>
> Richard,
>
> Thanks again for the quick response ---
>
> Here is what my logon script currently looks like:
>
> Const ENGINEERING_GROUP * * = "cn=engineering"
> Const FINANCE_GROUP * * * * = "cn=finance"
> Const HUMAN_RESOURCES_GROUP = "cn=human resources"
> Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)"
>
> Set wshNetwork = CreateObject("WScript.Network")
> Set ADSysInfo = CreateObject("ADSystemInfo")
> Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)
>
> Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File
> Access Groups,ou=Security Groups,dc=cph,dc=local")
>
> strGroups = LCase(Join(CurrentUser.MemberOf))
>
> If InStr(objGroup1) Then
>
> * * wshNetwork.RemoveNetworkDrive "I:"
> * * wshNetwork.RemoveNetworkDrive "Z:"
> * * wshNetwork.RemoveNetworkDrive "K:"
>
> * * wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\"
> * * wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\"
> * * wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\"
>
> End If
>
> ----------------
>
> When I go to login into a box on my cph.local domain I'm getting the
> following error message:
>
> Line 16 / Char 1
> Error - Wrong number of arguments or invalid property assignment:
> 'InStr'
> Code - 800A01C2
> MS VBScript error.
>
> ----
>
> Any ideas on what this error message is comming from and how to fix
> it.
>
> Thanks again Richard, the help is much appriciated.
>
> Ryan
> -----------
> You pass the object reference objGroup1 to the InStr function, which will
> raise an error. You probably need something like:
>
> If (InStr(strGroups, ENGINEERING_GROUP) > 0) Then
>
> Using this technique, there is no need to bind to the group objects, since
> you are comparing to the Common Names of the groups, using the constants you
> defined. Unless you use the group object reference, don't bind since it
> slows down the script.
>
> There is one gotcha you need to look out for. The Join function will raise
> an error unless the memberOf attribute of the user has at least two values.
> It may have one or even no values. In place of:
>
> strGroups = LCase(Join(CurrentUser.MemberOf))
>
> I would use
> =======
> On Error Resume Next
> arrGroups = CurrentUser.GetEx("memberOf")
> If (Err.Number <> 0) Then
> * * On Error GoTo 0
> * * strGroups = ""
> Else
> * * On Error GoTo 0
> * * strGroups = LCase(Join(arrGroups)
> End If
> =======
> This is one of those commonly used methods (I think even suggested by
> Microsoft), which is flawed. The GetEx method improves on the situation,
> because it only raises an error if there are no groups. If there is one
> group, it retrieves the attribute as an array with one value. You still must
> trap the error if there are no groups. I explain this, and other issues, in
> this link:
>
> http://www.rlmueller.net/MemberOf.htm
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab -http://www.rlmueller.net
> --- Hide quoted text -
>
> - Show quoted text -

Richard, thanks again.

Just so i make sure I'm understanding you clearly -- below is what I
just changed my script to -- please verify if this is the correct:

Const ENGINEERING_GROUP = "cn=engineering"
Const FINANCE_GROUP = "cn=finance"
Const HUMAN_RESOURCES_GROUP = "cn=human resources"
Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)"


Set wshNetwork = CreateObject("WScript.Network")
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)

Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File
Access Groups,ou=Security Groups,dc=cph,dc=local")


' Replace the following statement -- strGroups = LCase(Join
(CurrentUser.MemberOf))



arrGroups = CurrentUser.GetEx("memberOf")
If (Err.Number <> 0) Then
On Error GoTo 0
strGroups = ""
Else
On Error GoTo 0
strGroups = LCase(Join(arrGroups)
End If

If InStr(strGroups, objGroup1) Then

wshNetwork.RemoveNetworkDrive "I:"
wshNetwork.RemoveNetworkDrive "Z:"
wshNetwork.RemoveNetworkDrive "K:"

wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\"
wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\"
wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\"

End If

----

Thanks again - much appriciated.

Ryan