Guy's Scripting Ezine 115 - Groups and MapNetworkDrive

Guy recommends this:
Free - WMI Monitor

---

Guy's Top 10 Free Tools

1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) Engineer's Toolset
9) Exchange Monitor
10) WinDiff

Guy's Scripting Ezine 115 - Groups and MapNetworkDrive

• This Week's Secret
• This Week's Mission to Map a network drive based on Group Membership
• Stage one - Script to test Group Membership
• Stage two - Actually map the network drive
• Summary Group Membership

This Week's Secret

When I revisited my old Ezines e.g. number 24, it was obvious that they needed polishing.  On reflection some of my early scripts seem a little thin, over time I noticed a gradual improvement in the explanations and learning points.  The upshot is that this week I am going to have another look at group membership and its Const statement.

The whole education process, both for you and for me, reminds me of the spiral nature of learning.  Before a concept sinks in we have to go around a topic again and again, hopefully, after each circuit we go up a level and the circuit gets broader as a result of the extra information.  At first I thought I was a slow learner because I had to repeat tasks before I absorbed them.  Now I realize this spiral approach is normal and it's only a very few geniuses, who need to be told only once before they grasp the point.

If you are looking for handy network utilities, try some of the free downloads at Tools4Ever

Mission to Map a network drive based on Group Membership

Here are two VBScripts which will show you how to map a network drive based on group membership.  These are advanced scripts drawing upon multiple VBScript methods and because there are so many elements involved, I recommend that you double check the pre-requisites.  In particular, check the names of your groups and the values for the UNC paths referenced by the scripts. 

Scripting for groups is one of my bugbears.  With most LDAP attributes there is only a single value, for example, givenName = Guy.  However, because the group object can have many members, the group object must support multiple values.  When dealing with groups, the key LDAP attribute is MemberOf.

Here is the full list of methods that feature in this week's scripts:
MemberOf, Const, MapNetworkDrive, InStr.  Also, ADSystemInfo, LCase and If...  Then .. Else.

The scenario

Let us imagine that you want to map network drives based on group membership.  Specifically, a group called Managers has their data stored on a different server from a group called Dentists.

We are going to create this script in two stages.  Stage one merely checks the group membership of the user who is logged on.  Stage two will actually map to different network shares depending on the group membership of the logged-on user.

Pre-Requisites

You need an Active Directory domain for this VBscript.  Either Windows Server 2003 or Windows 2000.

To get the script to work as designed, pay close attention to the group membership.  Please create Global Groups called Dentists and Managers, or better still, amend the script to reflect your Active Directory groups.  The second script is designed to use two UNC paths, therefore please check and amend this portion of the script.

Instructions

1. Important:  Make sure that the person who tests the script is in a group called Managers, or Dentists.  Alternatively, alter Dentists on line 11, to a group that you ARE a memberOf.
2. Optional: Edit the ' commented out lines.  Remember in the scenario, you want the script to map the network drive.  So edit that line to reflect a UNC share on your network.
3. Copy and paste the script below into notepad or get a script editor such as OnScript.
4. Save the file with .vbs extension e.g. GroupMapEcho.vbs
5. Double click and observe the message box.

Stage one - Script to test Group Membership

Learning Points

Note 1: Constants.  This week I have introduced CONST to hold the group information.  Did you edit Dentists, or to be precise dentists?  "cn=dentists" is case sensitive, hence lcase(Dentists_Group)).

Note 2: AdSystemInfo is a good method of extracting the information from Active Directory.

Note 3: InStr.  This means: in the string value.  InStr is useful for checking if a named value is contained in a much longer string.

Note 4: If.... ElseIf.  Check my 'If' statement.  Modify the clauses to suit groups on your network.  For example, if your group is called Human Resources and not Dentists, then amend the script accordingly.

Note 5:  When you are happy with the WScript.Echo message, why not remove the comment ' objNetwork and get the MapNetworkDrive method working.  Remember to uncomment the ' & objNetwork like as well.  Here is more help on MapNetworkDrive.

Note 6: I concatenated '& strGroup' to the Administrators group and thus joined the user to the Administrators group.  You may like to add '& strGroup' to the other groups.  As usual, what I want is get you started and give you the confidence to experiment for yourself.

Note 7: See more on MemberOf here

Stage two - Actually map the network drive

The purpose of this script is to actually map a network drive to a local drive letter.  The precise path is dependent on the group to which the logged on user belongs.  For example, if you are an Administrator the script maps to \\ grand \home.  What is more it maps to a sub directory based on the user's name.  If the user is called guyt then this would be:
\\ grand \home \guyt.

If this is not clear then I suggest a refresher on MapNetworkDrive

Pre-requisite

Study the logic of my UNC paths and amend for your network.  For example, it's unlikely that your server is called \\ grand, therefore replace with the value equivalent to:  \\ yourservername.

Learning Points

Note 1:  If you have problems with this script, then double check the names of your groups, also seek out each UNC path and make sure it reflects a server and share on your network.

Note 2:  Each UNC path has appended: _ & objNetwork.UserName.  This means that the network share must have a subfolder named after the logged on user.  If this is not the case, change to plain:
objNetwork.MapNetworkDrive "h:", "\\ alan\home"   Be aware that I have removed the final backslash from \home".  Here is a refresher on MapNetworkDrive

Note 3:  Observe how the LCase function ensures that the group name is in lower case.  It drove me made when the script failed because I typed the names in Proper case.

Summary Logon Scripts and Group Membership

The secret of scripting group membership is planning; which groups, which UNC paths.  Once you have your blueprint, build the script in stages, get each method working, then bolt it all together.

Guy Thomas recommends Computer Training Software. 

Their topics and material are ideal for getting you started with VBScript.  The videos are easy to follow and you can control the pace.  Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

 *