Guy’s Scripting Ezine 24 – Groups

Contents for Guy’s Scripting Ezine 24 – Scripting Groups

Note: This page has been superseded by this Group Membership VBScript.

• This Week’s Secret
• Multiple Logon Problem
• Scripting for Groups
• Guy’s Out Takes
• See more on MemberOf here

See Also Creating Groups: Ezine 38 and 37

This Week’s Secret – Guy runs an advice service

Readers email me with their problems and I do my best to solve them.  If I can answer the question quickly then I do it for free, if the requestor needs an hour of my time then I charge $25.

As you can imagine I get a wide variety of scripts, from all sorts of people.  You may be interested to know that my score to date is:  ‘Mr Sensible’ 250, ‘Nutters’ 3. 
Friends who run similar services say they get a higher proportion of nutty letters.  So well done you Mr Sensible!

Guy Recommends:  SolarWinds’ Free Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)

Multiple Logon Problem

Can you help?  This week I had a thorny problem from a reader who wants to limit users to one workstation.  What they want for that user to be denied logon at the second workstation.

So far I have come up with a third party program called UserLock, but that costs an arm and a leg.  We are also experimenting with a Resource Kit program called Cconnect.exe.  (Any experience of CConnect?)

I have been experimenting with a cunning strategy to exploit the share connection limit.  The idea is that the user logs on and connects to a special network share, special because it restricts a user to one share user.  So when they logon as the second workstation, the operating system kicks them off because their logon script tries to map a second share to the same drive.  The trouble with this solution is that it does not scale.  For the connection limit to work, you have to create a separate share for each user.

If you have an idea then do email me.

Scripting for Groups

This is my week for thorny problems.  Scripting for groups is one of my bugbears.  With most attributes there is only one value, for example givenName = Guy.  However groups support multiple values.  When dealing with groups, the key LDAP attribute is MemberOf.

The scenario: You want to map network drives based on group membership.  Let us imagine that Managers have their data stored on a different server from Dentists.

Instructions

1. Pre-requisites.  You need either a Windows 2000 or Server 2003 domain controller for this script to work.
2. Important:  Make sure that the person testing the script is in a group called Managers, or Dentists.  Alternatively alter dentists on line 10, to a group that you ARE a member of.
3. Optional: Edit the ‘ commented out lines.  Remember in the scenario, you want the script to map the network drive.  So edit that line to reflect a UNC share on your network.  See more here how to map a network drive. MapNetworkDrive
4. Copy and paste the script below into notepad.
5. Save the file with .vbs extension e.g. GroupMap.vbs
6. Double click and observe the message box

Learning Points

Note 1: Constants.  This week I have introduced CONST to hold the group information.  Did you edit Dentists, or to be precise dentists?

Note 2: AdSystemInfo.  Here is a new method of extracting the information from Active Directory.

Note 3: InStr.  This means: in the string value.

Note 4: If…. ElseIf.  I have always liked the ‘If’ statement, so versatile, so easy, ‘If’ never lets me down.

Note 5: If you are happy with .Echo message, why not remove the comment ‘ objNetwork and get the MapNetworkDrive method working.  Remember to uncomment the ‘ & objNetwork like as well.  Here is more help onMapNetworkDrive.

Note 6: I concatenated ‘& strGroup’ to the Administrators group, you may like to add & strGroup to the other groups.  As ever what I want to do is get you started and give you the confidence to experiment for yourself.

Note 7: See more on MemberOf here

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM) v11.5

SolarWinds’ Orion performance monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Guy’s Out Takes

While this script will run after a fashion, my challenges are:

1)  Why doesn’t the script echo the USERS message box?  Surely who ever is running this script is member of the Users group? 

2)  Why isn’t my second message box working?   Wscript.Echo "Finished Testing for Groups ", has no effect.  Why not?

Out Takes – Answers

• LCase(Join(CurrentUser.MemberOf) means lower case.  So Users Administrators and Dentists are wrong.  Should be users, administrators, and dentists.
• Silly Guy putting the WScript.Echo AFTER the WSCript.Quit.  Who is going to see that message box.  Mr Nobody!

See More Active Directory Group VBScripts

• PowerShell Tasks  • Add Users to Groups  • Create Users  • Free CSV Importer

• Ezine 24 Groups  • Ezine 37 Groups  • Ezine 38 Groups  • VM to Cloud  • Ezines

• Ezine 57 Groups  •Ezine 58 Groups  • Ezine 73 primaryID  • Ezine 112 Local Groups