Viewing blog post - Greg's Tech blog

Return to blog

GroupCheck.vbs

Posted by gmartin on Thu 27 of March, 2008 22:44 EDT
More on the corporate logon script....

We needed a way to stop the logon script from running if the users hadn't been migrated. We built a vbscript that returned an error code based on their membership in a active directory group. If they are in the group, return 1, 0 if not.

'On Error Resume Next
' GroupCheck - GjM - returns errorlevel 1 if user is member of group, else returns 0
' EX: groupcheck.vbs 
' 
'
option explicit
Dim objADSysInfo, strUser, objGroup, objNetwork, strGroup, objUser, group, bMatched
Dim strGroupToTest, objArgs

set objArgs = wscript.arguments
strGroupToTest = objargs(0)
bMatched = False

'************************
'Make no changes below this point (unless you know why!)
'************************

Set objADSysInfo = CreateObject("ADSystemInfo")
strUser = objADSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)

For Each group in objUser.memberOf
    Set objGroup = GetObject("LDAP://" & group)
    If trim(objGroup.CN) = trim(strGroupToTest) Then 
          bMatched = True
	  'wscript.echo "Group match"
        Exit For
    End If
Next

If bMatched then 
	'wscript.echo "User in group"
	wscript.quit 1
else
	'wscript.echo "User not in group"
	wscript.quit 0
End If


To make use of this, we added this to the logon script:
:: Test to see if we should run this script
cscript /nologo Groupcheck.vbs "MigratedUsers"
if %errorlevel% EQU 0 (
   echo Failed groupcheck, exiting...
   Goto :EOF
)


So if the user is part of a group called MigratedUsers? the script will continue, else it exits.

This could be adopted to run optional parts of the script based on group membershoip. For example, to map a particular drive.

Feel free to borrow this.

\\Greg


Permalink Print Email This Post
Add Comment

Welcome [toggle]