AD User object not acknowledging all memberships 1

[Geates]

A) There is no AD forum that I could find
B) This issue would have most likely been experienced by someone working with AD user objects programmatically.

I have a user that is a member of groups A, B, and C. However, the code I use to pull this information from AD only returns memberships of A and B. Additionally, this code has been run hundreds of thousands of times over the past 5 years as it is part of our login script so I know it's solid.

I hope, for everyone's sake, that no one has experienced this. However, I hope, for my sake, that someone has experienced and resolved this issue

here is the code I run

set objSysinfo = CreateObject("ADSystemInfo")
set objUser = GetObject("LDAP://" & objSysinfo.UserName & "")
for each objGroup in objUser.Groups
   msgbox objGroup.CN
next

Does anyone know why this might happen?

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[MasterRacker]

I ran into similar issues trying to conditionally map drives. I peeled this out of my logon script. Be interesting to see if it behaves the same way.

Set WSHNetwork = CreateObject("WScript.Network")
DomainString = WSHnetwork.UserDomain
UserString = WSHNetwork.UserName
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

For Each GroupObj In UserObj.Groups
	GroupName = UCase(GroupObj.Name)
	msgbox GroupName
Next

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[Geates]

Wow, this code works! Thanks Jeff

This would suggest that the "faulty" group does not contain a CN. Is this possible?

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[MasterRacker]

I don't know. It would almost seem your AD is damaged for that to happen. You could poke around with the Active Directory Explorer and see what you find.

http://technet.microsoft.com/en-us/sysinternals/bb963907

Seems to me your code should still return a null or empty msgbox if you have a group with no CN. It's like the ADSystemInfo object doesn't show it as a group at all.


Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[Geates]

Like I said, the code has been tip-top for several years an hundreds of users. I'm wondering if the issue is only with that one user account - no one else is having the issue (or, at least, not reporting it). What's the difference between pulling an AD user object from the WINNT namespace vs. the LDAP namespace?

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[MasterRacker]

Unfortunately I don't know. Once my code worked, I moved on to something else. (There's always something else...)

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]