Check Group Membership and add user to Universal group

[IVJB]

Hello guys,


I recently deployed group policies to 250 users in my company and even though I'm not good at using VBscript, websites like this helped a great deal accomplishing certain tasks and for that I'm very greatful.
Now that I have completed group policies I need to find a way to prevent not adding new users to the proper security groups that will apply GPOs. Because of the way it was designed I created two groups
-Restricted(all users and it applies to both user and PC)
-Semi_Restricted(all Managers, directors .etc)

If a new user is created and is not added to any of these groups, the user will have acccess to the whole PC. I need help finding a way to run a vbscript where it will check any domain username agains universal group "A" and group "B" and if the user name belongs to any of this group proceed and exit script and if not add user name to another universal group "c"(this group will be attached to a policy I will create, which will close the whole PC and force the user to call IT and then add the proper groups).

I hope you guys can help me with this
Thank you in advance
Regards

Ivan J.B

 

[dm4ever]

This should get you close to what you want:

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb17.mspx

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid

 

[markdmac]

Ivan,

Take a look at my login script FAQ which has a section for checking group memberships. faq329-5798

You would want to do something like this within that section of code:
(note there are a few lines to go ABOVE that section and a function to tack at the end of your script.)

Const ADS_PROPERTY_APPEND = 3 
UserConfigured = False

Select Case UCase(GroupObj.Name)
	Case "CONTROLGROUPA","CONTROLGROUPB"
		UserConfigured = True
End Select
If UserConfigured = False Then
	UserDN = GetDistinguishedName(UserString)
	'Just update the below LDAP path to point to the group the user should be joined to.
	Set objGroup = GetObject _
  	("LDAP://cn=ControlGroupC,cn=Users,dc=thespidersparlor,dc=local") 
 	objGroup.PutEx ADS_PROPERTY_APPEND, "member", _
    Array(UserDN)
 	objGroup.SetInfo
End If
	
Public Function SearchDistinguishedName(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.