Checking group privileges from VBS 1

[kajaeger]

I need to verify what members a user is part of before
continuing a vbs script. SO, I found the ifmember.exe microsoft utility can do this.....
I am trying to parse the output of the IFMEMBER.EXE microsoft utility to a text file. I can get it to run when I do it manually from an open command window. However, I cannot get it to work from vbs. Any ideas.
Here is the code:
ifmember /list >>c:\temp\usergrouplist.txt

Here is an exceprt from my vbs where I am attempting to run it:
strScript = "IFMEMBER /list >>c:\temp\usergrouplist.txt"
set wshShell = Wscript.CreateObject("WScript.Shell&quot
intReturn=wshShell.Run(strscript,1,TRUE)

Thanks!

 

[Meldric]

Why not use a LDAP query from vbs instead of the external ifmember?

If you are interested I can post some code.

Roger

 

[kajaeger]

i didn't know there was another way....Yes, I am interested. I am just looking for any way to do it from vbs. Thanks so much for the help.

 

[tsuji]

Hello, kajaeger.

All you need to make the line work is to :

[1] supply it with the cmd environment;
and
[2] make sure ifmember.exe is within reach of your path setting, otherwise supply it with the appropriate path.

Suppose ifmember is within reach of the path setting, the line should read like :

strScript = "%comspec% /c IFMEMBER /list >>c:\temp\usergrouplist.txt"

regards - tsuji

 

[Meldric]

Here you go this should do what you want:

'Below code is for win95/98 machines because while the user 
'logs in the username returns NULL.  This waits until the 
'user is fully logged in and gets the username.  Taken from
'another script by Jerry Leese
Dim UserName
Username = ""

While UserName = ""
     on error resume next
     Set WSHNetwork = CreateObject("WScript.Network")
     on error resume next
     UserName = UCASE(WSHNetwork.UserName)
     on error resume next
     Set WSHNetwork = Nothing
WEnd
'end borrowed code

Dim oGroupObj,Group

on error resume next
'Initialize the active directory group object.  You would
'replace all pertinent information with your domains
set oGroupObj = GetObject("LDAP://OU=Global,OU=Users,DC=YOURDOMAIN,DC=COM")

'if script could not contact domain exit
if err.number > 0 then
   msgbox "Domain could not be contacted"
   wscript.quit(1)
end if

'cycle through the groups one by one
for each oGroup in oGroupObj
  Group = UCASE(oGroup.Name)
  Group = Right(Group,Len(Group) - 3)

  'do a if statement for what group you are looking for
  'you can do more than one if and if you have a lot you could create a sub for the mapping part
  if Group = UCASE("Domain Admins") then
     for each oMember in oGroup.Members
        if UCASE(oMember.sAMAccountName) = UserName then
           'do whatever you need to here if the user is the member of the group
           'for purposes of example I map a drive here
           Set WSHNetwork = WScript.CreateObject("WSCript.Network")
           WSHNetwork.MapNetworkDrive "T:","\\PDC\Apps"
           set WSHNetwork = Nothing
        end if
     Next
  End If
Next

set OGroupObj = nothing
wscript.quit(0)

This I hope is what you are looking for. It works on all ADSI enabled domains.

Ideas for this script have been taken from a lot of places since I learned my scripting mostly from reading other peoples scripts. I believe in giving credit where credit is do, but unfortunetely I cannot find the logon script that I learned this from.

Hope it helps. If anything needs to be explained let me know.

Roger