Dirve Mapping by Group Membership in Native Mode AD

[Celestil]

Hello:

There are numerous scripts on the web dealing with dive mapping by using group membership but they all deal with mixed mode domains.

I have a native-mode AD domain and I was wondering if someone has a script which performed the proper LDAP queries to be able to do this.

Even some of the scripts I found that I belived had this information did not seem to provide the complete script or though testing was missing a command or object method call.

Any assistance would be greatly appreciated.

 

[TravisM]

The LDAP query would like kind of like

select memberof FROM 'GC://rootDSE' where sAMAccountname='Username'

I would just use kixtart though, personally.

 

[Celestil]

Ok, With some assistance from some co-workers I got it worked out and I would like to provide the code here for anyone else. I work in an enterprise enviroment so I cannot add kixart or nay other utility to any of my servers. This is not the cleanest code but it is the safest and simplest. I am hardcoding the LDAP strings but for what I need I do not require an especially complex script.

To get the proper LDAP fully qualified name for your domain install the Windows 2000 Support Tools and use ADSIEdit to drill down to the container where the users/groups are located. Perform a right mouse click and choose "Properties". The LDAP string will be displayed but you do not need the server designation. If you use that you are forcing the script to look at a particular AD server.

'ON ERROR RESUME NEXT
' LOGON SCRIPT TO MAP DRIVES VIA GROUP MEMBERSHIP VIA LDAP

Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
UserString = WSHNetwork.UserName

'Get User Full LDAP Name
Set UserObj = GetObject("LDAP://CN=" & UserString & ",CN=Users,DC=subdom,DC=mydomain,DC=com")

'Synchronizes the time with Server our NTP Server
WSHShell.Run "NET TIME \\<dc_servername> /set /y"


' wscript.sleep 500

'Maps drives needed by all
WSHNetwork.MapNetworkDrive "M:", "\\app_server\APPS1",True
WSHNetwork.MapNetworkDrive "O:", "\\app_server\UserData",True

objMemberOf = UserObj.GetEx("MemberOf")

'Now check for group memberships and map appropriate drives

For Each Group in objMemberOf
Select Case Group
'Check for group memberships and take needed action
Case "CN=Agency1,CN=Users,DC=subdom,DC=mydomain,DC=com"
WSHNetwork.MapNetworkDrive "N:", "\\app_server\Agency1",True
Case "CN=Agency2,CN=Users,DC=subdom,DC=mydomain,DC=com"
WSHNetwork.MapNetworkDrive "N:", "\\app_server\Agency2",True
Case "CN=Agency3,CN=Users,DC=subdom,DC=mydomain,DC=com"
WSHNetwork.MapNetworkDrive "Q:", "\\app_server\d$",True
WSHNetwork.MapNetworkDrive "N:", "\\app_server\Agency1",True

Case Else
' Wscript.echo "cound not find a case for " & Group
End Select

Next

set objMemberOf = nothing
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set WSHSHell = Nothing

wscript.quit

 

[Celestil]

Take note there is no error handling in this script if a share does not exist or a user is not in any of the groups specified in the CASE statement the script will generate an error. You can surpress the errors and have it continue by removing the comment symbol "," from "ON ERROR RESUME NEXT" command

 

[EVilLord]

Here is another way without using a loop to check if a user is a member of a group.

Also I included my map function with an example to check to see if the drive mapped or not plus a option to remove an existing drive mapping before mapping a new drive.

--------------------------------------------

Option Explicit

Const cn_DEPARTMENTS = "OU=groups,DC=mycompany,DC=com"

Dim objNet, objShell, objADSysInfo
Dim strUserName, strDomain, strWorkstation
Dim strNetBIOSDomain
Dim objCurrentUser, strGroups, DriveMappedOK

Set objNet = CreateObject("Wscript.Network")
Set objShell = CreateObject("WScript.Shell")
Set objADSysInfo = CreateObject("ADSystemInfo")
Set objCurrentUser = GetObject("LDAP://" & objADSysInfo.UserName)

strGroups = LCase(Join(objCurrentUser.MemberOf))

strUserName = objNet.UserName
strWorkStation = objNet.ComputerName
strDomain = objNet.UserDomain



' Map Users Home drive
cmd_mapdrive "G:", "\\mycompany.com\dfs\home\" & strUserName, True

' Map Companys application server to I:
' Check to se if drive mapped
DriveMappedOK = cmd_mapdrive ( "I:", "\\mycompany.com\dfs\apps", True )
If DriveMappedOK = False then
wscript.echo "Could not map the applications drive!"
End if

'Map to a drive based on memberof Group
If InStr( lcase(strGroups), lcase("CN=information-systems," & cn_DEPARTMENTS) ) Then
cmd_mapdrive "J:", "\\mycompany.com\dfs\informationsystems", True
ElseIf Instr(strGroups, "CN=administration," & cn_DEPARTMENTS) Then
cmd_mapdrive "J:", "\\mycompany.com\dfs\administration", True
Else
'Is not a member of any of the listed
End If


set objNet = nothing
set objShell = nothing
set objADSysInfo = nothing
set objCurrentUser = nothing


function cmd_mapdrive (strDriveLetter, strUNCPath, ClearCurrentConnection)


Dim CheckDrive, AlreadyConnected, intDrive
Dim Connected

cmd_mapdrive = False

On Error Resume Next

Set CheckDrive = objNet.EnumNetworkDrives()

AlreadyConnected = False
For intDrive = 0 To CheckDrive.Count - 1 Step 2
If CheckDrive.Item(intDrive) = strDriveLetter Then AlreadyConnected = True
Next

If AlreadyConnected = True then
If ClearCurrentConnection = True Then
ObjNet.RemoveNetworkDrive ( strDriveLetter )
objNet.MapNetworkDrive strDriveLetter, strUNCPath
End if
Else
objNet.MapNetworkDrive strDriveLetter, strUNCPath
End If

If AlreadyConnect = False or ClearCurrentConnection = True Then
Connected = False
For intDrive = 0 To CheckDrive.Count - 1 Step 2
If CheckDrive.Item(intDrive) = strDriveLetter Then Connected = True
Next

If Connected = True Then
cmd_mapdrive = True
Else
cmd_mapdrive = False
End if
End If

On Error goto 0

set CheckDrive = nothing

End Function

WSCript.Quit