Group Policy issues 1

[122moz95]

i have a network with user accounts that are already created and each of the accounts is joined to their respective groups.
i want to know if it is possible to create a group policy template or object that when assigned to a particular OU will automatically place the user accounts into the respective groups designated by the GPO and also map their home directories to a shared folder on the server.
(in here i am not implying batch scripting of user accounts, because that is still tedious. i am hoping that if it is possible to do it in group policy then it is much easier).
thanx

 

[markdmac]

Yes, this could be done.

Basic process is to grab the current user ID and bind to it.

Bind to a group and add members. Mapping drives is the same as any other login script. Refer to my FAQ on the subject.

I hope you find this post helpful.

Regards,

Mark

 

[markdmac]

Sorry forgot to include the FAQ link. faq329-5798

I hope you find this post helpful.

Regards,

Mark

 

[122moz95]

Hi Mark,

thanx for the assist i wanted to know whether it is possible to do all on a GPO without scripts. just asking
whether it is possible.
probably something in line of custom administrative templates, if so give me the details.
thanx

 

[122moz95]

sorry mark,

so how does that script actually work.
i can see it binds to the userID, after that what line of code binds that user account to a group lets say "marketing".
you see what i want to accomplish is having my different OUs e.g "sales" composed of user accounts and having a GPO that will place those user accounts in that OU to the "sales" group.
forgive me for am quite a novice in GPOs,
regards,
Picho

 

[markdmac]

OK, guess piecing that together is beyond your current skills. Here is the basic code you need.

From the login script you already have binded to the user object using:
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

So all you need is the full LDAP Path of the group you want the user to join.

' Add (str)User to (str)Group
Set objGroup = GetObject("LDAP://CN=mygroup,OU=myou,DC=mycompany,DC=local")
objGroup.add(UserObj.ADsPath)

I hope you find this post helpful.

Regards,

Mark

 

[122moz95]

hi mark,
can i apply the same script to a Windows 2003 server domain controller, or the syntax would have to change,

thanks
picho

 

[122moz95]

hi mark,

i have placed the script in the Default Domain Controllers OU and the script doesnt seem to run, below is the script i usedmy domain is "nwtraders.msft", the group in the "Domain controllers" OU is called sales and the user account i want to add into this group is "Administrator"

ON ERROR RESUME NEXT

Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path


Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
'Automatically find the domain name
Set objDomain = getObject("LDAP://rootDse")
DomainString = objDomain.Get("dnsHostName")

'Grab the user name
UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
'Add (str)User to (str)Group
Set objGroup = GetObject("LDAP://CN=sales,OU=Domain Controllers,DC=nwtraders,DC=msft")
objGroup.add(UserObj.ADsPath)

'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing
'Quit the Script
wscript.quit

thanks,
picho

 

[markdmac]

The domain controllers container is just for machine accounts of domain controllers. There would be no users logging in at that level. Place the script at the OU where the user object exists.

If the ONLY id you want to do this to is Admin then just add admin to whatever groups you need manually. a script is wasteful for a single user.

I hope you find this post helpful.

Regards,

Mark