Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

logon script that joins domain users in an OU to domain groups 1

Status
Not open for further replies.
solec

solec

IS-IT--Management
Apr 15, 2005
35
0
0
PH
Hi,

I badly need help, do you have a logon script that when a user/s login they will be automatically be added to a certain domain group? I want to implement this in GPO in AD>, user config startup script. please help. Thanks and more power!

Solec
 
Sort by date Sort by votes
based on what criteria? i.e. how do we know which group they should be added to???

Set objUser = GetObject("WinNT://" & WshShell.ExpandEnvStr("%userdomain%") & "/" & WshShell.ExpandEnvironmentStrings("%username%") & ",user")
Set objGroup = GetObject("WinNT://mydomain/mygroup,group")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objUser = Nothing
Ser objGroup = Nothing

please excuse my use of WinNT and WshShell
 
Upvote 0 Downvote
sorry, try and combine these two, i,.e the user stuff and the .Parent, saves you having to worry about a text compare on the ADsPath

Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject(strUserPath)
Wscript.Echo objUser.ADsPath

'@@@@@@@@@@@@@@@@@@@@@@@



'Bind to Active Directory System Information
Set adsinfo = CreateObject("adsysteminfo")

'Bind to the Domain
Set DomainObj = GetObject("LDAP://" & adsinfo.DomainDNSname)

'Bind to the active directory computer object
Set ADCompObj = GetObject("LDAP://" & adsinfo.ComputerName)


'You can determine the OU of the computer you are currently running the script on by using the parent property.
Set ADCompOU = GetObject(AdcompObj.Parent)
 
Upvote 0 Downvote
Hi Mrmovie,

thanks for the reply, but i see in the script a computer OU, what i need is the domain users, inside solec OU, be automatically addedd to the group for ex. hellogroup, when they login?


Thanks

solec
 
Upvote 0 Downvote
hi solec, yes thats right you will need to look at the examples i provided and get something working for yourself...something like this?

Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject(strUserPath)
Wscript.Echo objUser.ADsPath
Set objParent = GetObject(objUser.Parent)
strParent = objParent.ADsPath

Select Case strParent
Case "ou=users,dc=net,dc=com"
strGroup = "usersgroupx"
Case "ou=admins,dc=net,dc=com"
strGroup = "adminsgroupx"
End Select
If strGroup <> "" Then
Set objGroup = GetObject("WinNT://mydomain/mygroup,group")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objUser = Nothing
End If

'as i dont know exactly what you want to achieve and what other factors you are considering then the above might just give you more of a push in the right direction. its the not the best code in the world but i've only been awake 40 mins and coffee is calling :)

 
Upvote 0 Downvote
Hi Mrmovie!

Thanks for your response! 40 minutes awake and u contributed a good script!, the below script is i have so far, but it won't work. I need any new users created in AD or old users when put into the Intuit OU, when they login, a startup script will kick in and they will be joine to a group called smtp restricted. if they are already joined, nothing will happen. Thanks for all the help! Cheers!

Solec


Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject(strUserPath)
Wscript.Echo objUser.ADsPath
Set objParent = GetObject(objUser.Parent)
strParent = objParent.ADsPath

Select Case strParent
Case "OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
strGroup = "usersgroupx"
Case "CN=SMTP Restricted Intuit,OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
strGroup = "adminsgroupx"
End Select
If strGroup <> "" Then
Set objGroup = GetObject("WinNT://corp.suth.com/PHL/MAN/CLK/USERS/INTUIT,SMTP Restricted Intuit")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objUser = Nothing
End If
 
Upvote 0 Downvote
Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objSysInfo = Nothing
Set objUser = GetObject(strUserPath)
Wscript.Echo "userpath=" & objUser.ADsPath
Set objParent = GetObject(objUser.Parent)
strParent = objParent.ADsPath
Wscript.Echo "users ou location = " & strParent
Set objParent = Nothing

Select Case strParent
Case "ou=users,dc=net,dc=com"
strGroup = "usersgroupx"
Case "ou=admins,dc=net,dc=com"
strGroup = "adminsgroupx"
End Select

If strGroup <> "" Then
Set objGroup = GetObject("WinNT://mydomain/mygroup,group")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objGroup = Nothing
End If

Set objUser = Nothing
 
Upvote 0 Downvote
Hi Mrmovie!

Thanks for your response! 40 minutes awake and u contributed a good script!, the below script is i have so far, but it won't work. I need any new users created in AD or old users when put into the Intuit OU, when they login, a startup script will kick in and they will be joine to a group called smtp restricted. if they are already joined, nothing will happen. Thanks for all the help! Cheers!

Solec

Code: 
Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objSysInfo = Nothing
Set objUser = GetObject(strUserPath)
Wscript.Echo "userpath=" & objUser.ADsPath
Set objParent = GetObject(objUser.Parent)
strParent = objParent.ADsPath
Wscript.Echo "users ou location = " & strParent
Set objParent = Nothing

Select Case strParent
   Case "OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
       strGroup = "usersgroupx"
   Case "CN=SMTP Restricted Intuit,OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
       strGroup = "adminsgroupx"
End Select

If strGroup <> "" Then
   Set objGroup = GetObject("WinNT://corp.suth.com/PHL/MAN/CLK/USERS/INTUIT,SMTP Restricted Intuit")
   objGroup.Add(objUser.ADsPath)
   objGroup.SetInfo
   Set objGroup = Nothing
End If
 
Set objUser = Nothing
 
Upvote 0 Downvote
Select Case strParent
Case "OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
strGroup = "usersgroupx"
Case "CN=SMTP Restricted Intuit,OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
strGroup = "adminsgroupx"
End Select

If strGroup <> "" Then
Set objGroup = GetObject("WinNT://corp.suth.com/PHL/MAN/CLK/USERS/INTUIT,SMTP Restricted Intuit")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objGroup = Nothing
End If

Set objUser = Nothing


'change to
If LCase(strParent) <> "OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com" Then
Set objGroup = GetObject("WinNT://NETBIOSDOMAINHERE,SMTP Restricted Intuit")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objGroup = Nothing
End If

Set objUser = Nothing

'you will need to substitue the netbiosdomainname for youve guessed it, you can get this dynamically in vbscript but for now just use the string to get things going.
i have never tried to bind to a group which has white space in the name, personally i would avoid the white space in group names but there you go
'the startup script, is that a machine one? in which case will it know anytying about the user????
 
Upvote 0 Downvote
SORRY WHAT A CHUMP, REPLACE EVERYTHING FROM THE ''Select Case LINE WITH WHATS BELOW...MIGHT HELP

'change to
If LCase(strParent) = LCase"OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com" Then
Set objGroup = GetObject("WinNT://NETBIOSDOMAINHERE,SMTP Restricted Intuit")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objGroup = Nothing
End If

Set objUser = Nothing
 
Upvote 0 Downvote
AAArrrrrrrrrrrrrrrrrrrrrrrrrrGGHH


'change to
If LCase(strParent) = LCase("OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com") Then
Set objGroup = GetObject("WinNT://NETBIOSDOMAINHERE,SMTP Restricted Intuit")
objGroup.Add(objUser.ADsPath)
objGroup.SetInfo
Set objGroup = Nothing
End If

Set objUser = Nothing
 
Upvote 0 Downvote
Hi Mr.Movie!

Thank you for helping me in this script, i hope you won't get tired of supporting til we get to the bottom line of this, it still wont work, it just shows the user path, and ou path when i logon, but when i check the domain account that is inside the OU,it is not joined in the smtp restricted intuit group. Any more idea please?

Thanks

Solec


Code: 
Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objSysInfo = Nothing
Set objUser = GetObject(strUserPath)
Wscript.Echo "userpath=" & objUser.ADsPath
Set objParent = GetObject(objUser.Parent)
strParent = objParent.ADsPath
Wscript.Echo "users ou location = " & strParent
Set objParent = Nothing

If LCase(strParent) = LCase("OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com") Then
   Set objGroup = GetObject("WinNT://corp.suth.com,PHL,MAN,CLK,Users,Intuit,SMTP Restricted Intuit")
   objGroup.Add(objUser.ADsPath)
   objGroup.SetInfo
   Set objGroup = Nothing
End If
 
Set objUser = Nothing
 
Upvote 0 Downvote
[1] You could not add member (objUser.adspath) per LDAP path to a group (objGroup) referenced through WinNT provider.
[2] The path to the group using WinNT provider is problematic. Syntactically its form is guaranteed to be erroneous, in the last post or in the earlier posts.
[3] strParent is an adspath, whereas you compare it with a string of the format of distinguishedName. It won't ever match.

If I gather the posted info here and there, maybe you can simply try this to start with, assuming all those adspath's are all correct and I guess right of or not far from what you have in mind.
[tt]
dim strOU, strGroup, strUserPath, objSysInfo, objUser, objParent, objOU

strOU = "OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
strGroup = "CN=SMTP Restricted" & "," & strOU

Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objSysInfo = Nothing

Set objUser = GetObject(strUserPath)
Set objParent = GetObject(objUser.Parent)
Set objOU=GetObject("LDAP://" & strOU)
If strcomp(objParent.ADsPath,objOU.ADsPath,1)=0 Then
Set objGroup = GetObject("LDAP://" & strGroup)
on error resume next
objGroup.Add objUser.ADsPath
objGroup.SetInfo
on error goto 0
Set objGroup = Nothing
End If

Set objOU = Nothing
Set ObjParent = Nothing
Set objUser = Nothing
[/tt]
 
Upvote 0 Downvote
Amendment
The strGroup should be read like this, missing "intuit".
[tt] strGroup = "CN=SMTP Restricted [red]Intuit[/red]" & "," & strOU[/tt]
 
Upvote 0 Downvote
Not at all, mrmovie, your first reply stands. Only, the message is difficult to get through sometimes.
 
Upvote 0 Downvote
Hi Tsuji and Mrmovie,

Thank you for helping me out on this, however the script still won't work, i put the script as a logon script however, the user is still not added to the smtp restricted intuit group, there are no errors on the script, any idea? the path of the smtp restricted group is
CN=SMTP Restricted Intuit,OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com, any idea? Thanks mucho!

Solec

Code: 
dim strOU, strGroup, strUserPath, objSysInfo, objUser, objParent, objOU

strOU = "OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
strGroup = "CN=SMTP Restricted Intuit" & "," & strOU

Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objSysInfo = Nothing

Set objUser = GetObject(strUserPath)
Set objParent = GetObject(objUser.Parent)
Set objOU=GetObject("LDAP://" & strOU)
If strcomp(objParent.ADsPath,objOU.ADsPath,1)=0 Then
    Set objGroup = GetObject("LDAP://" & strGroup)
    on error resume next
    objGroup.Add objUser.ADsPath
    objGroup.SetInfo
    on error goto 0
    Set objGroup = Nothing
End If

Set objOU = Nothing
Set ObjParent = Nothing
Set objUser = Nothing
 
Upvote 0 Downvote
You can echo out strUserPath for the login user see if it is container in the objOU in question. That is the who point of the exercise.
[tt] wscript.echo strUserPath[/tt]
Also you can echo the grouptype of the group in question see if it is a global group (2) at the place after objGroup is set up.
[tt] wscript.echo objGroup.grouptype[/tt]
 
Upvote 0 Downvote
Hi,

This is the script so far and still wo'nt work, any ideas? sorry to bother u guys...


Solec


Code: 
dim strOU, strGroup, strUserPath, objSysInfo, objUser, objParent, objOU, objGroup

strOU = "OU=Intuit,OU=Users,OU=CLK,OU=MAN,OU=PHL,DC=corp,DC=suth,DC=com"
strGroup = "CN=SMTP Restricted Intuit" & "," & strOU

Set objSysInfo = CreateObject("ADSystemInfo")
strUserPath = "LDAP://" & objSysInfo.UserName
wscript.echo strUserPath
Set objSysInfo = Nothing

Set objUser = GetObject(strUserPath)
Set objParent = GetObject(objUser.Parent)
Set objOU=GetObject("LDAP://" & strOU)
If strcomp(objParent.ADsPath,objOU.ADsPath,1)=0 Then
    Set objGroup = GetObject("LDAP://" & strGroup)
    wscript.echo objGroup.grouptype
    on error resume next
    objGroup.Add objUser.ADsPath
    objGroup.SetInfo
    on error goto 0
    Set objGroup = Nothing
End If

Set objOU = Nothing
Set ObjParent = Nothing
Set objUser = Nothing
 
Upvote 0 Downvote
For a particular candidate user, what are those data? (It is just for debugging, not for permanent use.) Post the echo. It is the data which help debugging, not the script anymore.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
338
SoftwareRT
SoftwareRT
bdwilcox
  • Question
Script seeing input variable value as blank but sees hard-coded value 4
Replies
6
Views
481
bdwilcox
bdwilcox
Michastro
  • Locked
  • Question
Send an order to an IP power in VBS
Replies
0
Views
129
Michastro
Michastro
Don Child
  • Locked
  • Question
How to validate an INSERT, after Executing
Replies
1
Views
173
Don Child
Don Child
Z3braa
  • Locked
  • Question
Remove specific computer name in Logon Workstation from from all users in AD, with VBScript
Replies
0
Views
113
Z3braa
Z3braa

Part and Inventory Search

Sponsor

Back
Top