VBS to run based on AD group

[FN-GM]

Hi,

I am trying to use the below code to return an echo based on the machines AD group. When i run it nothing at all happens. The machine is in the group listed in the file. Can anyone help please?

Thanks

Code:

on error resume next
lgCnt=oP.Count
Do While lgCnt>0
lgCnt=lgCnt-2
Loop 
Set WShell = CreateObject("WScript.Shell")


If IsComputerMember("C204") Then

Wscript.Echo "204"


If IsComputerMember("C205") Then

Wscript.Echo "205"


'End If


' *****************
' ***	End 	***
' *****************



Function IsMember(strGroup)
' Function to test for group membership,
' returns True If the user or computer is a member of the group.
If IsEmpty(objGroupList) Then
Call LoadGroups
End If
IsMember = objGroupList.Exists(strGroup)
End Function

Function IsComputerMember(sGroup)
Dim oGroup
on error resume next
Set oGroup = GetObject("WinNT://" & strDomain & "/" & sGroup & ",group")
IsComputerMember = CBool(oGroup.IsMember(objComputer2.ADsPath & "$"))
Set oGroup = Nothing
If not Err.Number = 0 Then
'isComputerMember could not locate group
end if
on error goto 0
End Function

Sub LoadGroups() '------------------------------------------------
' Subroutine to populate dictionary object with group memberships.
' objUser is the user or computer object, with global scope.
' objGroupList is a dictionary object, with global scope.

Dim arrbytGroups, j, arrstrGroupSids(), objGroup

Set objGroupList = CreateObject("Scripting.Dictionary")
objGroupList.CompareMode = vbTextCompare

objUser.GetInfoEx Array("tokenGroups"), 0
arrbytGroups = objUser.Get("tokenGroups")
If TypeName(arrbytGroups) = "Byte()" Then
ReDim arrstrGroupSids(0)
arrstrGroupSids(0) = OctetToHexStr(arrbytGroups)
Set objGroup = GetObject("LDAP://<SID=" & arrstrGroupSids(0) _
& ">")
objGroupList(objGroup.sAMAccountName) = True
Set objGroup = Nothing
Exit Sub
End If
If UBound(arrbytGroups) = -1 Then
Exit Sub
End If
ReDim arrstrGroupSids(UBound(arrbytGroups))
For j = 0 To UBound(arrbytGroups)
arrstrGroupSids(j) = OctetToHexStr(arrbytGroups(j))
Set objGroup = GetObject("LDAP://<SID=" & arrstrGroupSids(j) _
& ">")
objGroupList(objGroup.sAMAccountName) = True
Next
Set objGroup = Nothing
End Sub '------------------------------------------------------------

[FN-GM]

bump, anyone please?

[PiqueABoo]

If you're going to keep using scripts then get yourself on some scripting training. I don't do VBS but at a glance that looks like an excerpt from some bigger script and I *think* half of it is redundant (the group sid caching) and objComputer2 doesn't reference anything, so it wouldn't work.

[browolf]

bump, anyone please?

you need to comment out "on error resume next" in order to fix all the errors, otherwise it just ignores them and you think you don't have any you don't need the 2nd instance of that either.

[jinnantonnixx]

Try using messagebox instead of echos.

Next, put messageboxes announcing themselves as the program proceeds as a kind of primitive debugger. If it's a startup script, you can write logs to the registry.


It's not clear what you want to do, but I wonder if you can do the task by filtering GPOs by group membership?

For example, machines in group '204' will run a certain script, machines in group '205' will run another if you implement policy filtering.

How to Implement Group Policy Security Filtering

[mac_shinobi]

Your "If ... Else" statements naffed up


If IsComputerMember("C204") Then Wscript.Echo "204" If IsComputerMember("C205") Then Wscript.Echo "205" 'End If

Your End If was commented out and depending on how you were doing your If statement you were missing some lines of code either Else or End If

Personally I would of used Select Case something like below

Select Case IsComputerMember()
Case "C204":
MsgBox "C204"
Case "C205":
MsgBox "C205"
Case Else:
MsgBox "An error occured"
End Select

[FN-GM]

you need to comment out "on error resume next" in order to fix all the errors, otherwise it just ignores them and you think you don't have any you don't need the 2nd instance of that either.

i have tried removing it, still nothing happens

Try using messagebox instead of echos.

Next, put messageboxes announcing themselves as the program proceeds as a kind of primitive debugger. If it's a startup script, you can write logs to the registry.


It's not clear what you want to do, but I wonder if you can do the task by filtering GPOs by group membership?

For example, machines in group '204' will run a certain script, machines in group '205' will run another if you implement policy filtering.

How to Implement Group Policy Security Filtering

I currently filter GPO but for a few reasons i want to move away from this.

As for everyone else thanks for the comments i will have another dabble. I might see if i can find something better in powershell.