VBS to run based on AD group

**FN-GM** · 26th January 2012, 02:53 AM

Hi,

I am trying to use the below code to return an echo based on the machines AD group. When i run it nothing at all happens. The machine is in the group listed in the file. Can anyone help please?

Thanks

Code:

on error resume next
lgCnt=oP.Count
Do While lgCnt>0
lgCnt=lgCnt-2
Loop 
Set WShell = CreateObject("WScript.Shell")


If IsComputerMember("C204") Then

Wscript.Echo "204"


If IsComputerMember("C205") Then

Wscript.Echo "205"


'End If


' *****************
' ***	End 	***
' *****************



Function IsMember(strGroup)
' Function to test for group membership,
' returns True If the user or computer is a member of the group.
If IsEmpty(objGroupList) Then
Call LoadGroups
End If
IsMember = objGroupList.Exists(strGroup)
End Function

Function IsComputerMember(sGroup)
Dim oGroup
on error resume next
Set oGroup = GetObject("WinNT://" & strDomain & "/" & sGroup & ",group")
IsComputerMember = CBool(oGroup.IsMember(objComputer2.ADsPath & "$"))
Set oGroup = Nothing
If not Err.Number = 0 Then
'isComputerMember could not locate group
end if
on error goto 0
End Function

Sub LoadGroups() '------------------------------------------------
' Subroutine to populate dictionary object with group memberships.
' objUser is the user or computer object, with global scope.
' objGroupList is a dictionary object, with global scope.

Dim arrbytGroups, j, arrstrGroupSids(), objGroup

Set objGroupList = CreateObject("Scripting.Dictionary")
objGroupList.CompareMode = vbTextCompare

objUser.GetInfoEx Array("tokenGroups"), 0
arrbytGroups = objUser.Get("tokenGroups")
If TypeName(arrbytGroups) = "Byte()" Then
ReDim arrstrGroupSids(0)
arrstrGroupSids(0) = OctetToHexStr(arrbytGroups)
Set objGroup = GetObject("LDAP://<SID=" & arrstrGroupSids(0) _
& ">")
objGroupList(objGroup.sAMAccountName) = True
Set objGroup = Nothing
Exit Sub
End If
If UBound(arrbytGroups) = -1 Then
Exit Sub
End If
ReDim arrstrGroupSids(UBound(arrbytGroups))
For j = 0 To UBound(arrbytGroups)
arrstrGroupSids(j) = OctetToHexStr(arrbytGroups(j))
Set objGroup = GetObject("LDAP://<SID=" & arrstrGroupSids(j) _
& ">")
objGroupList(objGroup.sAMAccountName) = True
Next
Set objGroup = Nothing
End Sub '------------------------------------------------------------

**FN-GM** · 5th February 2012, 10:58 PM

bump, anyone please?

**PiqueABoo** · 6th February 2012, 12:55 PM

If you're going to keep using scripts then get yourself on some scripting training. I don't do VBS but at a glance that looks like an excerpt from some bigger script and I *think* half of it is redundant (the group sid caching) and objComputer2 doesn't reference anything, so it wouldn't work.

**browolf** · 6th February 2012, 04:23 PM

Originally Posted by FN-GM

bump, anyone please?

you need to comment out "on error resume next" in order to fix all the errors, otherwise it just ignores them and you think you don't have any

you don't need the 2nd instance of that either.

**jinnantonnixx** · 6th February 2012, 05:07 PM

Try using messagebox instead of echos.

Next, put messageboxes announcing themselves as the program proceeds as a kind of primitive debugger. If it's a startup script, you can write logs to the registry.

It's not clear what you want to do, but I wonder if you can do the task by filtering GPOs by group membership?

For example, machines in group '204' will run a certain script, machines in group '205' will run another if you implement policy filtering.

How to Implement Group Policy Security Filtering

**mac_shinobi** · 6th February 2012, 06:05 PM

Your "If ... Else" statements naffed up

If IsComputerMember("C204") Then Wscript.Echo "204" If IsComputerMember("C205") Then Wscript.Echo "205" 'End If

Your End If was commented out and depending on how you were doing your If statement you were missing some lines of code either Else or End If

Personally I would of used Select Case something like below

Select Case IsComputerMember()
Case "C204":
MsgBox "C204"
Case "C205":
MsgBox "C205"
Case Else:
MsgBox "An error occured"
End Select

**FN-GM** · 6th February 2012, 10:44 PM

Originally Posted by browolf

you need to comment out "on error resume next" in order to fix all the errors, otherwise it just ignores them and you think you don't have any

you don't need the 2nd instance of that either.

i have tried removing it, still nothing happens

Originally Posted by jinnantonnixx

Try using messagebox instead of echos.

Next, put messageboxes announcing themselves as the program proceeds as a kind of primitive debugger. If it's a startup script, you can write logs to the registry.

It's not clear what you want to do, but I wonder if you can do the task by filtering GPOs by group membership?

For example, machines in group '204' will run a certain script, machines in group '205' will run another if you implement policy filtering.

How to Implement Group Policy Security Filtering

I currently filter GPO but for a few reasons i want to move away from this.

As for everyone else thanks for the comments i will have another dabble. I might see if i can find something better in powershell.

LinkBack

Thread Tools

Search Thread

VBS to run based on AD group

Similar Threads

Script to install program based on AD group

Script to run based on computer name

script to run command based on AD group of the computer

VBS - wshell.run based on file contents?

ISA 2004 - Upstream proxy based on user group?

Thread Information

Users Browsing this Thread

Posting Permissions