I'm trying to create a logon script that checks whether the current user is a member of an AD group. The script runs without error but never returns true. Any suggestions?
UserName=(wntUserInfo(0))
grouppath = "LDAP://cn=INFO-Test,ou=INFO-Groups, ou=INFO, ou=test, dc=new, dc=wow, dc=com"
userpath = "LDAP://cn=UserName, ou=INFO-Users,ou=INFO,ou=test,dc=new,dc=wow,dc=com"
if dsIsMemberGrp(grouppath, userpath) Then
;Do something
Else
;Do Something Else
Endif
The documentation for dsIsMemberGrp states:
QuoteImportant: This function sometimes erroneously returns @false (0) when an object is actually a member of the specified group. This occurs when the group is in Active Directory and is the primary group of the object whose membership you are checking. As a workaround, you can get a list of all the members of a group, including members with the target group as the primary group, by using the dsGetMemGrp function with the WinNT provider version of the group path instead of the LDAP version of the path.
For example, if you want to get all the members of the Active Directory group "LDAP://mydomain/cn= domain users, dc=mydomain,dc=mycompany,dc= com", use "WinNT://mydomain/domain users,group" instead. You can then examine the returned list for the path of the possible member object.
You can also use the dsGetPrimGrp ADSI extender function to check if the user has the group of interest as their primary group. This along with the dsIsMemberGrp will allow you to check all the groups that the user has direct membership in.
I figured it out. The Username variable was not being passed properly as it was between quotes and thus part of the string. I used strcat() seperate the variable from the string and it worked perfectly.
Quote from: fightinggeek on September 10, 2013, 06:03:01 AM
I figured it out. The Username variable was not being passed properly as it was between quotes and thus part of the string. I used strcat() seperate the variable from the string and it worked perfectly.
Ok yes, now I see your username variable wasn't being passed properly. the code should look something like this:
UserName=(wntUserInfo(0))
grouppath = "LDAP://cn=INFO-Test,ou=INFO-Groups, ou=INFO, ou=test, dc=new, dc=wow, dc=com"
userpath = StrCat("LDAP://cn=",UserName,", ou=INFO-Users,ou=INFO,ou=test,dc=new,dc=wow,dc=com") ; Uses StrCat
;or
;userpath = LDAP://cn=":UserName:", ou=INFO-Users,ou=INFO,ou=test,dc=new,dc=wow,dc=com" ; Uses Colon Concatenation operator
if dsIsMemberGrp(grouppath, userpath) Then
;Do something
Else
;Do Something Else
Endif