Download: [download#4#size#nohits]

I had a challenge today.

Problem:

My Customer needs to insert a specific text in the Computer description field on the local PC, if the user is member of a specific group.

Challenges:

The problem is that most of the user are not directly members of the group.

but they are members of a nested group that if member of the group, or a nested group , that is member of a nested group , that is member of the group and so on.

This gave me a problem, since the usual way of checking the user membership is by using the “memberOf” property via ADSI.

This only shows the groups the users is directly connected to, and not the nested groups.

Ideas:

I found an example on Microsoft Scripting Guys:

http://technet.microsoft.com/en-us/magazine/cc161018.aspx

This example give you a complete list of the groups the user is member of.

This could be used for the checking, but the problem is that it is really slow! On our small AD it was 4-5 seconds before it was finished!

And I can only imagine how long it would take in a much larger forest!

Solution:

So I had to think it over, and I decided to go the other way around.

To check the group, and list the nested users.

and I came up with this solution:

' //***************************************************************************
' // ***** Script Header *****
' //
' // File:      InsertComptuerDescriptionIfInGroup.vbs
' // Author:	Jakob Gottlieb Svendsen, Coretech A/S. https://blog.ctglobalservices.com
' // Purpose:   Checks if current user if member of specific group,
' //			or any nested groups.
' //			If user is found, a computerdescription strDescription is
' //			added to the local computer.
' //
' // Usage:     .vbs
' //
' //
' // CORETECH A/S History:
' // 0.0.1     JGS 01/12/2008  Created initial version.
' // 0.0.2     JGS 02/12/2008  Fixed bug, when same user appears in more than one group
' //
' // Customer History:
' //
' // ***** End Header *****
' //***************************************************************************
'//----------------------------------------------------------------------------
'//
'//  Global constant and variable declarations
'//
'//----------------------------------------------------------------------------
On Error Resume Next

strGroupDN = "CN=CT Konsulenter,OU=Security,OU=Groups,OU=Coretech,DC=coretech,DC=intra" ' e.g. cn=SalesGroup,ou=Grps,dc=rallencorp,dc=com

strDescription = "IT Department" 

Set oADSystemInfo = CreateObject("ADSystemInfo")
Set dicSeenGroupMember = CreateObject("Scripting.Dictionary")
Set UserList = CreateObject("Scripting.Dictionary")

'//----------------------------------------------------------------------------
'//  Main routines
'//----------------------------------------------------------------------------

'Build list of users
GetMembers "LDAP://" & strGroupDN, strSpaces, dicSeenGroupMember

If (UserList.Exists("LDAP://" & oADSystemInfo.UserName)) Then
	'Run function. Change this to your own code, for other tasks.
	InsertComputerDescription strDescription
End If

'//----------------------------------------------------------------------------
'//  Procedures
'//----------------------------------------------------------------------------

Function GetMembers ( strGroupADsPath, strSpaces, dicSeenGroupMember)
	Set objGroup = GetObject(strGroupADsPath)
	 for each objMember In objGroup.Members
	    If objMember.Class = "group" then
	     if dicSeenGroupMember.Exists(objMember.ADsPath) then
	       'Wscript.Echo strSpaces & " ^ already seen group member " & _
	       '"(stopping to avoid loop)"
	     else
	      	dicSeenGroupMember.Add objMember.ADsPath, 1
	      	GetMembers objMember.ADsPath, strSpaces & " ", dicSeenGroupMember
	     end If
	   Else
			If Not UserList.Exists(objMember.ADsPath) Then
				UserList.Add objMember.ADsPath, 1
			End If
	   end if
	 Next
End Function

Function InsertComputerDescription (strDescription)
                      strComputer = "."
                      Set Obj = GetObject("winmgmts:\\" & strComputer).InstancesOf("Win32_OperatingSystem")

                      For Each x In Obj
	                      x.Description = strDescription
    	                  x.Put_
                      Next
End Function

'//----------------------------------------------------------------------------
'//  End Script
'//----------------------------------------------------------------------------

You can use the example for all kinds of jobs, but in this case it runs the “InsertComputerDescription” function to insert computer description.