'isMember.vbs alan dot kaplan at va dot gov 'Check current domain group membership for user or computer '5/22/2009 Option Explicit 'Check user or computer's Group Membership Dim WshShell Dim objNet, strUserName, strUserDN, objGroup, sDomain Dim objMember, strGroupName, strGroupCN, oSI, strComputerDN, strDN Dim strComputerName, strName Dim bNotFound, bEcho Set wshShell = WScript.CreateObject("WScript.Shell") Set objNet = CreateObject("Wscript.Network") Set oSI = CreateObject("ADSystemInfo") strUserName = objNet.UserName strComputerName = objNet.ComputerName strUserDN = oSI.userName strComputerDN = oSI.ComputerName 'set to true to echo results bEcho = False GetArgs() ' Bind to the user or computer object with the LDAP provider. Set objMember = GetObject("LDAP://" & strDN) If isMember(strGroupName) Then If bEcho Then wscript.Echo strName & " is a member of " & strGroupName WScript.Quit(1) Else If bNotFound Then WScript.Quit(100) 'Set errorlevel 100 on exit If bEcho Then Wscript.Echo strName & " is NOT a member of " & strGroupName WScript.Quit(0) End If ' ======== Functions and Subs ========== Function isMember (strGroup) strGroupCN = GroupCN(strGroup) If bNotFound Then If bEcho Then Wscript.Echo strGroup & " Not Found in " & sDomain Exit Function Else Set objGroup = GetObject(strGroupCN) If objGroup.IsMember("LDAP://" & strDN) Then isMember = True End If End Function Function GroupCN(strGroupName) Dim oRS, oADTmp Dim oConn, oCommand Const ADS_SCOPE_SUBTREE = 2 Dim oRoot, strCommand Dim sAdsPath bNotFound = False 'Get the ADsPath for the current domain to search. Set oRoot = GetObject("LDAP://rootDSE") sDomain = ORoot.Get("defaultNamingContext") strCommand = "SELECT ADsPath FROM 'LDAP://" & sDomain &"' WHERE objectCategory='Group' " & _ "AND Name ='" & strGroupName & "'" Set oConn = CreateObject("ADODB.Connection") Set oCommand = CreateObject("ADODB.Command") oConn.Provider = "ADsDSOObject" oConn.Open "Active Directory Provider" Set oCommand.ActiveConnection = oConn 'Subtree required oCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE oCommand.CommandText = strCommand Set oRS = oCommand.Execute If oRS.BOF And oRS.EOF Then bNotFound = True Exit Function End If 'note unique answer means no need to loop GroupCN = oRS.Fields("ADsPath").Value End Function Sub GetArgs() If WScript.Arguments.Named.Count = 1 And WScript.Arguments.UnNamed.Count =1 Then If WScript.Arguments.named.exists("computer") Then strDN = strComputerDN strName = strComputerName End If If WScript.Arguments.named.exists("User") then strDN = strUserDN strName = strUserName End If strGroupName = WScript.Arguments.Unnamed(0) Else Syntax() End If End Sub Sub Syntax() Dim Message Message = WScript.ScriptName & " checks the membership of the current user or computer in a group. " & VbCrLf & VbCrLf & _ "It is designed to be run in a batch file, and sets an errorlevel on exiting." & VbCrLf & VbCrLf & _ "Example: cscript " & WScript.ScriptName & " /user UserGroupName" & VbCrLf & _ "Example: cscript " & WScript.ScriptName & " /computer ComputerGroupName" & VbCrLf & VbCrLf & _ "Note: If the group name contains a space, it must be in quotations." & VbCrLf & VbCrLf & _ "ERRORLEVELs: 1 if isMember is true, 0 if iMember is false, 100 if group does not exist." & VbCrLf & VbCrLf & _ "Batch file example: " & VbCrLf & VbCrLf & _ "cscript ismember.vbs /user SomeUserGroup" & VbCrLf & _ "if %errorlevel% == 100 echo group not found" & VbCrLf & _ "if %errorlevel% == 1 echo Member" & VbCrLf & _ "if %errorlevel% == 0 echo Not a Member" & VbCrLf & VbCrLf & _ "Written by Alan Kaplan, www.akaplan.com/blog" MsgBox Message,vbInformation + vbOKOnly,WScript.ScriptName & " Syntax and Usage" WScript.Quit End Sub