Does anyone have a VB script that can check group membership including nested groups. Like the Kix Ingroup function?

Ideally I would like to to pass in the username and the group and get a return value of True or False.

I have tried modifying a script from Microsoft, without success.
It manages to write the groups to a text file, but I cant get

if objNestedGroup.CN = "AppLocal Winzip" then

to work

Any tips



On Error Resume Next

UserInGroup = "False"
UserInNestedGroup = "False"

OutputFile = "C:\windows\temp\groups.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set ObjOutput = objFSO.CreateTextFile(OutputFile, FOR_WRITING)
objoutput.Write "Group" & VbCrLf

Set objUser = GetObject("LDAP://CN=Muttley, OU=Users and Groups,OU=Users,dc=muttley,dc=com")
Set colGroups = objUser.Groups
For Each objGroup in colGroups
'Wscript.Echo objGroup.CN
objOutput.Write objGroup.CN & VbCrLf
if objGroup.CN = "AppLocal Winzip" then
objOutput.Write "User in group" & VbCrLf
UserInGroup = "True"
end if

MsgBox UserInGroup
MsgBox UserInNestedGroup

Function GetNested(objGroup)
On Error Resume Next
colMembers = objGroup.GetEx("memberOf")
For Each strMember in colMembers
strPath = "LDAP://" & strMember
Set objNestedGroup = _
'WScript.Echo objNestedGroup.CN
objOutput.Write objNestedGroup.CN & " - Nested" & VbCrLf
if objNestedGroup.CN = "AppLocal Winzip" then
UserInNestedGroup ="True"
end if
End Function
0 Comments   [ + ] Show Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


I have this one I use in one of the applications I wrote. I think you can modify it to work in yours.

Const AD_PACKAGE_GROUP = "Microsoft_SMS_Remote_Console"

' Validate Active Director Membership....
Function ValidateADGroup()
Dim message
Dim objADSysInfo : Set objADSysInfo = CreateObject("ADSystemInfo")
Dim strUser : strUser = objADSysInfo.UserName
dim strGroup
Dim objGroup
Dim objUser : Set objUser = GetObject("LDAP://" & strUser)
For Each strGroup in objUser.memberOf
Set objGroup = GetObject("LDAP://" & strGroup)
If InStr(objGroup.CN, AD_PACKAGE_GROUP) <> 0 Then
ValidateADGroup = True
Set objGroup = nothing
Exit Function
ValidateADGroup = False
Set objGroup = nothing
End If
End Function
Answered 12/20/2006 by: Robo Scripter
Orange Senior Belt

Please log in to comment
Answer this question or Comment on this question for clarity