Does anyone have a VB script that can check group membership including nested groups. Like the Kix Ingroup function?

Ideally I would like to to pass in the username and the group and get a return value of True or False.

I have tried modifying a script from Microsoft, without success.
It manages to write the groups to a text file, but I cant get

if objNestedGroup.CN = "AppLocal Winzip" then

to work

Any tips



On Error Resume Next

UserInGroup = "False"
UserInNestedGroup = "False"

OutputFile = "C:\windows\temp\groups.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set ObjOutput = objFSO.CreateTextFile(OutputFile, FOR_WRITING)
objoutput.Write "Group" & VbCrLf

Set objUser = GetObject("LDAP://CN=Muttley, OU=Users and Groups,OU=Users,dc=muttley,dc=com")
Set colGroups = objUser.Groups
For Each objGroup in colGroups
'Wscript.Echo objGroup.CN
objOutput.Write objGroup.CN & VbCrLf
if objGroup.CN = "AppLocal Winzip" then
objOutput.Write "User in group" & VbCrLf
UserInGroup = "True"
end if

MsgBox UserInGroup
MsgBox UserInNestedGroup

Function GetNested(objGroup)
On Error Resume Next
colMembers = objGroup.GetEx("memberOf")
For Each strMember in colMembers
strPath = "LDAP://" & strMember
Set objNestedGroup = _
'WScript.Echo objNestedGroup.CN
objOutput.Write objNestedGroup.CN & " - Nested" & VbCrLf
if objNestedGroup.CN = "AppLocal Winzip" then
UserInNestedGroup ="True"
end if
End Function
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


I have this one I use in one of the applications I wrote. I think you can modify it to work in yours.

Const AD_PACKAGE_GROUP = "Microsoft_SMS_Remote_Console"

' Validate Active Director Membership....
Function ValidateADGroup()
Dim message
Dim objADSysInfo : Set objADSysInfo = CreateObject("ADSystemInfo")
Dim strUser : strUser = objADSysInfo.UserName
dim strGroup
Dim objGroup
Dim objUser : Set objUser = GetObject("LDAP://" & strUser)
For Each strGroup in objUser.memberOf
Set objGroup = GetObject("LDAP://" & strGroup)
If InStr(objGroup.CN, AD_PACKAGE_GROUP) <> 0 Then
ValidateADGroup = True
Set objGroup = nothing
Exit Function
ValidateADGroup = False
Set objGroup = nothing
End If
End Function
Answered 12/20/2006 by: Robo Scripter
Orange Senior Belt

Please log in to comment