Assigning Resources to User Groups
The Left function is useful if you're dealing with computers with similar names, but people aren't so conveniently named—and even if they were, you probably wouldn't assign network resources to people according to whether their names begin with JOH or ANN. However, you can assign network resources according to the groups to which users belong. One reader who is migrating from Novell NetWare to Win2K sent an email message that asked, "Is there an object that can expose the group membership of the user so that I can assign the drive letters based on their groups?" Such an object exists, but you can't access it through WshNetwork or any other Windows Script Host (WSH) object. To read group or organizational unit (OU) memberships for individual accounts, you need to use Microsoft Active Directory Service Interfaces (ADSI). Before I show you how to use ADSI for this purpose, you need to know some ADSI basics.
A Brief Primer on ADSI
ADSI is a set of management interfaces for abstracting your interaction with objects contained in a directory service, whether that directory service is Win2K's Active Directory (AD), Windows NT's SAM, or another supported directory service. The properties and methods available to you will vary with the directory service you're using, but the basic structure for using these objects in a script won't vary after you've retrieved them. You can use ADSI to perform any of the following tasks in a directory service:
- List users, groups, computers, OUs, domains, and other objects.
- Create new users and groups.
- View and edit group and OU memberships.
- Start and stop services.
- Create, edit, delete, or list file shares, print queues, and user sessions.
To bind to ADSI objects, you use the GetObject function with one argument. This argument must consist of at least two items: the name of the namespace to which you want to connect and the distinguished name (DN) of the object to which you want to connect in that namespace. Two slashes and a colon (//:) separate these two items. You must enclose the argument in quotes.
The namespace you use depends on the OS on which you're running the script and the kind of information for which you're looking. Two namespaces that administrators commonly use are WinNT and LDAP. Note that all the ADSI namespaces are case sensitive, so you must put the WinNT namespace in mixed case, as I've done here. ADSI namespaces are one of the few instances in which VBScript is case sensitive.
If you run the script on a Windows Server 2003 or Win2K machine, you can use either the WinNT or the LDAP namespace. However, although Windows 2003 and Win2K support the WinNT namespace, that namespace isn't hierarchical. As a result, you can connect to user and computer accounts in a domain, but you can't specify a particular subset of a domain because NT doesn't recognize those subsets. For a detailed view of a domain's directory service, you need to use the LDAP namespace.
If you run the script on an NT machine, you must always use the WinNT namespace. Your script won't work if you use the LDAP namespace.
Listing 2 shows sample GetObject functions that use the LDAP and WinNT namespaces. The first sample function uses the LDAP namespace to bind to the object representing the TS Clients OU in the labrynth.redroom.com domain. The second sample function uses the WinNT namespace to bind to the object representing the Horace user account in the REDROOM domain.
In the second sample function, note the use of ,User at the end of the argument. In WinNT namespaces, you can include the class name of the object to which you want to bind. In this case, the class is User. Providing as much information as possible is a good habit to get into when binding to ADSI objects. Without this information, ADSI would likely bind to the object, but the more information you supply to the GetObject function, the faster the binding.
That's enough about ADSI for our purposes here. If you'd like to learn more about ADSI, check out the articles in "Related Reading."
Prev. page
1
[2]
3
next page 
