I've encountered a problem with a script that I shamelessly stole borrowed from markdmac (faq329-5798) to validate the users who may access an intranet site that I built. I don't have a thorough background in AD but I know enough (to just be dangerous). But my understanding is that the problem appears to be happening because we have two domains within our company. The script works fine for one but apparently not for the other. Unfortunately, I don't know enough to understand how to modify or fix it. Any hints or shoves in the right direction would be greatly appreciated. (And I'd like to understand how this works as I can glean just enough from the code I stole borrowed but not enough to explain it - which is the one true sign of understanding.) How can I get this to validate so that if they are a member of the group on the Corp domain it will grant them access to the site, but if they are not in the group on the Corp domain *OR* they are on the Branch domain, it should reject them out of hand? Again, many thanks if someone could help explain it to me. Thanks!
------------------------------------------------------------------------------------------------------------------------
"Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing ever happened."
- Winston Churchill
Code:
'==========================================================================
'
' NAME: LogonScript.vbs
'
' AUTHOR: Mark D. MacLachlan, The Spider's Parlor
' URL : [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE : 4/10/2003
'
' COMMENT: Enumerates current users' group memberships in given domain.
' Maps and disconnects drives and printers
'
'==========================================================================
ON ERROR RESUME NEXT
Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path, strMember, GroupObj
Set WSHShell = server.CreateObject("WScript.Shell")
Set WSHNetwork = server.CreateObject("WScript.Network")
'Automatically find the domain name
Set objDomain = getObject("LDAP://rootDse")
DomainString = objDomain.Get("dnsHostName")
'Grab the user name
UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
'Now check for group memberships and map appropriate drives
For Each GroupObj In UserObj.Groups
'Test for "RL.Corporate.RealEstate.Users" group. If member, then complete page. If not, then error message.
Response.Write GroupObj.Name & " is the group.<br>"
if GroupObj.Name = "RL.Corporate.RealEstate.Users" then
strMember = "CRE"
exit for
else
strMember = "Non-CRE"
end if
Next
'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHShell = Nothing
Set WSHPrinters = Nothing
'Quit the Script
wscript.quit
'If not a CRE member, this will present an error message and redirect them to the cool home page.
if strMember = "Non-CRE" then
Response.Write "This page is for cool personnel only. <br>" & _
"Please click <a href='[URL unfurl="true"]http://www.mysite.com'>here</a>[/URL] to " & _
"return to the Cool People home page."
Response.Flush
Response.End
end if------------------------------------------------------------------------------------------------------------------------
"Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing ever happened."
- Winston Churchill