Got a question from Matthew this week:
“I was wondering if you guys have a script that could determine what OU a user is a member of…sort of an if then else clause, If a member of “Said Group” then do this, Else End If…”
Good question Matthew. This turns out to be more difficult than it sounds. The reason: To determine this we need to setup an LDAP query that selects the OU, and then loops through all the users to see if the current user is a member.
The LDAP query looks like this:
LDAP://{DOMAIN} WHERE objectCategory='organizationalUnit' and ou='{OU NAME}'
Once the VBScript runs the query, we simply loop through the results and look for our account name. If it is there, then we have a match.
To use the script, simply open it up and go to the bottom. You will see these lines:
if IsMember("Testers") then
Wscript.Echo "This user is a member of the OU"
else
Wscript.Echo "This user is not a member of the OU"
end if
Just change “Testers” to the OU you want to see if the current user is a member of, and you can have your script take different actions based on their current membership (Map drives, add printers, etc).
Get the script from here:
http://www.intelliadmin.com/IsOUMember.dat
Remember to rename it to .vbs after downloading.
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools
{ 4 comments… read them below or add one }
Clever script steve. This is a great little script, and it is something I have been looking for for a while. I like your clean and simple solution. Will be trying it out at the office tomorrow!
Thanks!
There is a title typo btw.
Thanks for the heads up about the typo. Totally missed that!
I personally use PowerShell with the free Quest AD cmdlets and I just type:
get-qaduser username