Script Tips
Who's with Whom
Check group membership with this nifty ADSI trick.
Here's a little trick with the Active Directory Services Interface (ADSI)
WinNT provider. And pay attention: The WinNT provider works great with
Active Directory domains, as well as local computer user accounts and
groups!
Let's say you have a user name in variable sUser, and a group name in
sGroup. You want to know if sUser is a member of sGroup or not (a handy
trick for logon scripts, for example). Start by using ADSI to get a reference
to each object:
Dim oUser, oGroup, sUser, sGroup
sUser = "Don"
sGroup = "Domain Users"
Set oUser = GetObject("WinNT://MyDomain/" & _
sUser & ",user")
Set oGroup = GetObject("WinNT://MyDomain/" & _
sGroup & ",group")
Here's the cool bit, which isn't available with Active Directory's native
LDAP provider, but which works dandy with the WinNT provider:
If oGroup.IsMember(oUser.aDSPath) Then
'He's a member
Else
'Not in the club
End If
You can also shortcut this; here's the entire example:
Dim oGroup, sGroup
sGroup = "Domain Users"
Set oGroup = GetObject("WinNT://MyDomain/" & _
sGroup & ",group")
If oGroup.IsMember(("WinNT://MyDomain/" & _
sUser & ",user") Then
'He's a member
Else
'Not in the club
End If
A quick and easy way to check group membership.
About the Author
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.