VBScript program demonstrating the use of an efficient IsMember function to test for group membership in a logon script. The IsMember function reveals membership in nested groups and the "Primary Group". The IsMember function uses a dictionary object, so that group memberships only have to be enumerated once, no matter how many times the function is called.

The IsMember function in this program uses the tokenGroups attribute to determine group memberships. This attribute is a collection of objectSids representing the groups the user or computer belongs to. The collection includes all nested groups and the primary group, but not groups in other domains. Most programs that use the tokenGroups attribute bind to each group (using the objectSid value in the tokenGroups collection) in order to retrieve the group name. This program instead uses ADO to search Active Directory for the groups with the objectSid values and retrieves the NT name of each group. This technique is much more efficient and should be faster, especially if the user or computer is a member of many groups.

The logon script incorporates a loop to retrieve the UserName from the wshNetwork object. This loop is only necessary on Windows 95/98 clients during logon. Without it, the wshNetwork object would return a blank string for UserName. The LDAP provider is used to bind to the user object.

The RootDSE object is used to obtain the DNS domain name. The NameTranslate object is used to convert the DNS domain name to the NetBIOS domain name. The NameTranslate object is used again to convert the NetBIOS domain name and the NT Name returned by the wshNetwork object to the Distinguished Name required by LDAP.

This program should work on any 32-bit Windows client that can log onto the domain. Windows NT and Windows 98/95 clients should have DSClient installed. If DSClient is not installed, WSH and ADSI should be installed.

This logon script demonstrates how to use the IsMember function to map drives to network shares according to user group membership. This script also demonstrates how to map the user home directory specified in Active Directory to the appropriate drive letter. It also demonstrates how to map local ports to shared printers according to computer group membership.

Logon6.txt <<-- Click here to view or download the program