#140170 - 2005-05-23 11:30 PM
Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
I am trying to use the ingroup function to setup a dynamic login script. It doesn't seem to acknowledge the groups I have setup in Active Directory. I've tried using the fully qualified domain name of the object "mallory.local/Mallory/LONGUP" But it doesn't recognize it. Likewise I have also tried using just the subkeys, and it does not recognize those either. I'm using the basic code from the article on http://www.brianmadden.com for the ingroup statement.
Could someone post a couple screenshots or code snippets of what I need to do to create groups that kix will recognize?
|
Top
|
|
|
|
#140172 - 2005-05-24 01:50 AM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
Ok... Code:
IF INGROUP('mallory.local/Mallory/LONGUP')
addprinterconnection('\\mcsrv\LongCSR')
addprinterconnection('\\mcsrv\LongFC')
setdefaultprinter('\\mcsrv\LONGCSR')
ELSE
? 'NOt in longview'
ENDIF
seems to work, I was using double quotes. I'll tinker with this some more, see what I can come up wtih. Thanks Les.
|
Top
|
|
|
|
#140173 - 2005-05-24 02:54 PM
Re: Ingroup
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Couple of things..
You can use single or double-quotes.
In your group definition, you have: 'mallory.local/Mallory/LONGUP'
It should be: 'Mallory\LONGUP'
Actually, ENUMGROUP should show the groups you or the user you are logging in as the group membership that are belonged to. Also, IFMEMBER.EXE from the Resource Kit should show the same information.
Kent
|
Top
|
|
|
|
#140174 - 2005-05-24 09:52 PM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
AH! Ok. What we're trying to do is setup organizational groups by region on the domain controller. My group enumerates as Domain User. So, how do I add organization subkeys on the domain controller? Anyone got a screenshot?
|
Top
|
|
|
|
#140175 - 2005-05-24 09:56 PM
Re: Ingroup
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Organize subkeys?
Group names can only exist once in a domain the same as user names. You can place groups like users into whatever OU hierarchy you wish but you can reference them as domain\user or domain\group where domain is the downlevel netbios domain name.
|
Top
|
|
|
|
#140176 - 2005-05-24 10:14 PM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
Ok... you've confused me. This picture illustrates what we've done.
As you can see, the organizational units are setup as objects in mallory.local/Mallory But the groups that declared in the INGROUP() statement are under mallory.local/Users How do I query by the containers under mallory.local/Mallory?
|
Top
|
|
|
|
#140177 - 2005-05-24 10:21 PM
Re: Ingroup
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Why not just use the following? Code:
IF INGROUP('HR') ; -- DO WHATEVER ENDIF
Otherwise, you are going to have to use an LDAP to use the OU that you have in your picture above. Have a look at - InContainer() to do what you want.
Thanks,
Kent
|
Top
|
|
|
|
#140179 - 2005-05-24 10:43 PM
Re: Ingroup
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Agreed.
I had hoped with my explanation that he does have two options. Use groups like HR, Accounting, etc. or using Howard's InContainer() UDF.
Kent
|
Top
|
|
|
|
#140180 - 2005-05-24 11:01 PM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
So... Ok. Most of that went over my head.
So, basically, there is no simple way to implement a simple query on OUs?
If I setup groups in the active directory, and added members to those groups using the Member Of tab in the user properties... the in group statements would work?
|
Top
|
|
|
|
#140181 - 2005-05-24 11:07 PM
Re: Ingroup
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
The INGROUP function will check the membership of groups (domain\group) regardless of where they are located in the directory tree.
You seem to want to do one thing but keep asking to do something different. If you could just explain what you want to accomplish is business terms, we could suggest optimized methods to accomplish your goal.
|
Top
|
|
|
|
#140182 - 2005-05-24 11:38 PM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
I want to setup groups like so: Location1 |- Department1 |- Department2 Location2 |- Department3
OR Location1Department1 Location1Department2 Location2Department3
Then setup a KIX script to determine which default printer to set based on which location and department they are at.
I am not sure about permissions inheritance. Could I set up one group to inherit all permissions and settings from another, such as having users in Location1Department1 inherit all priveleges from the Domain users group?
If I did this, would I have to edit anything in the domain controller security policy to make it work properly?
I apologize for all the questions, I'm not at all familiar with structure and organization in Active Directory.
|
Top
|
|
|
|
#140183 - 2005-05-25 11:35 PM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
I still have not been able to get this working. Here is a step by step of what I've done: I started off by making the group in active directory, illustrated below: Then, I added myself to the group, and set it as the primary group, illustrated below:
Then I ran a simple enumgroup($index) script on my account. It returned Domain Users as my group.
I've tried various incarnations of this script trying to get it working: Code:
addprinterconnection("\\mcsrv\LongCSR") IF INGROUP('LONGUP') setdefaultprinter('\\mcsrv\LONGCSR') ELSE ? 'long marker (I used a 200 character marker to test)' That actual script is a bit longer than that, and it includes all of the printer connections, then runs through the script to determine default printer.
I am not sure what I am doing wrong, and any assistance would be appreciated.
|
Top
|
|
|
|
#140184 - 2005-05-25 11:47 PM
Re: Ingroup
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
You may want to be careful as you can break apps when you change the default group from Domain Users to another group.
Have you tried to use the printer share name or the actual printer name?
It should work just fine and you may need to add some debugging code. Code:
$rc=addprinterconnection("\\mcsrv\LongCSR") ?@ERROR' '@serror IF INGROUP('LONGUP') $rc=setdefaultprinter('\\mcsrv\LONGCSR') ?@ERROR' '@serror ENDIF
HTH,
Kent
Edited by kdyer (2005-05-25 11:56 PM)
|
Top
|
|
|
|
#140185 - 2005-05-25 11:56 PM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
I apologize if I wasn't clear before. The printer connections work fine. Its the INGROUP thing that I am having troubles resolving. I've tried several things, but ENUMLOCALGROUP($Index) returns "users", while ENUMGROUP($index) returns domain users. So it cycles through the IF statement to the flag at the end of the IF statement group.
I'm not sure if it is something I am doing wrong with my scripting, or in active directory.
|
Top
|
|
|
|
#140186 - 2005-05-25 11:58 PM
Re: Ingroup
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Ok..
So, what does the following show you? Code:
$Index = 0 DO $Group=ENUMGROUP($Index) ?$Group $Index=$Index+1 UNTIL Len($Group) = 0 get $
HTH,
Kent
|
Top
|
|
|
|
#140188 - 2005-05-26 12:01 AM
Re: Ingroup
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
From what you posted, you don't have an ENDIF in your code.
Kent
|
Top
|
|
|
|
#140189 - 2005-05-26 12:02 AM
Re: Ingroup
|
parkaw
Fresh Scripter
Registered: 2005-05-23
Posts: 17
|
that
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 313 anonymous users online.
|
|
|