squirrelc0de

AD OUS and persistant drives

5 posts in this topic

#1 ·  Posted

Hi there, 

I have a question about persistent drives and AD. 
I am playing around with a script but I'm missing something. What i want to do is if a user is part of an OU, it will map a network drive and be persistent. However if a user is moved out of that OU, they will need to have the persistent drive removed. 

I'm using the ad plugin script, and i can map the drives if a user is in a specific ou, but i cannot seem to delete the drive if the user is out of the OU. 

Here's an example of code I'm using: 

 

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Compression=4
#AutoIt3Wrapper_Res_Fileversion=1.0.0
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <AD\AD.au3>

func MapDrives()
    _AD_Open()
    
    if _AD_RecursiveIsMemberOf(OU) Then
        Mapdrive1()
    Elseif _AD_RecursiveIsMemberOf(different ou)
    drivemapdel    
    EndIf
    
    _AD_Close()
EndFunc
    
Func MapDrive1()
    Drivemapdel ("Z:")
    DriveMapAdd ("Z:"."\\server\share",$DMA_PERSISTENT,0)
    
EndFunc

 

Share this post


Link to post
Share on other sites



#2 ·  Posted

Can you add some debugging for example:

func MapDrives()
    _AD_Open()
    
    if _AD_RecursiveIsMemberOf($OU) Then
        Mapdrive1()
        MsgBox(64, $OU, @UserName & " is member of " & $OU & @CRLF & DriveMapGet("Z:"))
    Elseif _AD_RecursiveIsMemberOf($differentou)
        DriveMapDel("Z:")
        MsgBox(64,$differentou, @UserName & " is member of " & $differentou & @CRLF & DriveMapGet("Z:"))
    EndIf
    
    _AD_Close()
EndFunc

 

Share this post


Link to post
Share on other sites

#3 ·  Posted

Hi there, 

I dont want a message box to pop up when a user signs in, but to have the script detect whether they are apart of a specific ou, and if they were moved into a different ou then the script would remove the previous persistent drive. I think I got the code right, but need to double check it with someone.

Thanks 

Share this post


Link to post
Share on other sites

#4 ·  Posted

The idea was for you to test to see what was occurring not for production, alternatively you could just write to a log and then check the information from there.

Share this post


Link to post
Share on other sites

#5 ·  Posted

thank you, i will give that a shot and get back to you in a day or so. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • water
      By water
      On one/multiple big sheet(s) you get users (columns) and groups (rows). The list is sorted descending by number of members so you get the users with most groups and the groups with most members on top of the page. You can filter by (multiple) samaccountname(s), department or you can create your own LDAP query filter. You can filter the resulting list of groups using a Regular Expression.
      Version 2.0 uses maps so at the moment it requires the latest beta version of AutoIt!
      BTW: If you like this tool please click the "I like this" button. This tells me where to next put my development effort
    • water
      By water
      ADAT is a tool to simplify common AD administration tasks. Every administration task has its own tab. It is easy to add new functions (tabs) to the tool. Some often used functions are already available: list users, computers, OUs. File ADAT.ini can be customized to hold the AD logon information if necessary.
      BTW: If you like this tool please click the "I like this" button. This tells me where to next put my development effort
    • water
      By water
      ADCU displays two Active Directory users and their group membership in two listviews. You can filter and export the data to Excel, Outlook mail and the clipboard.
      Before running the script you need to change file AD-Tools.ini and function _Check_Access in AD-Tools_User.au3.
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
      Needs to be run with the latest AutoIt production version (>= 3.3.12.0).
      Needs to be run with the latest version of the AD UDF (>= 1.4.2.0).
    • water
      By water
      ADCG displays two Active Directory groups and their direct members in two listviews. You can filter and export the data to Excel, Outlook mail and the clipboard.
      Before running the script you need to change file AD-Tools.ini and function _Check_Access in AD-Tools_User.au3.
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
      Needs to be run with the latest AutoIt production version (>= 3.3.12.0).
      Needs to be run with the latest version of the AD UDF (>= 1.4.2.0).
    • DavidLago
      By DavidLago
      Hello. 
      I have 5 DCs, and I need to create a scheduled task to run a script that will test the authentication time for each one of them, once every minute. (Then I'll use it within a log analyser to create graphics).
      I came up with a script using the great AD UDF (by water). First I tried using "for" and an array, but something was messing up the results, then I went for the dumb old fashioned way:
      #Include <ad.au3> #include <MsgBoxConstants.au3> Global $AdTestTime = "" Global $Timer1, $Timer2, $Timer3, $Timer4, $Timer5 = "" Global $sAD1 = "MYSERVER109" Global $sAD2 = "MYSERVER110" Global $sAD3 = "MYSERVER111" Global $sAD4 = "MYSERVER112" Global $sAD5 = "MYSERVER113" $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2 = Timerinit() _AD_Open("", "", $sAD2) _AD_Close() Local $fDiff2 = TimerDiff($Timer2) $Timer3 = Timerinit() _AD_Open("", "", $sAD3) _AD_Close() Local $fDiff3 = TimerDiff($Timer3) $Timer4 = Timerinit() _AD_Open("", "", $sAD4) _AD_Close() Local $fDiff4 = TimerDiff($Timer4) $Timer5 = Timerinit() _AD_Open("", "", $sAD5) _AD_Close() Local $fDiff5 = TimerDiff($Timer5) MsgBox(0,"", "MYSERVER109=" & $fDiff1) MsgBox(0,"", "MYSERVER110=" & $fDiff2) MsgBox(0,"", "MYSERVER111=" & $fDiff3) MsgBox(0,"", "MYSERVER112=" & $fDiff4) MsgBox(0,"", "MYSERVER113=" & $fDiff5) Still, something is off here. 
      The first AD to be tested is always the slowest one, by far, like 20 times slower. Then I started to suspect that the first one starts the "negotiation", and the following ones ride the gravy train.
      If I repeat the first code twice, All servers seem to have a similar result.
      $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer1 = Timerinit() _AD_Open("", "", $sAD1) _AD_Close() Local $fDiff1 = TimerDiff($Timer1) $Timer2.... Am I right?
      Also, is there a better way to test the authentication time?
      Thanks for the help.
      - Dave