#1
  1. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0

    Determine OU for login script if's


    We're trying to consolidate down to a single login script instead of a different one for each role a user has. I've been able to logically organize it in a manner that it's divided up by OU. Trouble is, I have absolutely no idea how to determind the OU for an if statement.

    Reading up some, I've found that it's difficult if you have nested OU's, which we do. We'll have a layout in 3 different basic manners
    PC users are: domain > department > users
    Terminal server users are: domain > Terminal Server > Access Level
    Users that work ON the thin client desktop are: domain > Thin Clients > Users

    So really the OU's are the same level away from the domain (grandparent is it?).

    So what I'm not sure how to do is to pull the last level of the OU out in order to run a text comparison later. Is it as simple as something like:
    Set objParent = GetObject(objUser.Parent)
    strParent = objParent.Get("name")
    Set objGrandParent = GetObject(objParent.Parent)
    strParent = objGrandParent.Get("name")
    But then where do you get the actual last OU section from?

    Later i'll simply run portions of the script based on that OU data. Something like
    if (objOU = "Accounting") then
    do this part of the code
    else nothing

    I'd appreciate any help here. I didn't see anything related to this in the search, but I did look before I posted.
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    15
    Rep Power
    0
    what is an "OU" ?
  4. #3
  5. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0
    Originally Posted by Satellite55
    what is an "OU" ?
    Organizational Unit....how Active Directory organizes everything.
  6. #4
  7. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,424
    Rep Power
    4539
    What you can or can't get will depend on what object you're using to query AD. There is nothing built in to asp so I imagine you're using some microsoft WMI stuff which I know nothing about.

    If you're writing asp.NET code, you might try the NET forum, this forum is primarily classic asp
    ======
    Doug G
    ======
    The man who doesn't read good books has no advantage over the man who can't read them.
    --Mark Twain
  8. #5
  9. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0
    Originally Posted by Doug G
    What you can or can't get will depend on what object you're using to query AD. There is nothing built in to asp so I imagine you're using some microsoft WMI stuff which I know nothing about.

    If you're writing asp.NET code, you might try the NET forum, this forum is primarily classic asp
    VBS, logon scripts. It was under the sub-headings for this category, so that's why I put it here.
  10. #6
  11. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,424
    Rep Power
    4539
    Hopefully someone who knows will jump in ...
    ======
    Doug G
    ======
    The man who doesn't read good books has no advantage over the man who can't read them.
    --Mark Twain
  12. #7
  13. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0
    Originally Posted by Doug G
    Hopefully someone who knows will jump in ...
    So any ideas at all here? I'm not really sure where to begin since they folks are at two different levels. I wish there was a way to see what the last level was....that's all the info I would need to be able to work the script.
    Last edited by millercepbs; February 18th, 2011 at 10:05 AM.
  14. #8
  15. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0
    I was able to find something that I think can be altered some. I found a script that can tell you the OU of a computer, so I've altered it to "User", but it doesn't seem to work.

    Code:
     OPTION EXPLICIT
    DIM objNetwork
    DIM UserName
    DIM ou
    
    ' Get the UserName of PC
    set objNetwork = createobject("Wscript.Network")
    UserName = objNetwork.UserName
    
    ' Call function to find OU from computer name
    ou = getOUByUserName(UserName)
    
    wscript.echo ou
    
    
    function getOUByUserName(byval UserName)
    	' *** Function to find ou/container of user object from username ***
    	
    	DIM namingContext, ldapFilter, ou
    	DIM cn, cmd, rs
    	DIM objRootDSE
    	
    	' Bind to the RootDSE to get the default naming context for
    	' the domain.  e.g. dc=wisesoft,dc=co,dc=uk
    	set objRootDSE = getobject("LDAP://RootDSE")
    	namingContext = objRootDSE.Get("defaultNamingContext")
    	set objRootDSE = nothing
    
    	' Construct an ldap filter to search for a user object
    	' anywhere in the domain with a name of the value specified.
    	ldapFilter = "<LDAP://" & namingContext & _
     	">;(&(objectCategory=User)(name=" & UserName & "))" & _
    	";distinguishedName;subtree"
    
    	' Standard ADO code to query database
    	set cn = createobject("ADODB.Connection")
    	set cmd = createobject("ADODB.Command")
    
    	cn.open "Provider=ADsDSOObject;"
    	cmd.activeconnection = cn
    	cmd.commandtext = ldapFilter
    	
    	set rs = cmd.execute
    
    	if rs.eof <> true and rs.bof <> true then
    		ou = rs(0)
    		' Convert distinguished name into OU.
    		' e.g. cn=CLIENT01,OU=WiseSoft_Computers,dc=wisesoft,dc=co,dc=uk
    		' to: OU=WiseSoft_Computers,dc=wisesoft,dc=co,dc=uk
    		ou = mid(ou,instr(ou,",")+1,len(ou)-instr(ou,","))
    		getOUByUserName = ou
    
    	end if
    
    	rs.close
    	cn.close
    
    end function
    The ldap filter seems to be the main part that isn't working...setting the filter to the User category.

    Code:
    ldapFilter = "<LDAP://" & namingContext & _
     	">;(&(objectCategory=User)(name=" & UserName & "))" & _
    	";distinguishedName;subtree"
    Since "User" is the objectCategory, I'm not sure why it doesn't work. Basically, if you set that back to "Computer", even with my other varibables changes left to "user", it works to get the computer OU's. So i'm a bit confused....or is the object distinguished differently in AD than "User"?
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2011
    Posts
    1
    Rep Power
    0
    Not sure if you've found a solution for what you were working on or not, but all I did to determine the OU was to tear apart the ADSystemInfo.Username value.

    Code:
    'Set up Active Directory Connections
    Set ADSysInfo = CreateObject("ADSystemInfo")
    'Get FQDN
    strUser = ADSysInfo.UserName
    
    x = instr(strUser,"OU")
    If x > 0 then
    	OU = right(strUser,Len(strUser) - x - 2)
    	x = instr(OU,",")
    	PriOU = left(OU, x - 1)
    	OU = Right(OU, Len(OU) - x)
    	x = instr(OU,"OU")
    	If x > 0 then
    		OU = right(OU,Len(OU) - x - 2)
    		x = instr(OU,",")
    		SecOU = left(OU, x - 1)
    	Else
    		SecOU = "None"
    	End If
    Else
    	PriOU = "None"
    End If
    The value for PriOU then becomes the lowest OU in the tree and SecOU becomes the next level up. This allows me to handle options for more than one OU, such as when a department has a sub-dept that needs it's own mappings as well as the department mappings.
  18. #10
  19. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0
    I'll give it a shot...i thought the thread had been forgotten!

    Um, well did an echo on what the script above returns and it's a numeric value. That's all fine, but I have no way of knowing what OU a '13' belongs to. Any ideas on that?
    Last edited by millercepbs; May 16th, 2011 at 03:30 PM.
  20. #11
  21. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0
    Nevermind, it helps to have an echo read off the right variable...ie priou secou.

    THANKS!

IMN logo majestic logo threadwatch logo seochat tools logo