I have a batch file script, that needs to see if a person belongs to a
certain group. So I'm trying to compare the %USERNAME% (logged on user)
to the members of the group, to see if I can get either a "doesn't
match" or a "does match".

Here's my query

dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca" -expand
-members | dsget user -samid -c | find "%USERNAME%"

So, if you pass it the %username%, and there's a match, it returns the
username.
So, this gives me a name, but I can't match it the %USERNAME%... I can
only get it to return the value. I can't get past this step.

Is there another way to compare this, or, am I almost there?

--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}net

Bill Tkach wrote:

>I have a batch file script, that needs to see if a person belongs to a
>certain group. So I'm trying to compare the %USERNAME% (logged on user) to
>the members of the group, to see if I can get either a "doesn't match" or a
>"does match".
>
> Here's my query
>
> dsget group "CN=Dudes,OU=OurOU,OU=ABC
> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
> "%USERNAME%"
>
> So, if you pass it the %username%, and there's a match, it returns the
> username.
> So, this gives me a name, but I can't match it the %USERNAME%... I can
> only get it to return the value. I can't get past this step.
>
> Is there another way to compare this, or, am I almost there?
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net

It seems to work. If a name is echoed, the current user is a member. If
nothing is echoed, the current user is not a member of the group. What do
you want to accomplish?

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

The problem isn't finding out if the person is in the group, the problem
is using that script in say, an if/then statement.
Sort of like
IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca"
-expand -members | dsget user -samid -c | find "%USERNAME%" ==
%USERNAME%) DEL file.txt ELSE DEL file2.txt

However, I can't do the above; It won't let me compare the "dsget..." to
the %USERNAME%.

PS - I don't know if the del things works, thats not the problem. It's
just to figure out how to get a true/false comparison.

bill


Richard Mueller [MVP] wrote:
> Bill Tkach wrote:
>
>> I have a batch file script, that needs to see if a person belongs to a
>> certain group. So I'm trying to compare the %USERNAME% (logged on user) to
>> the members of the group, to see if I can get either a "doesn't match" or a
>> "does match".
>>
>> Here's my query
>>
>> dsget group "CN=Dudes,OU=OurOU,OU=ABC
>> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
>> "%USERNAME%"
>>
>> So, if you pass it the %username%, and there's a match, it returns the
>> username.
>> So, this gives me a name, but I can't match it the %USERNAME%... I can
>> only get it to return the value. I can't get past this step.
>>
>> Is there another way to compare this, or, am I almost there?
>>
>> --
>> Bill Tkach
>> MSP, CCNA, A+
>> visual{period}eyes{at}telus{period}net
>
> It seems to work. If a name is echoed, the current user is a member. If
> nothing is echoed, the current user is not a member of the group. What do
> you want to accomplish?
>


--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}net

Its a hack...

<script>
' wscript.arguments(0) = <Your Domain>
' wscript.arguments(1) = <Your Group>

Set oGroup = GetObject("WinNT://" & wscript.arguments(0) & "/" &
wscript.arguments(1), group)
Set oShell = CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")

sUserName = UCase(oShell.ExpandEnvironmentStrings("%USERNAME%" ))

sMembers = ""

For Each oMember in oGroup.Members
sMembers = sMembers & ";" & UCase(oMember.Name)
Next

If InStr(sMembers, sUserName) <> 0 Then
Set FileName = oFSO.GetFile("file.txt")
FileName.Delete
Else
Set FileName = oFSO.GetFile("file2.txt")
FileName.Delete
End If
</script>

"Kshaeta" wrote:

> The problem isn't finding out if the person is in the group, the problem
> is using that script in say, an if/then statement.
> Sort of like
> IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca"
> -expand -members | dsget user -samid -c | find "%USERNAME%" ==
> %USERNAME%) DEL file.txt ELSE DEL file2.txt
>
> However, I can't do the above; It won't let me compare the "dsget..." to
> the %USERNAME%.
>
> PS - I don't know if the del things works, thats not the problem. It's
> just to figure out how to get a true/false comparison.
>
> bill
>
>
> Richard Mueller [MVP] wrote:
> > Bill Tkach wrote:
> >
> >> I have a batch file script, that needs to see if a person belongs to a
> >> certain group. So I'm trying to compare the %USERNAME% (logged on user) to
> >> the members of the group, to see if I can get either a "doesn't match" or a
> >> "does match".
> >>
> >> Here's my query
> >>
> >> dsget group "CN=Dudes,OU=OurOU,OU=ABC
> >> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
> >> "%USERNAME%"
> >>
> >> So, if you pass it the %username%, and there's a match, it returns the
> >> username.
> >> So, this gives me a name, but I can't match it the %USERNAME%... I can
> >> only get it to return the value. I can't get past this step.
> >>
> >> Is there another way to compare this, or, am I almost there?
> >>
> >> --
> >> Bill Tkach
> >> MSP, CCNA, A+
> >> visual{period}eyes{at}telus{period}net
> >
> > It seems to work. If a name is echoed, the current user is a member. If
> > nothing is echoed, the current user is not a member of the group. What do
> > you want to accomplish?
> >
>
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net
>

I see, you want a conditional branch based on group membership. I can't
think of a way to do that in a batch file. You could redirect the output of
the dsget command to a text file. I thought I used to be able to check if a
text file was empty (zero bytes) in a batch file by copying it. If the file
was zero bytes the target file would not be created, which can be checked in
a batch file with "If Exists". I can't do it now. Either the copy command
behaves differently or I forget the exact technique. Maybe someone else
knows how.

Also, I find the /i switch is necessary in the find command to make it case
insensitive. The batch file I was testing with was:
========
@echo off
dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
dsget user -samid -c | find /i "%username%" > temp1.txt

copy temp1.txt temp2.txt > nul

If Exist temp2.txt GoTo YES
Echo User not a member of the group
GoTo END

:YES
Echo User is a member of the group
del temp2.txt

:END
del temp1.txt
============
If temp.txt is zero bytes the current user is not a member of the group.
However, temp2.txt is created even if temp1.txt is zero bytes, to the above
always reports that the user is a member of the group.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Kshaeta" <visual.eyes@telus.net> wrote in message
news:%23MeahwK8HHA.5184@TK2MSFTNGP03.phx.gbl...
> The problem isn't finding out if the person is in the group, the problem
> is using that script in say, an if/then statement.
> Sort of like
> IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC
> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
> "%USERNAME%" == %USERNAME%) DEL file.txt ELSE DEL file2.txt
>
> However, I can't do the above; It won't let me compare the "dsget..." to
> the %USERNAME%.
>
> PS - I don't know if the del things works, thats not the problem. It's
> just to figure out how to get a true/false comparison.
>
> bill
>
>
> Richard Mueller [MVP] wrote:
>> Bill Tkach wrote:
>>
>>> I have a batch file script, that needs to see if a person belongs to a
>>> certain group. So I'm trying to compare the %USERNAME% (logged on user)
>>> to the members of the group, to see if I can get either a "doesn't
>>> match" or a "does match".
>>>
>>> Here's my query
>>>
>>> dsget group "CN=Dudes,OU=OurOU,OU=ABC
>>> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
>>> "%USERNAME%"
>>>
>>> So, if you pass it the %username%, and there's a match, it returns the
>>> username.
>>> So, this gives me a name, but I can't match it the %USERNAME%... I can
>>> only get it to return the value. I can't get past this step.
>>>
>>> Is there another way to compare this, or, am I almost there?
>>>
>>> --
>>> Bill Tkach
>>> MSP, CCNA, A+
>>> visual{period}eyes{at}telus{period}net
>>
>> It seems to work. If a name is echoed, the current user is a member. If
>> nothing is echoed, the current user is not a member of the group. What do
>> you want to accomplish?
>>
>
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net

The COPY won't work, but if you do an FC, you can check the
IF/ERRORLEVEL after doing the FC to see if the output file from the FIND
matches a zero-byte file. If it's non-zero, then you likely found the
name in the group.

@echo off
dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
dsget user -samid -c | find /i "%1" > temp1.txt

@echo on > temp2.txt (Create a zero byte file)
@echo off
fc temp1.txt temp2.txt
if NOT ERRORLEVEL 1 Goto NO

Echo User is a member of the group
GoTo END

:NO
Echo User not a member of the group

:END
REM del temp1.txt
REM del temp2.txt

I've tried it... it mostly works. The only problem now is there is no
EXACT find. So if there is a person named smit and someone named
smithj, if you do a search on the USERNAME smit, within the file, but
only smithj is in there, it will return a positive, because smit is
found within smithj.

Luckily, there's no one with weird names like that. Good enough.

Thanks for the !

--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}net


Richard Mueller [MVP] wrote:
> I see, you want a conditional branch based on group membership. I can't
> think of a way to do that in a batch file. You could redirect the output of
> the dsget command to a text file. I thought I used to be able to check if a
> text file was empty (zero bytes) in a batch file by copying it. If the file
> was zero bytes the target file would not be created, which can be checked in
> a batch file with "If Exists". I can't do it now. Either the copy command
> behaves differently or I forget the exact technique. Maybe someone else
> knows how.
>
> Also, I find the /i switch is necessary in the find command to make it case
> insensitive. The batch file I was testing with was:
> ========
> @echo off
> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
> dsget user -samid -c | find /i "%username%" > temp1.txt
>
> copy temp1.txt temp2.txt > nul
>
> If Exist temp2.txt GoTo YES
> Echo User not a member of the group
> GoTo END
>
> :YES
> Echo User is a member of the group
> del temp2.txt
>
> :END
> del temp1.txt
> ============
> If temp.txt is zero bytes the current user is not a member of the group.
> However, temp2.txt is created even if temp1.txt is zero bytes, to the above
> always reports that the user is a member of the group.
>

I found a less simpler way.
thanks though!
bill

--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}netJ Ford wrote:



> Its a hack...
>
> <script>
> ' wscript.arguments(0) = <Your Domain>
> ' wscript.arguments(1) = <Your Group>
>
> Set oGroup = GetObject("WinNT://" & wscript.arguments(0) & "/" &
> wscript.arguments(1), group)
> Set oShell = CreateObject("WScript.Shell")
> Set oFSO = CreateObject("Scripting.FileSystemObject")
>
> sUserName = UCase(oShell.ExpandEnvironmentStrings("%USERNAME%" ))
>
> sMembers = ""
>
> For Each oMember in oGroup.Members
> sMembers = sMembers & ";" & UCase(oMember.Name)
> Next
>
> If InStr(sMembers, sUserName) <> 0 Then
> Set FileName = oFSO.GetFile("file.txt")
> FileName.Delete
> Else
> Set FileName = oFSO.GetFile("file2.txt")
> FileName.Delete
> End If
> </script>
>
> "Kshaeta" wrote:
>
>> The problem isn't finding out if the person is in the group, the problem
>> is using that script in say, an if/then statement.
>> Sort of like
>> IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca"
>> -expand -members | dsget user -samid -c | find "%USERNAME%" ==
>> %USERNAME%) DEL file.txt ELSE DEL file2.txt
>>
>> However, I can't do the above; It won't let me compare the "dsget..." to
>> the %USERNAME%.
>>
>> PS - I don't know if the del things works, thats not the problem. It's
>> just to figure out how to get a true/false comparison.
>>
>> bill
>>
>>
>> Richard Mueller [MVP] wrote:
>>> Bill Tkach wrote:
>>>
>>>> I have a batch file script, that needs to see if a person belongs to a
>>>> certain group. So I'm trying to compare the %USERNAME% (logged on user) to
>>>> the members of the group, to see if I can get either a "doesn't match" or a
>>>> "does match".
>>>>
>>>> Here's my query
>>>>
>>>> dsget group "CN=Dudes,OU=OurOU,OU=ABC
>>>> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
>>>> "%USERNAME%"
>>>>
>>>> So, if you pass it the %username%, and there's a match, it returns the
>>>> username.
>>>> So, this gives me a name, but I can't match it the %USERNAME%... I can
>>>> only get it to return the value. I can't get past this step.
>>>>
>>>> Is there another way to compare this, or, am I almost there?
>>>>
>>>> --
>>>> Bill Tkach
>>>> MSP, CCNA, A+
>>>> visual{period}eyes{at}telus{period}net
>>> It seems to work. If a name is echoed, the current user is a member. If
>>> nothing is echoed, the current user is not a member of the group. What do
>>> you want to accomplish?
>>>
>>
>> --
>> Bill Tkach
>> MSP, CCNA, A+
>> visual{period}eyes{at}telus{period}net
>>

How about if you echo %1 into temp2.txt and then if temp1.txt and temp2.txt
match exactly the user is a member.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Kshaeta" <visual.eyes@telus.net> wrote in message
news:ul0uxUZ8HHA.3916@TK2MSFTNGP02.phx.gbl...
> The COPY won't work, but if you do an FC, you can check the IF/ERRORLEVEL
> after doing the FC to see if the output file from the FIND matches a
> zero-byte file. If it's non-zero, then you likely found the name in the
> group.
>
> @echo off
> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
> dsget user -samid -c | find /i "%1" > temp1.txt
>
> @echo on > temp2.txt (Create a zero byte file)
> @echo off
> fc temp1.txt temp2.txt
> if NOT ERRORLEVEL 1 Goto NO
>
> Echo User is a member of the group
> GoTo END
>
> :NO
> Echo User not a member of the group
>
> :END
> REM del temp1.txt
> REM del temp2.txt
>
> I've tried it... it mostly works. The only problem now is there is no
> EXACT find. So if there is a person named smit and someone named smithj,
> if you do a search on the USERNAME smit, within the file, but only smithj
> is in there, it will return a positive, because smit is found within
> smithj.
>
> Luckily, there's no one with weird names like that. Good enough.
>
> Thanks for the !
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net
>
>
> Richard Mueller [MVP] wrote:
>> I see, you want a conditional branch based on group membership. I can't
>> think of a way to do that in a batch file. You could redirect the output
>> of the dsget command to a text file. I thought I used to be able to check
>> if a text file was empty (zero bytes) in a batch file by copying it. If
>> the file was zero bytes the target file would not be created, which can
>> be checked in a batch file with "If Exists". I can't do it now. Either
>> the copy command behaves differently or I forget the exact technique.
>> Maybe someone else knows how.
>>
>> Also, I find the /i switch is necessary in the find command to make it
>> case insensitive. The batch file I was testing with was:
>> ========
>> @echo off
>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
>> dsget user -samid -c | find /i "%username%" > temp1.txt
>>
>> copy temp1.txt temp2.txt > nul
>>
>> If Exist temp2.txt GoTo YES
>> Echo User not a member of the group
>> GoTo END
>>
>> :YES
>> Echo User is a member of the group
>> del temp2.txt
>>
>> :END
>> del temp1.txt
>> ============
>> If temp.txt is zero bytes the current user is not a member of the group.
>> However, temp2.txt is created even if temp1.txt is zero bytes, to the
>> above always reports that the user is a member of the group.
>>