I have a batch file script, that needs to see if a person belongs to a
certain group. So I'm trying to compare the %USERNAME% (logged on user)
to the members of the group, to see if I can get either a "doesn't
match" or a "does match".

Here's my query

dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca" -expand
-members | dsget user -samid -c | find "%USERNAME%"

So, if you pass it the %username%, and there's a match, it returns the
username.
So, this gives me a name, but I can't match it the %USERNAME%... I can
only get it to return the value. I can't get past this step.

Is there another way to compare this, or, am I almost there?

--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}net

Bill Tkach wrote:

>I have a batch file script, that needs to see if a person belongs to a
>certain group. So I'm trying to compare the %USERNAME% (logged on user) to
>the members of the group, to see if I can get either a "doesn't match" or a
>"does match".
>
> Here's my query
>
> dsget group "CN=Dudes,OU=OurOU,OU=ABC
> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
> "%USERNAME%"
>
> So, if you pass it the %username%, and there's a match, it returns the
> username.
> So, this gives me a name, but I can't match it the %USERNAME%... I can
> only get it to return the value. I can't get past this step.
>
> Is there another way to compare this, or, am I almost there?
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net

It seems to work. If a name is echoed, the current user is a member. If
nothing is echoed, the current user is not a member of the group. What do
you want to accomplish?

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

The problem isn't finding out if the person is in the group, the problem
is using that script in say, an if/then statement.
Sort of like
IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca"
-expand -members | dsget user -samid -c | find "%USERNAME%" ==
%USERNAME%) DEL file.txt ELSE DEL file2.txt

However, I can't do the above; It won't let me compare the "dsget..." to
the %USERNAME%.

PS - I don't know if the del things works, thats not the problem. It's
just to figure out how to get a true/false comparison.

bill


Richard Mueller [MVP] wrote:
> Bill Tkach wrote:
>
>> I have a batch file script, that needs to see if a person belongs to a
>> certain group. So I'm trying to compare the %USERNAME% (logged on user) to
>> the members of the group, to see if I can get either a "doesn't match" or a
>> "does match".
>>
>> Here's my query
>>
>> dsget group "CN=Dudes,OU=OurOU,OU=ABC
>> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
>> "%USERNAME%"
>>
>> So, if you pass it the %username%, and there's a match, it returns the
>> username.
>> So, this gives me a name, but I can't match it the %USERNAME%... I can
>> only get it to return the value. I can't get past this step.
>>
>> Is there another way to compare this, or, am I almost there?
>>
>> --
>> Bill Tkach
>> MSP, CCNA, A+
>> visual{period}eyes{at}telus{period}net
>
> It seems to work. If a name is echoed, the current user is a member. If
> nothing is echoed, the current user is not a member of the group. What do
> you want to accomplish?
>


--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}net

Its a hack...

<script>
' wscript.arguments(0) = <Your Domain>
' wscript.arguments(1) = <Your Group>

Set oGroup = GetObject("WinNT://" & wscript.arguments(0) & "/" &
wscript.arguments(1), group)
Set oShell = CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")

sUserName = UCase(oShell.ExpandEnvironmentStrings("%USERNAME%" ))

sMembers = ""

For Each oMember in oGroup.Members
sMembers = sMembers & ";" & UCase(oMember.Name)
Next

If InStr(sMembers, sUserName) <> 0 Then
Set FileName = oFSO.GetFile("file.txt")
FileName.Delete
Else
Set FileName = oFSO.GetFile("file2.txt")
FileName.Delete
End If
</script>

"Kshaeta" wrote:

> The problem isn't finding out if the person is in the group, the problem
> is using that script in say, an if/then statement.
> Sort of like
> IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca"
> -expand -members | dsget user -samid -c | find "%USERNAME%" ==
> %USERNAME%) DEL file.txt ELSE DEL file2.txt
>
> However, I can't do the above; It won't let me compare the "dsget..." to
> the %USERNAME%.
>
> PS - I don't know if the del things works, thats not the problem. It's
> just to figure out how to get a true/false comparison.
>
> bill
>
>
> Richard Mueller [MVP] wrote:
> > Bill Tkach wrote:
> >
> >> I have a batch file script, that needs to see if a person belongs to a
> >> certain group. So I'm trying to compare the %USERNAME% (logged on user) to
> >> the members of the group, to see if I can get either a "doesn't match" or a
> >> "does match".
> >>
> >> Here's my query
> >>
> >> dsget group "CN=Dudes,OU=OurOU,OU=ABC
> >> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
> >> "%USERNAME%"
> >>
> >> So, if you pass it the %username%, and there's a match, it returns the
> >> username.
> >> So, this gives me a name, but I can't match it the %USERNAME%... I can
> >> only get it to return the value. I can't get past this step.
> >>
> >> Is there another way to compare this, or, am I almost there?
> >>
> >> --
> >> Bill Tkach
> >> MSP, CCNA, A+
> >> visual{period}eyes{at}telus{period}net
> >
> > It seems to work. If a name is echoed, the current user is a member. If
> > nothing is echoed, the current user is not a member of the group. What do
> > you want to accomplish?
> >
>
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net
>

I see, you want a conditional branch based on group membership. I can't
think of a way to do that in a batch file. You could redirect the output of
the dsget command to a text file. I thought I used to be able to check if a
text file was empty (zero bytes) in a batch file by copying it. If the file
was zero bytes the target file would not be created, which can be checked in
a batch file with "If Exists". I can't do it now. Either the copy command
behaves differently or I forget the exact technique. Maybe someone else
knows how.

Also, I find the /i switch is necessary in the find command to make it case
insensitive. The batch file I was testing with was:
========
@echo off
dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
dsget user -samid -c | find /i "%username%" > temp1.txt

copy temp1.txt temp2.txt > nul

If Exist temp2.txt GoTo YES
Echo User not a member of the group
GoTo END

:YES
Echo User is a member of the group
del temp2.txt

:END
del temp1.txt
============
If temp.txt is zero bytes the current user is not a member of the group.
However, temp2.txt is created even if temp1.txt is zero bytes, to the above
always reports that the user is a member of the group.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Kshaeta" <visual.eyes@telus.net> wrote in message
news:%23MeahwK8HHA.5184@TK2MSFTNGP03.phx.gbl...
> The problem isn't finding out if the person is in the group, the problem
> is using that script in say, an if/then statement.
> Sort of like
> IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC
> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
> "%USERNAME%" == %USERNAME%) DEL file.txt ELSE DEL file2.txt
>
> However, I can't do the above; It won't let me compare the "dsget..." to
> the %USERNAME%.
>
> PS - I don't know if the del things works, thats not the problem. It's
> just to figure out how to get a true/false comparison.
>
> bill
>
>
> Richard Mueller [MVP] wrote:
>> Bill Tkach wrote:
>>
>>> I have a batch file script, that needs to see if a person belongs to a
>>> certain group. So I'm trying to compare the %USERNAME% (logged on user)
>>> to the members of the group, to see if I can get either a "doesn't
>>> match" or a "does match".
>>>
>>> Here's my query
>>>
>>> dsget group "CN=Dudes,OU=OurOU,OU=ABC
>>> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
>>> "%USERNAME%"
>>>
>>> So, if you pass it the %username%, and there's a match, it returns the
>>> username.
>>> So, this gives me a name, but I can't match it the %USERNAME%... I can
>>> only get it to return the value. I can't get past this step.
>>>
>>> Is there another way to compare this, or, am I almost there?
>>>
>>> --
>>> Bill Tkach
>>> MSP, CCNA, A+
>>> visual{period}eyes{at}telus{period}net
>>
>> It seems to work. If a name is echoed, the current user is a member. If
>> nothing is echoed, the current user is not a member of the group. What do
>> you want to accomplish?
>>
>
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net

The COPY won't work, but if you do an FC, you can check the
IF/ERRORLEVEL after doing the FC to see if the output file from the FIND
matches a zero-byte file. If it's non-zero, then you likely found the
name in the group.

@echo off
dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
dsget user -samid -c | find /i "%1" > temp1.txt

@echo on > temp2.txt (Create a zero byte file)
@echo off
fc temp1.txt temp2.txt
if NOT ERRORLEVEL 1 Goto NO

Echo User is a member of the group
GoTo END

:NO
Echo User not a member of the group

:END
REM del temp1.txt
REM del temp2.txt

I've tried it... it mostly works. The only problem now is there is no
EXACT find. So if there is a person named smit and someone named
smithj, if you do a search on the USERNAME smit, within the file, but
only smithj is in there, it will return a positive, because smit is
found within smithj.

Luckily, there's no one with weird names like that. Good enough.

Thanks for the !

--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}net


Richard Mueller [MVP] wrote:
> I see, you want a conditional branch based on group membership. I can't
> think of a way to do that in a batch file. You could redirect the output of
> the dsget command to a text file. I thought I used to be able to check if a
> text file was empty (zero bytes) in a batch file by copying it. If the file
> was zero bytes the target file would not be created, which can be checked in
> a batch file with "If Exists". I can't do it now. Either the copy command
> behaves differently or I forget the exact technique. Maybe someone else
> knows how.
>
> Also, I find the /i switch is necessary in the find command to make it case
> insensitive. The batch file I was testing with was:
> ========
> @echo off
> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
> dsget user -samid -c | find /i "%username%" > temp1.txt
>
> copy temp1.txt temp2.txt > nul
>
> If Exist temp2.txt GoTo YES
> Echo User not a member of the group
> GoTo END
>
> :YES
> Echo User is a member of the group
> del temp2.txt
>
> :END
> del temp1.txt
> ============
> If temp.txt is zero bytes the current user is not a member of the group.
> However, temp2.txt is created even if temp1.txt is zero bytes, to the above
> always reports that the user is a member of the group.
>

I found a less simpler way.
thanks though!
bill

--
Bill Tkach
MSP, CCNA, A+
visual{period}eyes{at}telus{period}netJ Ford wrote:



> Its a hack...
>
> <script>
> ' wscript.arguments(0) = <Your Domain>
> ' wscript.arguments(1) = <Your Group>
>
> Set oGroup = GetObject("WinNT://" & wscript.arguments(0) & "/" &
> wscript.arguments(1), group)
> Set oShell = CreateObject("WScript.Shell")
> Set oFSO = CreateObject("Scripting.FileSystemObject")
>
> sUserName = UCase(oShell.ExpandEnvironmentStrings("%USERNAME%" ))
>
> sMembers = ""
>
> For Each oMember in oGroup.Members
> sMembers = sMembers & ";" & UCase(oMember.Name)
> Next
>
> If InStr(sMembers, sUserName) <> 0 Then
> Set FileName = oFSO.GetFile("file.txt")
> FileName.Delete
> Else
> Set FileName = oFSO.GetFile("file2.txt")
> FileName.Delete
> End If
> </script>
>
> "Kshaeta" wrote:
>
>> The problem isn't finding out if the person is in the group, the problem
>> is using that script in say, an if/then statement.
>> Sort of like
>> IF (dsget group "CN=Dudes,OU=OurOU,OU=ABC Network,DC=abcdef,DC=ca"
>> -expand -members | dsget user -samid -c | find "%USERNAME%" ==
>> %USERNAME%) DEL file.txt ELSE DEL file2.txt
>>
>> However, I can't do the above; It won't let me compare the "dsget..." to
>> the %USERNAME%.
>>
>> PS - I don't know if the del things works, thats not the problem. It's
>> just to figure out how to get a true/false comparison.
>>
>> bill
>>
>>
>> Richard Mueller [MVP] wrote:
>>> Bill Tkach wrote:
>>>
>>>> I have a batch file script, that needs to see if a person belongs to a
>>>> certain group. So I'm trying to compare the %USERNAME% (logged on user) to
>>>> the members of the group, to see if I can get either a "doesn't match" or a
>>>> "does match".
>>>>
>>>> Here's my query
>>>>
>>>> dsget group "CN=Dudes,OU=OurOU,OU=ABC
>>>> Network,DC=abcdef,DC=ca" -expand -members | dsget user -samid -c | find
>>>> "%USERNAME%"
>>>>
>>>> So, if you pass it the %username%, and there's a match, it returns the
>>>> username.
>>>> So, this gives me a name, but I can't match it the %USERNAME%... I can
>>>> only get it to return the value. I can't get past this step.
>>>>
>>>> Is there another way to compare this, or, am I almost there?
>>>>
>>>> --
>>>> Bill Tkach
>>>> MSP, CCNA, A+
>>>> visual{period}eyes{at}telus{period}net
>>> It seems to work. If a name is echoed, the current user is a member. If
>>> nothing is echoed, the current user is not a member of the group. What do
>>> you want to accomplish?
>>>
>>
>> --
>> Bill Tkach
>> MSP, CCNA, A+
>> visual{period}eyes{at}telus{period}net
>>

How about if you echo %1 into temp2.txt and then if temp1.txt and temp2.txt
match exactly the user is a member.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Kshaeta" <visual.eyes@telus.net> wrote in message
news:ul0uxUZ8HHA.3916@TK2MSFTNGP02.phx.gbl...
> The COPY won't work, but if you do an FC, you can check the IF/ERRORLEVEL
> after doing the FC to see if the output file from the FIND matches a
> zero-byte file. If it's non-zero, then you likely found the name in the
> group.
>
> @echo off
> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
> dsget user -samid -c | find /i "%1" > temp1.txt
>
> @echo on > temp2.txt (Create a zero byte file)
> @echo off
> fc temp1.txt temp2.txt
> if NOT ERRORLEVEL 1 Goto NO
>
> Echo User is a member of the group
> GoTo END
>
> :NO
> Echo User not a member of the group
>
> :END
> REM del temp1.txt
> REM del temp2.txt
>
> I've tried it... it mostly works. The only problem now is there is no
> EXACT find. So if there is a person named smit and someone named smithj,
> if you do a search on the USERNAME smit, within the file, but only smithj
> is in there, it will return a positive, because smit is found within
> smithj.
>
> Luckily, there's no one with weird names like that. Good enough.
>
> Thanks for the !
>
> --
> Bill Tkach
> MSP, CCNA, A+
> visual{period}eyes{at}telus{period}net
>
>
> Richard Mueller [MVP] wrote:
>> I see, you want a conditional branch based on group membership. I can't
>> think of a way to do that in a batch file. You could redirect the output
>> of the dsget command to a text file. I thought I used to be able to check
>> if a text file was empty (zero bytes) in a batch file by copying it. If
>> the file was zero bytes the target file would not be created, which can
>> be checked in a batch file with "If Exists". I can't do it now. Either
>> the copy command behaves differently or I forget the exact technique.
>> Maybe someone else knows how.
>>
>> Also, I find the /i switch is necessary in the find command to make it
>> case insensitive. The batch file I was testing with was:
>> ========
>> @echo off
>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
>> dsget user -samid -c | find /i "%username%" > temp1.txt
>>
>> copy temp1.txt temp2.txt > nul
>>
>> If Exist temp2.txt GoTo YES
>> Echo User not a member of the group
>> GoTo END
>>
>> :YES
>> Echo User is a member of the group
>> del temp2.txt
>>
>> :END
>> del temp1.txt
>> ============
>> If temp.txt is zero bytes the current user is not a member of the group.
>> However, temp2.txt is created even if temp1.txt is zero bytes, to the
>> above always reports that the user is a member of the group.
>>

Once you get this working, use the script to see if it incorrectly detects
user SmithX as a member of a group that only SmithXX is a member of.

/Al

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:uqtW2Ac8HHA.1484@TK2MSFTNGP06.phx.gbl...
> How about if you echo %1 into temp2.txt and then if temp1.txt and
> temp2.txt match exactly the user is a member.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Kshaeta" <visual.eyes@telus.net> wrote in message
> news:ul0uxUZ8HHA.3916@TK2MSFTNGP02.phx.gbl...
>> The COPY won't work, but if you do an FC, you can check the IF/ERRORLEVEL
>> after doing the FC to see if the output file from the FIND matches a
>> zero-byte file. If it's non-zero, then you likely found the name in the
>> group.
>>
>> @echo off
>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
>> dsget user -samid -c | find /i "%1" > temp1.txt
>>
>> @echo on > temp2.txt (Create a zero byte file)
>> @echo off
>> fc temp1.txt temp2.txt
>> if NOT ERRORLEVEL 1 Goto NO
>>
>> Echo User is a member of the group
>> GoTo END
>>
>> :NO
>> Echo User not a member of the group
>>
>> :END
>> REM del temp1.txt
>> REM del temp2.txt
>>
>> I've tried it... it mostly works. The only problem now is there is no
>> EXACT find. So if there is a person named smit and someone named smithj,
>> if you do a search on the USERNAME smit, within the file, but only smithj
>> is in there, it will return a positive, because smit is found within
>> smithj.
>>
>> Luckily, there's no one with weird names like that. Good enough.
>>
>> Thanks for the !
>>
>> --
>> Bill Tkach
>> MSP, CCNA, A+
>> visual{period}eyes{at}telus{period}net
>>
>>
>> Richard Mueller [MVP] wrote:
>>> I see, you want a conditional branch based on group membership. I can't
>>> think of a way to do that in a batch file. You could redirect the output
>>> of the dsget command to a text file. I thought I used to be able to
>>> check if a text file was empty (zero bytes) in a batch file by copying
>>> it. If the file was zero bytes the target file would not be created,
>>> which can be checked in a batch file with "If Exists". I can't do it
>>> now. Either the copy command behaves differently or I forget the exact
>>> technique. Maybe someone else knows how.
>>>
>>> Also, I find the /i switch is necessary in the find command to make it
>>> case insensitive. The batch file I was testing with was:
>>> ========
>>> @echo off
>>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
>>> dsget user -samid -c | find /i "%username%" > temp1.txt
>>>
>>> copy temp1.txt temp2.txt > nul
>>>
>>> If Exist temp2.txt GoTo YES
>>> Echo User not a member of the group
>>> GoTo END
>>>
>>> :YES
>>> Echo User is a member of the group
>>> del temp2.txt
>>>
>>> :END
>>> del temp1.txt
>>> ============
>>> If temp.txt is zero bytes the current user is not a member of the group.
>>> However, temp2.txt is created even if temp1.txt is zero bytes, to the
>>> above always reports that the user is a member of the group.
>>>
>
>

Come to think of it, it doesn't work. If both SmithX and SmithXX are members
of the group (and you are checking if SmithX is a member), file temp1.txt
will have both names, while file temp2.txt will only have one. The fc
command will show the files do not match and act as if SmithX is not a
member. Oh well.

Richard

"Al Dunbar" <AlanDrub@hotmail.com.nospaam> wrote in message
news:uI2P1Ck8HHA.4712@TK2MSFTNGP04.phx.gbl...
> Once you get this working, use the script to see if it incorrectly detects
> user SmithX as a member of a group that only SmithXX is a member of.
>
> /Al
>
> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
> message news:uqtW2Ac8HHA.1484@TK2MSFTNGP06.phx.gbl...
>> How about if you echo %1 into temp2.txt and then if temp1.txt and
>> temp2.txt match exactly the user is a member.
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "Kshaeta" <visual.eyes@telus.net> wrote in message
>> news:ul0uxUZ8HHA.3916@TK2MSFTNGP02.phx.gbl...
>>> The COPY won't work, but if you do an FC, you can check the
>>> IF/ERRORLEVEL after doing the FC to see if the output file from the FIND
>>> matches a zero-byte file. If it's non-zero, then you likely found the
>>> name in the group.
>>>
>>> @echo off
>>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
>>> dsget user -samid -c | find /i "%1" > temp1.txt
>>>
>>> @echo on > temp2.txt (Create a zero byte file)
>>> @echo off
>>> fc temp1.txt temp2.txt
>>> if NOT ERRORLEVEL 1 Goto NO
>>>
>>> Echo User is a member of the group
>>> GoTo END
>>>
>>> :NO
>>> Echo User not a member of the group
>>>
>>> :END
>>> REM del temp1.txt
>>> REM del temp2.txt
>>>
>>> I've tried it... it mostly works. The only problem now is there is no
>>> EXACT find. So if there is a person named smit and someone named
>>> smithj, if you do a search on the USERNAME smit, within the file, but
>>> only smithj is in there, it will return a positive, because smit is
>>> found within smithj.
>>>
>>> Luckily, there's no one with weird names like that. Good enough.
>>>
>>> Thanks for the !
>>>
>>> --
>>> Bill Tkach
>>> MSP, CCNA, A+
>>> visual{period}eyes{at}telus{period}net
>>>
>>>
>>> Richard Mueller [MVP] wrote:
>>>> I see, you want a conditional branch based on group membership. I can't
>>>> think of a way to do that in a batch file. You could redirect the
>>>> output of the dsget command to a text file. I thought I used to be able
>>>> to check if a text file was empty (zero bytes) in a batch file by
>>>> copying it. If the file was zero bytes the target file would not be
>>>> created, which can be checked in a batch file with "If Exists". I can't
>>>> do it now. Either the copy command behaves differently or I forget the
>>>> exact technique. Maybe someone else knows how.
>>>>
>>>> Also, I find the /i switch is necessary in the find command to make it
>>>> case insensitive. The batch file I was testing with was:
>>>> ========
>>>> @echo off
>>>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
>>>> dsget user -samid -c | find /i "%username%" > temp1.txt
>>>>
>>>> copy temp1.txt temp2.txt > nul
>>>>
>>>> If Exist temp2.txt GoTo YES
>>>> Echo User not a member of the group
>>>> GoTo END
>>>>
>>>> :YES
>>>> Echo User is a member of the group
>>>> del temp2.txt
>>>>
>>>> :END
>>>> del temp1.txt
>>>> ============
>>>> If temp.txt is zero bytes the current user is not a member of the
>>>> group. However, temp2.txt is created even if temp1.txt is zero bytes,
>>>> to the above always reports that the user is a member of the group.
>>>>
>>
>>
>
>

That's one reason why I have always felt that any technique that does some
sort of text comparison between an account name and a list of members of a
group is, to say the least, somewhat suspect. It would be more correct, I
think, to compare the distinguished name of the user with those of the
members.

/Al

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:u0EYJjk8HHA.5504@TK2MSFTNGP02.phx.gbl...
> Come to think of it, it doesn't work. If both SmithX and SmithXX are
> members of the group (and you are checking if SmithX is a member), file
> temp1.txt will have both names, while file temp2.txt will only have one.
> The fc command will show the files do not match and act as if SmithX is
> not a member. Oh well.
>
> Richard
>
> "Al Dunbar" <AlanDrub@hotmail.com.nospaam> wrote in message
> news:uI2P1Ck8HHA.4712@TK2MSFTNGP04.phx.gbl...
>> Once you get this working, use the script to see if it incorrectly
>> detects user SmithX as a member of a group that only SmithXX is a member
>> of.
>>
>> /Al
>>
>> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
>> message news:uqtW2Ac8HHA.1484@TK2MSFTNGP06.phx.gbl...
>>> How about if you echo %1 into temp2.txt and then if temp1.txt and
>>> temp2.txt match exactly the user is a member.
>>>
>>> --
>>> Richard Mueller
>>> Microsoft MVP Scripting and ADSI
>>> Hilltop Lab - http://www.rlmueller.net
>>> --
>>>
>>> "Kshaeta" <visual.eyes@telus.net> wrote in message
>>> news:ul0uxUZ8HHA.3916@TK2MSFTNGP02.phx.gbl...
>>>> The COPY won't work, but if you do an FC, you can check the
>>>> IF/ERRORLEVEL after doing the FC to see if the output file from the
>>>> FIND matches a zero-byte file. If it's non-zero, then you likely found
>>>> the name in the group.
>>>>
>>>> @echo off
>>>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members |
>>>> dsget user -samid -c | find /i "%1" > temp1.txt
>>>>
>>>> @echo on > temp2.txt (Create a zero byte file)
>>>> @echo off
>>>> fc temp1.txt temp2.txt
>>>> if NOT ERRORLEVEL 1 Goto NO
>>>>
>>>> Echo User is a member of the group
>>>> GoTo END
>>>>
>>>> :NO
>>>> Echo User not a member of the group
>>>>
>>>> :END
>>>> REM del temp1.txt
>>>> REM del temp2.txt
>>>>
>>>> I've tried it... it mostly works. The only problem now is there is no
>>>> EXACT find. So if there is a person named smit and someone named
>>>> smithj, if you do a search on the USERNAME smit, within the file, but
>>>> only smithj is in there, it will return a positive, because smit is
>>>> found within smithj.
>>>>
>>>> Luckily, there's no one with weird names like that. Good enough.
>>>>
>>>> Thanks for the !
>>>>
>>>> --
>>>> Bill Tkach
>>>> MSP, CCNA, A+
>>>> visual{period}eyes{at}telus{period}net
>>>>
>>>>
>>>> Richard Mueller [MVP] wrote:
>>>>> I see, you want a conditional branch based on group membership. I
>>>>> can't think of a way to do that in a batch file. You could redirect
>>>>> the output of the dsget command to a text file. I thought I used to be
>>>>> able to check if a text file was empty (zero bytes) in a batch file by
>>>>> copying it. If the file was zero bytes the target file would not be
>>>>> created, which can be checked in a batch file with "If Exists". I
>>>>> can't do it now. Either the copy command behaves differently or I
>>>>> forget the exact technique. Maybe someone else knows how.
>>>>>
>>>>> Also, I find the /i switch is necessary in the find command to make it
>>>>> case insensitive. The batch file I was testing with was:
>>>>> ========
>>>>> @echo off
>>>>> dsget group "cn=MyGroup,ou=Sales,dc=MyDomain,dc=com" -expand -members
>>>>> | dsget user -samid -c | find /i "%username%" > temp1.txt
>>>>>
>>>>> copy temp1.txt temp2.txt > nul
>>>>>
>>>>> If Exist temp2.txt GoTo YES
>>>>> Echo User not a member of the group
>>>>> GoTo END
>>>>>
>>>>> :YES
>>>>> Echo User is a member of the group
>>>>> del temp2.txt
>>>>>
>>>>> :END
>>>>> del temp1.txt
>>>>> ============
>>>>> If temp.txt is zero bytes the current user is not a member of the
>>>>> group. However, temp2.txt is created even if temp1.txt is zero bytes,
>>>>> to the above always reports that the user is a member of the group.
>>>>>
>>>
>>>
>>
>>
>
>