2

We are looking to replace our current Kix scripts with Powershell scripts and I was curious how to test group membership to map network drives. Our current kix script basically just does an if statement on every user group and tests if the user is a part of that group, if they are, it maps a network drive. Here is an example:

If InGroup("ADGROUP") Use m: "\\server\share" EndIf 

I doubt this is the most efficient way to do this but I wanted to ask how I can accomplish the same thing in PowerShell and what people recommend for a proper way to map drives and printers for users in Active Directory.

If this information is needed all of our clients are on Windows Vista/7 and we are just now moving to AD 2008.

6 Answers 6

3

I would use group policy preferences to map drives in AD. See Using Group Policy Preferences to Map Drives Based on Group Membership for details. I also encourage user education on showing them how to add network locations to their libraries.

1

I spent THREE whole days trying to convert our existing Kix file (which I created) to Powershell.

What I've found, Powershell is still not fully ready to be used as a login script. Maybe in the latest version but with Powershell 2.0 right now, I've found that the commands used are mainly ported from VBS.

The "If" command in Kixtart I think is very effective because I've used it on numerous client sites and it WORKS. Plain and simple, it's quick, the command is easy to read for a System Administrator who has never used Kix before. I mean, if you compare the same drive mapping command in Kixtart with what you have to write to do the same thing in Powershell seems overly complicated.

I have written about it on my blog: http://thisishelpful.com/kix-login-script-remote-desktop-services-server-terminal-server.html. I'm going to update it with a comparison of my kix script with my modified Powershell script and you'll see what I mean.

Hope that helps.

0

For the AD side, you might want to look at Quest's AD cmdlets.

0
# ************ script de connexion aux lecteurs réseau *************** $filter = "(&(objectcategory=user)(Name=$env:username))" $ds = New-object System.DirectoryServices.DirectorySearcher([ADSI]"",$filter) $user = ($ds.Findone()).properties.memberof #********************** Mappage du drive commun aux Directions S foreach ($grouppath in $user) { $group = ([adsi]"LDAP://$($grouppath.tostring())").sAMAccountname switch ($group) { "group1" {net use S: \\fileserver\share1 } "group2" {net use S: \\fileserver\share2 } "group3" {net use S: \\fileserver\share3 } "group4" {net use S: \\fileserver\share4 } } } 
0

To check for group membership in PowerShell:

$wid=[System.Security.Principal.WindowsIdentity]::GetCurrent() $prp=new-object System.Security.Principal.WindowsPrincipal($wid) $adm=[System.Security.Principal.WindowsBuiltInRole]::Administrator $IsAdmin=$prp.IsInRole($adm) 

The last two lines are the pattern to follow for an inbuilt group (there are a number of these). There is also an overload of IsInRole that takes a string, eg. "domain\group".

To map the drive executing net use ... is likely simplest (PowerShell can easily call console executables).

0

(Many years later, in Windows PowerShell v5.1 and PowerShell (Core) 7) the direct translation of your code is probably the following (untested, since I don't have access to AD):

# Load the required assembly; needed in WinPS only; assembly is preloaded in PS 7. Add-Type -AssemblyName System.DirectoryServices.AccountManagement if ([DirectoryServices.AccountManagement.UserPrincipal]::Current. GetAuthorizationGroups().Name -contains 'ADGROUP') { net use m: "\\server\share" # add options as needed, e.g. /persistent:yes } 

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.