VBScript – Check User is a member of AD Group

Just a quick snippet of VBScript – To check whether or not the current user is a member of a specific Active Directory group. This could be useful when deploying scripts via GPO or using it in a netlogon script.

The example below checks to see if the user belongs to “Domain Admins” – Replace this with whatever group you would like to check.

Option Explicit
Dim objShell,grouplistD,ADSPath,userPath,listGroup
On Error Resume Next
set objShell = WScript.CreateObject( "WScript.Shell" )
  
If isMember("Domain Admins") Then
       MsgBox("Is member")
End If
  
Function IsMember(groupName)
    If IsEmpty(groupListD) then
        Set groupListD = CreateObject("Scripting.Dictionary")
        groupListD.CompareMode = 1
        ADSPath = EnvString("userdomain") & "/" & EnvString("username")
        Set userPath = GetObject("WinNT://" & ADSPath & ",user")
        For Each listGroup in userPath.Groups
            groupListD.Add listGroup.Name, "-"
        Next
    End if
    IsMember = CBool(groupListD.Exists(groupName))
End Function
  
Function EnvString(variable)
    variable = "%" & variable & "%"
    EnvString = objShell.ExpandEnvironmentStrings(variable)
End Function

Set objShell = Nothing

Steve

Web Developer, IT enthusiast & PC Gamer.

Leave a Reply

Your email address will not be published. Required fields are marked *