VBScript – Check User is a member of AD Group

Just a quick snippet of VBScript – To check whether or not the current user is a member of a specific Active Directory group. This could be useful when deploying scripts via GPO or using it in a netlogon script.

The example below checks to see if the user belongs to “Domain Admins” – Replace this with whatever group you would like to check.

Option Explicit
Dim objShell,grouplistD,ADSPath,userPath,listGroup
On Error Resume Next
set objShell = WScript.CreateObject( "WScript.Shell" )
If isMember("Domain Admins") Then
       MsgBox("Is member")
End If
Function IsMember(groupName)
    If IsEmpty(groupListD) then
        Set groupListD = CreateObject("Scripting.Dictionary")
        groupListD.CompareMode = 1
        ADSPath = EnvString("userdomain") & "/" & EnvString("username")
        Set userPath = GetObject("WinNT://" & ADSPath & ",user")
        For Each listGroup in userPath.Groups
            groupListD.Add listGroup.Name, "-"
    End if
    IsMember = CBool(groupListD.Exists(groupName))
End Function
Function EnvString(variable)
    variable = "%" & variable & "%"
    EnvString = objShell.ExpandEnvironmentStrings(variable)
End Function

Set objShell = Nothing

Powershell – Update Active Directory Users Profile Data

Here is a small snippet to bulk update an OU with user profile data. Recently used to fill in default values for AD.

Change the OU and Domain details to suit; Requires full LDAP path (e.g. YOURDOMAIN.LOCAL would be DC=YOURDOM,DC=LOCAL)

Import-Module ActiveDirectory 
$Users = Get-ADUser -Filter * -SearchBase "OU=Users,DC=YOURDOM,DC=LOCAL"

foreach($User in $Users) {
    # Update properties.
    $User.postalAddress = "Address Line 1"
	$User.street = "Address Line 2"
	$User.telephoneNumber = "00000 00000000"
	$User.department = "Your Department"
	$User.wWWHomePage = "www.website.com"
	$User.postOfficeBox = "England"
	$User.city = "City"
	$User.state = "County"
	$User.postalCode = "Post Code"
    Set-ADUser -Instance $User

Always be careful bulk updating users via script. More profile values can be found in the Advanced Attribute Editor in the Active Directory Snap-In.