none
Active Directory groups..

    General discussion

  • Hello,

    We are doing productions migrations.. I migrated a user account & workstation from source domain to the target domain.. every thing got migrated successfully and the user is able to access every thing in the new domain except the drive mappings.. Here is the scenario..

    The users in the source xyz.com domain are using a different server sitting in another domain 123.com for drivemappings \\123.com\MIS.. but the user has been migrated to the target domain target.com.. when the user is trying to access the drive mappings some how it is not working and it is giving an error if member is an invalid command.. As we are using the logonscripts for the drive mappings.. Also there is a group in the source domain which is been nested to the drive mapping server in the 123.com domain.. We tried adding the user to the MIS folder manually then it worked..  Can any one of you please help me with any suggestions as we are in the middle of the production migrations..

    Appreciate your responses..

    Thanks,

    Kolachina

    Saturday, October 19, 2013 12:46 AM

All replies

  • hi

    You seem to have two error.

    The ifmember is not found, thus check to be sure it's available on the new dc, or within the scope of the loginscript location.

    The security group mean to me that he does not have access to the folder, somehow are you sure the user still belong to that group after the migration?


    Regards, Philippe

    Saturday, October 19, 2013 2:47 AM
    Moderator
  • if member is called with in the logon script.. after the migration we are adding a prefix to the group name? will that matter...

    Saturday, October 19, 2013 2:55 AM
  • Iam not a script guru, but maybe, if it try to locate a group x and it does not find it

    Regards, Philippe

    Saturday, October 19, 2013 3:01 AM
    Moderator
  • Untill  there are any  group membership changes made it really doesn't matter if we change the group name..
    Saturday, October 19, 2013 4:40 PM
  • Does your logon script use the ifmember utility from NT, or KixStart? Or is it a batch file or VBScript program? We may need to see your logon script to troubleshoot.

    If the group name is changed, that does not affect group membership, but if the logon script is using an IfMember function to check membership, then that must be modified to reflect the new group name.


    Richard Mueller - MVP Directory Services

    Saturday, October 19, 2013 4:52 PM
  • Hi Richard..

    We are using VBScript program.. here is the logon script.. In this script DRD is the prefix name of the groups in target domain..

    @ECHO OFF

    ifmember "DRD-MIGRATED"
      if not errorlevel 1 goto END
      NET USE J: /d
      NET USE J: servername\123 /p:y         

    :IMOLA
     ifmember "DRD-IMOLAJDRIVE"
      if not errorlevel 1 goto CRAIG
      NET USE U: /d
      NET USE U: servername\234 /p:y

    :ADMIN
    ifmember "DRD-MISADMIN"
      if not errorlevel 1 goto CRAIG
      NET USE T: /d
      NET USE T: servername\E$ /p:y

    :CRAIG
    ifmember "DRD-CRAIGJDRIVE"
      if not errorlevel 1 goto BEN
      NET USE Q: /d
      NET USE Q: servername\HOME\BRESLINC /p:y
     
    :BEN
    ifmember "DRD-BENEFITS"
      if not errorlevel 1 goto KARABUS
      NET USE S: /d
      NET USE S: servername\GROUPS\BENEFITS /p:y

    :KARABUS
    ifmember "DRD-KARABUS"
      if not errorlevel 1 goto STORES
      NET USE T: /d
      NET USE T: servername\GROUPS\KARABUS /p:y

    :STORES
    ifmember "DRD-STORES" 
      if not errorlevel 1 goto COMP
      NET USE S: /d
      NET USE S: servername\GROUPS\STROPS /p:y

    :COMP
    ifmember "DRD-COMPLIANCE"
      if not errorlevel 1 goto CCENTER
      NET USE Q: /d
      NET USE Q: servername\GROUPS\COMPLIANCE /p:y

    :CCENTER
    ifmember "DRD-CCENTER" 
      if not errorlevel 1 goto HR
      NET USE S: /d
      NET USE S: servername\GROUPS\CCENTER /p:y

    :HR
    ifmember "DRD-HR" 
      if not errorlevel 1 goto BADGE
      NET USE R: /d
      NET USE R: servername\GROUPS\HR /p:y

    :BADGE
    ifmember "DRD-IDBADGE" 
      if not errorlevel 1 goto CCH
      NET USE N: /d
      NET USE N: servername\GROUPS\IDBADGE /p:y

    :CCH
    ifmember "DRD-CCH" 
      if not errorlevel 1 goto RESTATE
      NET USE Q: /d
      NET USE Q: servername\GROUPS\CCH /p:y

    :RESTATE
    ifmember "DRD-RESTATE" 
      if not errorlevel 1 goto LEASE
      NET USE W: /d
      NET USE W: servername\GROUPS\RESTATE /p:y

    :LEASE
    ifmember "DRD-LEASE" 
      if not errorlevel 1 goto VAC
      NET USE L: /d
      NET USE L: servername\GROUPS\LEASE /p:y

    :VAC
    ifmember "DRD-VACATION" 
      if not errorlevel 1 goto TRAIN
      NET USE V: /d
      NET USE V: servername\GROUPS\VACATION /p:y

    :TRAIN
    ifmember "DRD-TRAINING"
      if not errorlevel 1 goto MIS
      NET USE S: /d
      NET USE S: servername\GROUPS\TRAINING /p:y

    :MIS
    ifmember "DRD-MIS"
      if not errorlevel 1 goto WHSE
      NET USE S: /d
      NET USE L: /d
      NET USE S: servername\GROUPS\MIS /p:y
      NET USE L: servername\GROUPS\MIS_APPS /p:y

    :WHSE
    ifmember "DRD-WAREHOUSE"
      if not errorlevel 1 goto WHSE2
      NET USE S: /d
      NET USE S: servername\GROUPS\WAREHOUSE /p:y

    :WHSE2
    ifmember "DRD-WAREHOUSE2"
      if not errorlevel 1 goto SPACE
      NET USE O: /d
      NET USE O: servername\GROUPS\WAREHOUSE /p:y

    :SPACE
    ifmember "DRD-SPACEMAN"
      if not errorlevel 1 goto TFLEET
      NET USE U: /d
      NET USE U: servername\GROUPS\SPACEMAN /p:y

    :TFLEET
    ifmember "DRD-TFLEET"
      if not errorlevel 1 goto RECLAIM
      NET USE T: /d
      NET USE T: servername\GROUPS\TFLEET /p:y

    :RECLAIM
    ifmember "DRD-RECLAMATION"
      if not errorlevel 1 goto RECLAIM2
      NET USE R: /d
      NET USE R: servername\GROUPS\RECLAIM /p:y

    :RECLAIM2
    ifmember "DRD-RECLAMATION2"
      if not errorlevel 1 goto GIFT
      NET USE L: /d
      NET USE L: servername\GROUPS\RECLAIM /p:y

    :GIFT
    ifmember "DRD-GIFT" 
      if not errorlevel 1 goto CONSTRUC
      NET USE Q: /d
      NET USE Q: servername\GROUPS\GIFT /p:y

    :CONSTRUC
    ifmember "DRD-CONSTRUC"
      if not errorlevel 1 goto LOSS
      NET USE R: /d
      NET USE R: servername\GROUPS\CONSTRUC /p:y

    :LOSS
    ifmember "DRD-LOSS" 
      if not errorlevel 1 goto EXEC
      NET USE L: /d
      NET USE L: servername\GROUPS\LOSS /p:y

    :EXEC
    ifmember "DRD-EXECUTIVE"
      if not errorlevel 1 goto RXTRADE
      NET USE X: /d
      NET USE X: servername\GROUPS\EXECUTIV /p:y

    :RXTRADE
    ifmember "DRD-RXTRADE"
      if not errorlevel 1 goto PHOTO
      NET USE N: /d
      NET USE N: servername\GROUPS\RXTRADE /p:y

    :PHOTO
    ifmember "DRD-PHOTO"
      if not errorlevel 1 goto FIN
      NET USE P: /d
      NET USE P: servername\GROUPS\PHOTO /p:y

    :FIN
    ifmember "DRD-FINANCE"
      if not errorlevel 1 goto RIDEAS
      NET USE S: /d
      NET USE S: servername\GROUPS\FINANCE /p:y

    :RIDEAS
    ifmember "DRD-RIDEAS"
      if not errorlevel 1 goto RIDEAS2
      NET USE R: /d
      NET USE R: servername\GROUPS\RIDEAS /p:y

    :RIDEAS2
    ifmember "DRD-RIDEAS2"
      if not errorlevel 1 goto NITRO
      NET USE U: /d
      NET USE U: servername\GROUPS\RIDEAS /p:y

    :NITRO
    ifmember "DRD-NITRO"
      if not errorlevel 1 goto PHARM
      NET USE N: /d
      NET USE N: servername\GROUPS\NITRO /p:y

    :PHARM
    ifmember "DRD-PHARMACY" 
      if not errorlevel 1 goto DRD-BUY
      NET USE P: /d
      NET USE P: servername\GROUPS\PHARMACY /p:y

    :BUY
    ifmember "DRD-BUYING"
      if not errorlevel 1 goto BUY2
      NET USE S: /d
      NET USE S: servername\GROUPS\BUYING /p:y

    :BUY2
    ifmember "DRD-BUYING2"
      if not errorlevel 1 goto FINRPT
      NET USE N: /d
      NET USE N: servername\GROUPS\BUYING /p:y

    :FINRPT
    ifmember "DRD-FINRPT" 
      if not errorlevel 1 goto FINRPT2
      NET USE R: /d
      NET USE R: servername\GROUPS\FINRPT /p:y

    :FINRPT2
    ifmember "DRD-FINRPT2" 
      if not errorlevel 1 goto RXMARKET
      NET USE Q: /d
      NET USE Q: servername\GROUPS\FINRPT /p:y

    :RXMARKET
    ifmember "DRD-RXMARKETING" 
      if not errorlevel 1 goto RXLOG
      NET USE M: /d
      NET USE M: servername\GROUPS\RXMARKET /p:y

    :RXLOG
    ifmember "DRD-RXLOG" 
      if not errorlevel 1 goto LABOR
      NET USE O: /d
      NET USE O: servername\GROUPS\RXLOG /p:y

    :LABOR
    ifmember "DRD-LABOR" 
      if not errorlevel 1 goto ID_UPLOAD
      NET USE T: /d
      NET USE T: servername\GROUPS\LABOR /p:y

    :ID_UPLOAD
    ifmember "DRD-ID_UPLOAD" 
      if not errorlevel 1 goto HRIS
      NET USE U: /d
      NET USE U: servername\GROUPS\ID_UPLOAD /p:y

    :HRIS
    ifmember "DRD-HRIS" 
      if not errorlevel 1 goto OVERSHORT
      NET USE H: /d
      NET USE H: servername\GROUPS\HRIS /p:y

    :OVERSHORT
    ifmember "DRD-OVERSHORT" 
      if not errorlevel 1 goto SMART
      NET USE Y: /d
      NET USE Y: servername\GROUPS\OVERSHORT /p:y

    :SMART
    ifmember "DRD-SMART" 
      if not errorlevel 1 goto SCI
      NET USE M: /d
      NET USE M: servername\GROUPS\SMART /p:y

    :SCI
    ifmember "DRD-SCI" 
      if not errorlevel 1 goto STOREDRIVE
      NET USE Q: /d
      NET USE Q: servername\GROUPS\SCI /p:y

    :STOREDRIVE
    ifmember "DRD-STOREDRIVE" 
      if not errorlevel 1 goto SLIMDOCS
      NET USE Y: /d
      NET USE Y: servername\STORES /p:y

    :SLIMDOCS
    ifmember "DRD-SLIMDOCS" 
      if not errorlevel 1 goto END
      NET USE M: /d
      NET USE M: servername\GROUPS\SLIMDOCS /p:y


    GOTO END

    :END

    Thanks,

    Kolachina

     

    Saturday, October 19, 2013 5:26 PM
  • The code you posted is a batch file (with *.bat or *.cmd extension), not a VBScript. It uses the IfMember utility, which is not part of any Windows OS, so it must be installed or copied. It sounds to me like the old utility from the Windows NT Resource Kit. If you go to a command prompt on a client and enter "ifmember" you should get the same error message, because the utility is not found, and it is an invalid command. I don't know how the utility was installed, but you probably can find it on a client in the old domain.

    This IfMember utility was just about the only way to check for group membership in a batch file. There is no built in utility that can be used in a batch file. Perhaps you should consider converting to a VBScript program.

    I discuss methods for checking group membership in logon scripts on this page:

    http://www.rlmueller.net/LogonScriptGuidelines.htm

    I have an example VBScript logon script that maps drives according to group membership linked on this page:

    http://www.rlmueller.net/Logon3.htm

    You probably don't need the section in Logon3.vbs that maps a printer according to the computer group membership. Just repeat the section for mapping a drive for each user group membership you need to check. The functions are designed so that the group membership of the user is retrieved once and saved in a dictionary object, so it is efficient when you need to check a lot of groups (as you do).


    Richard Mueller - MVP Directory Services

    Saturday, October 19, 2013 11:11 PM
  • Thanks Richard, So will it be sufficient to convert the script in to VB script in the target domain....

    Regards,

    Saturday, October 19, 2013 11:52 PM
  • Yes, or copy the ifmember.exe or maybe use GPP as you only map user letter. (Using Group Policy Preferences to Map Drives Based on Group Membership)

     like I told in my first post :)

    You seem to have two error.

    The ifmember is not found, thus check to be sure it's available on the new dc, or within the scope of the loginscript location.

    Be sure the ifmember.exe is in a path the computer can call it. Richard give a good advice to simply try to run the ifmember to see if it's calling or not.  Usually when I used it I copied it to c:\windows or c:\windows\system (so it's in the default %path% value)


    Regards, Philippe

    Sunday, October 20, 2013 4:17 AM
    Moderator