Updated: VBScript – Check if current user is a member of a certain group

I found some code to do this out on the net the other day. I’ve modified it a little, and added the part that checks environment variables.

Note 3: 30th May 2014 – This post is consistently one of the most popular posts on my blog. By now, you should be looking at PowerShell to replace VBScript. The 40-odd lines of VBScript below can be replaced by a single line of PowerShell. See this post here.

Note 2: 21st February 2013 – I’ve updated the script so that it will work with Option Explicit. People who used this would see every check returning “true”. Thanks to “Zounder1” for making me aware of this.

Note: 11th October 2010 – Since this post is so popular, I’ve cleaned up the code a bit and re-posted it below.

Option Explicit
Dim objShell,grouplistD,ADSPath,userPath,listGroup
On Error Resume Next

set objShell = WScript.CreateObject( "WScript.Shell" )
 
'Calls the isMember function with the specified group to see if the current user
' is a member of that group.
If isMember("GroupNameToCheckGoesHere") Then
       'MsgBox("Is member") ' Do something here if they are a member of the group
    Else
       'MsgBox("Is not member") ' Do something here if they are not a member of the group
End If
 
' *****************************************************
'This function checks to see if the passed group name contains the current
' user as a member. Returns True or False
Function IsMember(groupName)
    If IsEmpty(groupListD) then
        Set groupListD = CreateObject("Scripting.Dictionary")
        groupListD.CompareMode = 1
        ADSPath = EnvString("userdomain") & "/" & EnvString("username")
        Set userPath = GetObject("WinNT://" & ADSPath & ",user")
        For Each listGroup in userPath.Groups
            groupListD.Add listGroup.Name, "-"
        Next
    End if
    IsMember = CBool(groupListD.Exists(groupName))
End Function
' *****************************************************
 
' *****************************************************
'This function returns a particular environment variable's value.
' for example, if you use EnvString("username"), it would return
' the value of %username%.
Function EnvString(variable)
    variable = "%" & variable & "%"
    EnvString = objShell.ExpandEnvironmentStrings(variable)
End Function
' *****************************************************
 
' Clean up
Set objShell = Nothing

23 thoughts on “Updated: VBScript – Check if current user is a member of a certain group

  1. Excellent script, this is exactly what i was looking for. I appreciate your clean scripting style.

    I will call this in a terminal services logon script to map a drive for only users in a specific group.

    Thanks!

    Like

  2. I am a bit of a VBScript noob. Here is my question. I am not seeing what the user variable is. Or can this script read all of the Active Directory??

    Like

  3. Thanks for the great utility, however as this is vbscript you should either define TextCompare in
    groupListD.CompareMode = TextCompare
    or write
    groupListD.CompareMode = 1

    otherwise it would do BinaryCompare (without option explicit turned on) or throw an error…

    -roland

    Like

  4. Hi Daniel,

    Very nice script. How about if I want to find out if the all domain users are members of a certain group?

    Thanks.

    Mircea

    Like

  5. The script is a gem, haven’t found any tighter vbs code.

    But I think a previous poster tried to point out that there is no definition of the constant Textcomparemode in the script. Would be easier to just write:

    groupListD.CompareMode = 1 ‘ this is TextCompareMode / case insensitive

    As the script stands, it will indeed do a case sensitive search which will potentially give unwanted results in many AD environments as happened to me :o)

    Like

  6. This code not listing all groups the user is memeber of.I am checking outlook “member of” tab none of teh groups listed there are listed by this code.I need to find out if a particular user is part of a Active directory group.

    Like

  7. I don’t know what you mean by “not listing all groups”, as the code isn’t meant to list anything. Have a look at the “ifmember.exe” command. Specifically, with the /list or /l switch.

    Like

  8. Hello,

    I am disappointed by VBS. This works part of the time. Under Windows 7, this works consistently. Under XP, this does not work. All IF statements are true, when there should be only one right answer. Hmm… What is missing with XP?

    Like

  9. Thanks.
    You have a script check is computer is member of a certain group? This script check only user but i need script check computer is member or not.
    Thanks

    Like

  10. This is building the dictionary for every Member Checked, meaning the “If IsEmpty(groupListD) then” is redundant.

    Using the following at line 4 will cause script to only create dictionary once.

    Dim groupListD

    Like

  11. Thank you for this awesome code. Works like a charm! And to the person using XP, I have this script working on about 100+ XP computers in their logon script and have not had a single issue thus far (using this code to check on about 15 different groups).

    Like

  12. Just a note to the person that had the the script always returns “TRUE”. I usually include the statement “OPTION EXPLICIT ON” in my VBS scripts.

    I dropped this script into a pre-existing script and when I ran the script every group check returned “TRUE” that the user is a member of the group. (Even when they were not.)

    When I removed OPTION EXPLICIT from my VBS script group detection worked correctly. To re-enable OPTION EXPLICIT I will need to define any missing variable declarations using DIM at the start of the script.

    It is a subtle gotcha that people should be aware of.

    Like

  13. Hi,

    I am just using the first section and and cleanup but it always returns “Is Member” even if I am not a member of the group I put in the script.

    Any Ideas ?

    Thanks . . .

    Option Explicit
    Dim objShell,SmartcardGroup,grouplistD,ADSPath,userPath,listGroup
    On Error Resume Next

    set objShell = WScript.CreateObject( “WScript.Shell” )
    ‘Set SmartcardGroup = “id-fpki-common-authentication”

    ‘Calls the isMember function with the specified group to see if the current user
    ‘ is a member of that group.
    If isMember (“id-fpki-common-authentication”) Then
    MsgBox(“Is member”) ‘ Do something here if they are a member of the group
    Else
    MsgBox(“Is not member”) ‘ Do something here if they are not a member of the group
    End If

    ‘ Clean up
    Set objShell = Nothing

    Like

  14. Hello Again,

    I figured out why it always returned “Is Member”. I was getting an error but not seeing it because of the “On Error Resume Next” line. I commented that out and the error is. . .

    Line: 11
    Char: 1
    Error: Variable is undefined: ‘IsMember’
    Code: 800A01F4
    Source: MS VBScript runtime error

    Any help would be greatly appreciated.

    Option Explicit
    Dim objShell,SmartcardGroup,grouplistD,ADSPath,userPath,listGroup
    ‘On Error Resume Next

    set objShell = WScript.CreateObject( “WScript.Shell” )
    ‘Set SmartcardGroup = “id-fpki-common-authentication”
    ‘Set NoSmartcardRequiredGroup = “NoSmartcardRequired”

    ‘Calls the isMember function with the specified group to see if the current user
    ‘ is a member of that group.
    If isMember (“id-fpki-common-authentication”) Then
    MsgBox(“Is member”) ‘ Do something here if they are a member of the group
    Else
    MsgBox(“Is not member”) ‘ Do something here if they are not a member of the group
    End If

    ‘ Clean up
    Set objShell = Nothing

    Like

  15. Hi, Thanks for this script!
    Just one remark: I modified it a little bit for my purpose, so that I can “send” a username to the function, that will be proofed.
    In this case you have to proof for “False” . Otherwise the result would be “is member”, although you sent a username, that doesn’t exist in AD.

    with greetings, Stephan
    P.S.: Please excuse my probably bad english, i’m not a native speaker…

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s