I found some code to do this out on the net the other day. I’ve modified it a little, and added the part that checks environment variables.
Note 3: 30th May 2014 – This post is consistently one of the most popular posts on my blog. By now, you should be looking at PowerShell to replace VBScript. The 40-odd lines of VBScript below can be replaced by a single line of PowerShell. See this post here.
Note 2: 21st February 2013 – I’ve updated the script so that it will work with Option Explicit. People who used this would see every check returning “true”. Thanks to “Zounder1” for making me aware of this.
Note: 11th October 2010 – Since this post is so popular, I’ve cleaned up the code a bit and re-posted it below.
Option Explicit
Dim objShell,grouplistD,ADSPath,userPath,listGroup
On Error Resume Next
set objShell = WScript.CreateObject( "WScript.Shell" )
'Calls the isMember function with the specified group to see if the current user
' is a member of that group.
If isMember("GroupNameToCheckGoesHere") Then
'MsgBox("Is member") ' Do something here if they are a member of the group
Else
'MsgBox("Is not member") ' Do something here if they are not a member of the group
End If
' *****************************************************
'This function checks to see if the passed group name contains the current
' user as a member. Returns True or False
Function IsMember(groupName)
If IsEmpty(groupListD) then
Set groupListD = CreateObject("Scripting.Dictionary")
groupListD.CompareMode = 1
ADSPath = EnvString("userdomain") & "/" & EnvString("username")
Set userPath = GetObject("WinNT://" & ADSPath & ",user")
For Each listGroup in userPath.Groups
groupListD.Add listGroup.Name, "-"
Next
End if
IsMember = CBool(groupListD.Exists(groupName))
End Function
' *****************************************************
' *****************************************************
'This function returns a particular environment variable's value.
' for example, if you use EnvString("username"), it would return
' the value of %username%.
Function EnvString(variable)
variable = "%" & variable & "%"
EnvString = objShell.ExpandEnvironmentStrings(variable)
End Function
' *****************************************************
' Clean up
Set objShell = Nothing
User Error 
Excellent script, this is exactly what i was looking for. I appreciate your clean scripting style.
I will call this in a terminal services logon script to map a drive for only users in a specific group.
Thanks!
LikeLike
I am a bit of a VBScript noob. Here is my question. I am not seeing what the user variable is. Or can this script read all of the Active Directory??
LikeLike
It’s just grabbing the username out of an environment variable:
EnvString("username")LikeLike
Great script !!!
Thanks for sharing.
LikeLike
Thanks for the great utility, however as this is vbscript you should either define TextCompare in
groupListD.CompareMode = TextCompare
or write
groupListD.CompareMode = 1
otherwise it would do BinaryCompare (without option explicit turned on) or throw an error…
-roland
LikeLike
Thanks. I’m already using that comparemode
LikeLike
Hi Daniel,
Very nice script. How about if I want to find out if the all domain users are members of a certain group?
Thanks.
Mircea
LikeLike
I haven’t needed to do that in VBScript – but I used to use IFMember.exe in batch files. Apparently it doesn’t work anymore, but I haven’t used it for a long time.
LikeLike
The script is a gem, haven’t found any tighter vbs code.
But I think a previous poster tried to point out that there is no definition of the constant Textcomparemode in the script. Would be easier to just write:
groupListD.CompareMode = 1 ‘ this is TextCompareMode / case insensitive
As the script stands, it will indeed do a case sensitive search which will potentially give unwanted results in many AD environments as happened to me :o)
LikeLike
Thanks for that, Jørn. I’ve updated the script.
MS TechNet – Configuring Dictionary Properties
LikeLike
great piece of code, thank you very much! 🙂
LikeLike
This code not listing all groups the user is memeber of.I am checking outlook “member of” tab none of teh groups listed there are listed by this code.I need to find out if a particular user is part of a Active directory group.
LikeLike
I don’t know what you mean by “not listing all groups”, as the code isn’t meant to list anything. Have a look at the “ifmember.exe” command. Specifically, with the /list or /l switch.
LikeLike
Hello,
I am disappointed by VBS. This works part of the time. Under Windows 7, this works consistently. Under XP, this does not work. All IF statements are true, when there should be only one right answer. Hmm… What is missing with XP?
LikeLike
I don’t even have an XP machine to test on, sorry.
LikeLike
Thanks.
You have a script check is computer is member of a certain group? This script check only user but i need script check computer is member or not.
Thanks
LikeLike
This is building the dictionary for every Member Checked, meaning the “If IsEmpty(groupListD) then” is redundant.
Using the following at line 4 will cause script to only create dictionary once.
Dim groupListD
LikeLike
Thankyou by the way!!
LikeLike
Thank you for this awesome code. Works like a charm! And to the person using XP, I have this script working on about 100+ XP computers in their logon script and have not had a single issue thus far (using this code to check on about 15 different groups).
LikeLike
Just a note to the person that had the the script always returns “TRUE”. I usually include the statement “OPTION EXPLICIT ON” in my VBS scripts.
I dropped this script into a pre-existing script and when I ran the script every group check returned “TRUE” that the user is a member of the group. (Even when they were not.)
When I removed OPTION EXPLICIT from my VBS script group detection worked correctly. To re-enable OPTION EXPLICIT I will need to define any missing variable declarations using DIM at the start of the script.
It is a subtle gotcha that people should be aware of.
LikeLike
Hi,
I am just using the first section and and cleanup but it always returns “Is Member” even if I am not a member of the group I put in the script.
Any Ideas ?
Thanks . . .
Option Explicit
Dim objShell,SmartcardGroup,grouplistD,ADSPath,userPath,listGroup
On Error Resume Next
set objShell = WScript.CreateObject( “WScript.Shell” )
‘Set SmartcardGroup = “id-fpki-common-authentication”
‘Calls the isMember function with the specified group to see if the current user
‘ is a member of that group.
If isMember (“id-fpki-common-authentication”) Then
MsgBox(“Is member”) ‘ Do something here if they are a member of the group
Else
MsgBox(“Is not member”) ‘ Do something here if they are not a member of the group
End If
‘ Clean up
Set objShell = Nothing
LikeLike
Hello Again,
I figured out why it always returned “Is Member”. I was getting an error but not seeing it because of the “On Error Resume Next” line. I commented that out and the error is. . .
Line: 11
Char: 1
Error: Variable is undefined: ‘IsMember’
Code: 800A01F4
Source: MS VBScript runtime error
Any help would be greatly appreciated.
Option Explicit
Dim objShell,SmartcardGroup,grouplistD,ADSPath,userPath,listGroup
‘On Error Resume Next
set objShell = WScript.CreateObject( “WScript.Shell” )
‘Set SmartcardGroup = “id-fpki-common-authentication”
‘Set NoSmartcardRequiredGroup = “NoSmartcardRequired”
‘Calls the isMember function with the specified group to see if the current user
‘ is a member of that group.
If isMember (“id-fpki-common-authentication”) Then
MsgBox(“Is member”) ‘ Do something here if they are a member of the group
Else
MsgBox(“Is not member”) ‘ Do something here if they are not a member of the group
End If
‘ Clean up
Set objShell = Nothing
LikeLike
Hi, Thanks for this script!
Just one remark: I modified it a little bit for my purpose, so that I can “send” a username to the function, that will be proofed.
In this case you have to proof for “False” . Otherwise the result would be “is member”, although you sent a username, that doesn’t exist in AD.
with greetings, Stephan
P.S.: Please excuse my probably bad english, i’m not a native speaker…
LikeLike
What do i need to do for local users and groups?
LikeLike