09-09-2008 02:48 PM
One of the shortcomings that I see with the SSL VPN is that you can't use <userAttr.scriptPath> for running a logon script for network connect.
Has anyone written a vb script file that does the LDAP bind to pull and get this variable? You can then execute cscript with that .vbs file that you get back. Our AD infrastructure uses .vbs files for all users logons and I don't want to try and manually tie script files to user roles as they may change.
The only way I can see this scaling for a large organization is to have a .bat file (one thing ssl vpn accepts) that calls a vbs file that will pull your scriptPath attribute and execute that with another cscript call.
Any other solutions?
Solved! Go to Solution.
09-10-2008 11:06 PM
Here is a script I did a couple years ago. Might be what you need.
'* Purpose: Script reads in scriptpath attribute from AD and runs their login script. For Juniper VPN Users.
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set objShell = WScript.CreateObject("WScript.Shell")
Set objNetwork = CreateObject("Wscript.Network")
strUser = objNetwork.UserName
wscript.echo "User: " & strUser
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = ("ADsDSOObject")
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
objCommand.CommandText = "SELECT samAccountName,scriptpath,ADsPath FROM " & _
"'LDAP://dc=hotelgroup,dc=com' " & _
"WHERE samAccountName = " & strUser
objCommand.Properties("SearchScope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
Wscript.Echo "User not found."
Do Until objRecordSet.EOF
Wscript.Echo "Running login Script: " & objRecordSet.Fields("scriptpath").Value
strScript = objRecordSet.Fields("scriptpath").Value
objShell.Run("%comspec% /c \\domain\netlogon\" & strScript ), 1, True
Wscript.echo "End of Script"