To keep you logon scripts static one way of storing information on who sould get what mapped is to use the Active Directory.
First of, talk to the AD-guys and “reserve” 3 attributes on groups (or extend the schema and add your own attributes). You need attributes for:
- Share Path
- Display Name
- Type of mapping
In the example I will use:
- displayName = Share Path
- displayNamePrintable = Display Name
- extensionAttribute3 = Type of mapping (I will use a 1 for “Network Location”, 0 for not in use and letters to map to a specific drive)
Then, populate the groups with information:
Import-Module ActiveDirectory
Get-Adgroup "MyGroupName" | Set-ADGroup -Replace @{
DisplayName="\\SERVER\PathToMapAsNetworkLocation";
DisplayNamePrintable="Some Description";
extensionAttribute3=1
}
Get-Adgroup "SomeOtherGroupName" | Set-ADGroup -Replace @{
DisplayName="\\SERVER\PathToMapAsDrive";
DisplayNamePrintable="Some Description";
extensionAttribute3=X
}
Get-Adgroup "ProjXDocs" | Set-ADGroup -Replace @{
DisplayName="\\SERVER\Projects\ProjectXdocuments";
DisplayNamePrintable="ProjectX Documents";
extensionAttribute3=1
}
Then, retrieve the groups for the current user with a recursive LDAP-query.
Function Get-SharesToMap {
<#
.SYNOPSIS
Read groups in AD for a user, then collect information to use when mapping disk
#>
PARAM (
$UserDN = (Get-UserDN)
)
$mappedShares = @()
$ldapFilter = "(&(member:1.2.840.113556.1.4.1941:=$($UserDN))(displayName=*)(extensionAttribute3=*)(!extensionAttribute3=0))"
Run-LdapQuery -ldapFilter $ldapFilter | ForEach-Object {
Write-Verbose "Get-SharesToMap: $($ssabMappedSharePath) - Mapping: $($ssabMappedShare)"
$shareInfo = New-Object -TypeName System.Object
$shareInfo | add-Member -memberType NoteProperty -name Group -Value $_.Properties.Item("cn")
$shareInfo | add-Member -memberType NoteProperty -name Path -Value $_.Properties.Item('displayName')
$shareInfo | add-Member -memberType NoteProperty -name DisplayName -Value $_.Properties.Item('displayNamePrintable')
$shareInfo | add-Member -memberType NoteProperty -name MappedShare -Value $_.Properties.Item('extensionAttribute3')
$mappedShares += $shareInfo
}
Return $mappedShares
}
Now you have a list of all shares to take care of…
Get-SharesToMap | Sort-Object Path | ForEach-Object {
$Path = $_.Path
$MappedShare = $_.MappedShare
$DisplayName = $_.DisplayName
# Map UNC path once
If ($lastMappedPath -ne $Path) {
Switch -regex ($MappedShare) {
0 { Write-Verbose "Loginscript:Main: Do not map UNC path $($UncPath)" }
1 { Create-NethoodShortcut -LinkTarget $Path -LinkName $DisplayName -Description $DisplayName }
"[A-Z]" { Map-UncPathToDrive -UncPath $Path -DriveLetter $MappedShare }
default { Write-Verbose "Loginscript:Main: $($MappedShare) Do not map path $($Path)" }
}
$lastMappedPath = $Path
}
}
With this in place, no one needs to edit the logonscript to change mappings.
Sidenote 1:
To speed up the LDAP-queries add indexes on the attributes.
Start MMC
Add the snapin “Active Directory Schema”
Search for the attribute(s)
On the properties-page, check the box “Index this attribute”
Sidenote 2:
To make it easy to search the attributes, check the box “Ambigous Name Resolution (ANR)” in the properties page for the attribute
With ANR enabled you can do a LDAP-query like:
(ANR=SomeNameOfTheShare)
So, if someone wants to be member of the group for the share “ProjectX” just query like (ANR=ProjectX) and the group for that share will show up.