我正在使用如下所示的 powershell 脚本,它查看 AD 安全组成员身份并基于它为用户映射驱动器。我想要完成的是,当它看到用户从某个 IP 或子网登录时,除了它从 AD 组成员中获取的驱动器之外,它还会映射一组不同的驱动器,任何见解都将不胜感激。
# The section below determines what AD groups is the user member of
$strName = $env:username
function get-GroupMembership($DNName,$cGroup){
$strFilter = "(&(objectCategory=User)(samAccountName=$strName))"
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.Filter = $strFilter
$objPath = $objSearcher.FindOne()
$objUser = $objPath.GetDirectoryEntry()
$DN = $objUser.distinguishedName
$strGrpFilter = "(&(objectCategory=group)(name=$cGroup))"
$objGrpSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objGrpSearcher.Filter = $strGrpFilter
$objGrpPath = $objGrpSearcher.FindOne()
If (!($objGrpPath -eq $Null)){
$objGrp = $objGrpPath.GetDirectoryEntry()
$grpDN = $objGrp.distinguishedName
$ADVal = [ADSI]"LDAP://$DN"
if ($ADVal.memberOf.Value -eq $grpDN){
$returnVal = 1
return $returnVal = 1
}else{
$returnVal = 0
return $returnVal = 0
}
}else{
$returnVal = 0
return $returnVal = 0
}
}
# The section below maps network drives based on users AD Security Group memberships
$result = get-groupMembership $strName "SecurityGrtoup1"
if ($result -eq '1') {
$(New-Object -ComObject WScript.Network).RemoveNetworkDrive("G:");
$(New-Object -ComObject WScript.Network).MapNetworkDrive("G:", "\\server1\Group");
$(New-Object -ComObject WScript.Network).RemoveNetworkDrive("P:");
$(New-Object -ComObject WScript.Network).MapNetworkDrive("P:", "\\server2\Common");
}
$result = get-groupMembership $strName "SecurityGroup3"
if ($result -eq '1') {
$(New-Object -ComObject WScript.Network).RemoveNetworkDrive("N:");
$(New-Object -ComObject WScript.Network).MapNetworkDrive("N:", "\\Server3\files");
}