#202770 - 2011-08-01 04:50 PM
Connect Share with alternative Credentials - Across Windows Domains
|
MartinAD
Fresh Scripter
Registered: 2011-08-01
Posts: 13
Loc: -
|
Hello Kix Forum!
this is my first post here and my concern is something that gave and still gives me serious headaches.
following scenario:
I am working for a company that has branches all over the World.
From an IT point of view, these branches could be seen as seperated companys in the past. I was given the task to change this.
Among others things, this means that the existing AD domains will no longer be used and every computer will be integrated into the global company domain.
Part of this is the use of the standard loginscript that handles the connection of shares and printers during the logon process.
Due to the fact that it is not possible to migrate the contents of the fileserver during the domain change, i thought about a possibility to connect to shares to a foreign domain - using kix. I am using the "use" command together with username and password to connect to foreign shares. I have created a so called "connectShare" function that takes care of all the stuff that needs to be considered during a connection process.
here is the code:
function connectShare($drive, $path, OPTIONAL $force, OPTIONAL $username, OPTIONAL $password)
if isLetterInUse(left($drive,1)) = 1
if getSharePath(left($drive,1)) = $path
addError("Versuch Laufwerk "+$path+" ("+$drive+") mehrfach zu verbinden", "Es wurde versucht ein Laufwerk 2 mal zu verbinden", "function connect_shares", "Benutzer ist vermutlich Mitglied in 2 AD Gruppen die dasselbe Laufwerk verbinden wollen - z.B. 1 mal in Productstream und einmal in Productstream-ro - AD Konfiguration korrigieren.")
else
if $force = 0
addError("Versuch Laufwerk "+$drive+" mit "+$path+" zu verbinden", "Bereits belegt durch "+getSharePath(left($drive,1))+".", "function connect_shares", "Benutzer ist vermutlich Mitglied in mehreren AD-Laufwerksgruppen die denselben Buchstaben nutzen wollen! - z.B. 2x Z:\ benutzen usw. Funktion Connect_Shares und Gruppenmitgliedschaften überprüfen!")
else
addError("Erzwungene Verbindung mit "+$path+" auf Laufwerk ("+$drive+").", "War belegt durch "+getSharePath(left($drive,1))+", wurde durch "+$path+" ers.", "function connect_shares'", "Die Funktion ConnectShares wurde mit dem Parameter 'force' aufgerufen, 'force' hat das bestehende Laufwerk gelöscht und anderweitig verbunden. Das zwangs-gelöschte Laufwerk muss auf der AD-Konfiguration entfernt werden.")
use $drive /DELETE /PERSISTENT
if $username NOT ""
use $drive $path /PERSISTENT /USER:$username /PASSWORD:$password
else
use $drive $path /PERSISTENT
endif
endif
endif
else
if $username NOT ""
use $drive $path /PERSISTENT /USER:$username /Password:$password
else
use $drive $path /PERSISTENT
endif
endif
endfunction
the interesting part of the code is the lower third, especially this line:
use $drive $path /PERSISTENT /USER:$username /Password:$password
I have set up a dummy user in the old domain that handles the connection of the shares, called dummyuser. The command that i actually execute would then be something like:
"use N: \\fileserver\sharename /PERSISTENT /USER:olddomain\dummyuser /Password:blablabla"
Now my concern:
This command actually WORKS! But is very unreliable, sometimes the shares get connected sucessfully, sometimes they just wont connect. I dont see a clear pattern why this happens.
It is terribly frustrating, because i pretty much rely on this function, otherwise the difficulty and complexity of my project would increase significantly.
Is there any way to find out why this command is so unrealiable or a proper way to debug it? The build in debug function wont help me, because the synthax and the logic of the script works - it has to be related to other factors. Maybe its possible to prevent the script from just going to the next line if the connection was unsuccessfull?
Thanks for reading and thanks for sharing your thoughts!
regards
Martin
|
|
Top
|
|
|
|
|
#202997 - 2011-08-31 07:35 AM
Re: Connect Share with alternative Credentials - Across Windows Domains
[Re: Glenn Barnas]
|
MartinAD
Fresh Scripter
Registered: 2011-08-01
Posts: 13
Loc: -
|
Hello Glenn,
really appreciate your help and the time you spent, analyzing my problem!
With your suggestions I was able to refine my code and now, whenever a drive does not get mapped for whatever reason, I will see a clear and understandable error message.
I yet did not had the time to fully test my script in an production environment, but I am sure your additions will help a lot to speed up debugging in the future.
thanks again
regards
Martin
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 323 anonymous users online.
|
|
|
