Tuesday, February 8, 2011

ifmember.exe doesnt work Windows Vista/2008/7

ifmember.exe no longer works on Windows Vista, 2008 or Windows 7. ifmember.exe was a handy tool for checking a users group membership in bat scripts.

In previous versions of windows ifmember.exe was used like this:

ifmember.exe "MYOB Users"
if not errorlevel = 1
net use m: \\JCC-SBS\MYOB (
)


What about Windows Vista, 2008 and Windows 7? Is there an alternative for ifmember.exe? The answer is yes! I use this:

net user /domain %username% | find "MYOB Users"
if not errorlevel = 1 (
net use m: \\JCC-SBS\MYOB
)

29 comments:

  1. So for logon scripts which is the better way to go? CMD or VBS? Or is just personal preference?

    ReplyDelete
  2. I believe the command must be

    net user /domain %username% | find "MYOB Users"

    There should be a "pipe" between %username% and find.
    Else it doesnt work

    ReplyDelete
  3. Does this work?
    I haver one client that uses vista at our office and since ifmember doesn't work i need an alternative but can't afford to change the entire network logon script and then it doesn't work.

    ReplyDelete
  4. This does work, i've used it successfully on Win7 pcs via a bat file type login script.

    the correct usage is:
    net user /domain %username% | find "MYOB Users"

    you do need the "pipe" character.

    ReplyDelete
  5. Hey JP,

    Thankyou for catching that typo.

    I fixed it in the post.

    ReplyDelete
  6. Add a /i to the find command so the search is case insensitive to eliminate case errors in the name of the group.

    ReplyDelete
  7. The version of ifmember that I'm using is from 2003 from a resource kit. Anyway, it still works fine on Win7-64. I don't believe it came as part of any OS so I'm not sure what this blog post is referencing.

    Note that Net User doesn't do recursive group searching like ifmember.exe does. So, if you're a member of GroupA and GroupA is a member of GroupB, Net User will not show that you're a member of GroupB, but IfMember will.

    ReplyDelete
  8. Under what circumstance do IFMEMBER not work?

    I've been using it just fine under Win7 x64 and 2008 R2. In fact, it has been in several of my scripts for years, and I was able to use it from NT through Win7.

    ReplyDelete
  9. I'm curious as to whether or not the new syntax works with existing Win XP Pro computers as well as the Vista/Win7 computers?

    ReplyDelete
  10. Thanks guys! You saved my bacon today.

    ReplyDelete
  11. I am trying this script to replace the ifmember.exe ones I am using, and the drives map everytime. Whether the user is in the group from the find "" section.

    Any ideas why?

    ReplyDelete
  12. I dont understand your question Anonymous.

    ReplyDelete
  13. ifmember.exe can be made to work with Win 7. The problem is that when the login script loads, it is unable to find ifmember.exe because it cannot read from a UNC (i.e. \\myserver\NETLOGON). It then tries to read it from c:\windows\system32 and fails unless you have placed a copy there. The work around is to first map a drive to NETLOGON and then prefix your call to ifmember with the drive you mapped. This will work in XP also. I have not tested it with Vista. Here is the code.


    net use z: \\JCC-SBS\Netlogon

    z:\ifmember "MYOB Group"
    if errorlevel 1 net use m: \\JCC-SBS\MYOB

    net use z: /delete

    ReplyDelete
  14. THANKS YOU SO MUCH!!! Ifmember was failing for no particular reason on Server 2003, and this was just the fix I needed ;)

    ReplyDelete
  15. Hi, i'm from a user tech support environment...

    came across this blog whilst searching for the solution to:
    Application popup: ifmember.exe - Application Error : The application was unable to start correctly (0xc0000142). Click OK to close the application

    This occurred on a WinXPsp3 machine..

    this doesn't sound like something i can fix on my end... should i ask the AD admin to look into it?

    thanks!

    ReplyDelete
  16. Can you use ... net use Y: \\server\share2 ... and map it to a specific user directory within share2? In other words, if I have created folders for users within share2 using their AD name, can I map directly to that specific users folder only using something like net use Y: \\server\share2\%username%?

    ReplyDelete
  17. the mail problem with ifmember is that it doesnt work correct when account is a member of more then 55-57 groups ; some groupmembership will not be processed by ifmember.

    ReplyDelete
  18. We're banana we don't banana we don't banana and we don't banana ! Banana us !

    ReplyDelete
  19. can anyone advise how to map multiple drives based on group membership?

    I am trying the below but only the first drive maps

    net user /domain %username% | find "GB012_ACL_Engineering"
    if not errorlevel 1 (
    net use F: "\\gb012-vmsf-1202\GB012-DATA\SA\Engineering" /persistent:yes
    )

    net user /domain %username% | find "GB012_ACL_PDF_Drawings"
    if not errorlevel 1 (
    net use P: "\\Gb012-vmsf-1202\gb012-data\SA" /persistent:yes
    )

    ReplyDelete
  20. thanks for the excellent tip Clint!

    ReplyDelete
  21. Same here only first maps

    ReplyDelete
  22. put the mappings together.
    Net use F:\\path\folder
    Net use P:\\path\folder
    Net use Q:\\path\folder
    )

    If it's the same group you should be able to run multiple commands under the single search

    ReplyDelete
  23. Clint, do you know if the ifmember command will work on windows server 2012 across two active directory domains across two way transitive trust.

    ReplyDelete
  24. Unfortunate this doesn't work for me. If I have a group called "ABC" and "ABC Sales", this won't work. If I just want to apply the drives to people in the ABC group, those who are in the ABC Sales group will get the drive, too. This is because the find command only looks for the string, not the specific AD group.

    ReplyDelete