Previous Section Table of Contents Next Section

Active Directory Logoff Scripts

Keep in mind that AD actually offers four types of automated scripts: logon, startup, logoff, and shutdown. Logon scripts execute when a user logs on, whereas startup scripts execute when a computer starts. Startup scripts are a good place to perform configuration changes, such as changing a computer's IP address. Logon scripts, which are what I've shown you so far in this chapter, make changes to the user's environment.

AD also supports logoff scripts, which execute when a user logs off, and shutdown scripts, which execute when a computer shuts down. It's tougher to find practical applications for these scripts, but there definitely are some. For example, you might copy a custom application's database file to a network server, if the server is available when the user logs off. That would provide a convenient, automated backup for laptop users. If you're mapping drive letters and printers in a logon script, you might unmap those in a logoff script. That way, mobile users won't see those resources if they log on to their machines while they are disconnected from the network.

graphics/arrow.gif Logoff Script

Listing 29.5 shows a sample logoff script that unmaps a network printer, which was mapped in a logon script. Note that I use On Error Resume Next in this script, so that the script doesn't generate an error if the printer isn't already mapped (which would be the case if the user had manually deleted the mapping already). Note that this is essentially a reverse script of Listing 29.4, and undoes everything that script accomplishes.

Listing 29.5. Logoff.vbs. This script is designed to run when a user logs off his computer.

Dim oSystemInfo

Dim oShell

Dim sLogonServer, sSiteName



'get logon server

Set oShell = Wscript.CreateObject("Wscript.Shell")

sLogonServer = oShell.ExpandEnvironmentStrings("%LOGONSERVER%")



'get AD site name

Set oSystemInfo = CreateObject("ADSystemInfo")

sSiteName = oSystemInfo.SiteName

'turn off error checking

On Error Resume Next



'unmap printer based on site

Select Case sSiteName

 Case "Boston"

  oNetwork.RemovePrinterConnection "\\BOS01\Laser1"

Case "New York"

  oNetwork.RemovePrinterConnection "\\NYC02\LaserJet"

Case "LA"

  oNetwork.RemovePrinterConnection "\\LASrv\HP2"

Case "Las Vegas"

  oNetwork.RemovePrinterConnection "\\VEG4\LaserJet"

Case "Houston"

  oNetwork.RemovePrinterConnection "\\TX2\HP03"

End Select



'unmap L: drive to logon server's

'UTILITIES share

oNetwork.RemoveNetworkDrive "L:", True

This script obviously needs to be modified with the correct UNCs and site names before it can be used.

graphics/arrow.gif Logoff Script-Explained

I start as usual, by declaring variables. As in the earlier logon script example, I use an environment variable to retrieve the name of the logon server, and use the AD client to discover the current site name.


Dim oSystemInfo

Dim oShell

Dim sLogonServer, sSiteName



'get logon server

Set oShell = Wscript.CreateObject("Wscript.Shell")

sLogonServer = oShell.ExpandEnvironmentStrings("%LOGONSERVER%")



'get AD site name

Set oSystemInfo = CreateObject("ADSystemInfo")

sSiteName = oSystemInfo.SiteName

Because any of these printer or drive connections could already be gone, I disable error checking. This allows the script to continue even if it encounters an error.


'turn off error checking

On Error Resume Next

Based on the site name, I remove the printer connection. Note that RemovePrinterConnection undoes mappings created with both AddPrinterConnection and AddWindowsPrinterConnection.


'unmap printer based on site

Select Case sSiteName

 Case "Boston"

  oNetwork.RemovePrinterConnection "\\BOS01\Laser1"

Case "New York"

  oNetwork.RemovePrinterConnection "\\NYC02\LaserJet"

Case "LA"

  oNetwork.RemovePrinterConnection "\\LASrv\HP2"

Case "Las Vegas"

  oNetwork.RemovePrinterConnection "\\VEG4\LaserJet"

Case "Houston"

  oNetwork.RemovePrinterConnection "\\TX2\HP03"

End Select

Finally, I remove the drive L: mapping created in the logon script. Notice the True parameter, which forces the drive to be unmapped even if the computer is using resources located on that drive; we're logging off, so it doesn't matter if there's a file open. It won't be open for long.


'unmap L: drive to logon server's

'UTILITIES share

oNetwork.RemoveNetworkDrive "L:", True

Other uses of logoff scripts might include copying instant messenger contact lists to a central location, for later retrieval by a logon script. Alternatively, you might kick off a database replication process between a central database and a local copy, causing sales orders or whatever to be updated. Logoff scripts are most useful in implementing these kinds of automated business processes, rather than performing the configuration changes we usually associate with logon scripts.

    Previous Section Table of Contents Next Section