asked on

How to determine if user is administrator or not in Active Directory?

Hi, I am authenticate users on Active Directory using the following code but how can I determine if this user is administrator or not, should I check if this user is member of Administrators built-in group? if so how can I do that?

Here is the authentication code:
<%Const ADS_SECURE_AUTHENTICATION = 0

Function IsAuthenticated(Domain, Username, Password)
On Error Resume Next
Dim authNamespace, authObject
Set authNamespace = GetObject("WinNT:")

Set authObject = authNamespace.OpenDSObject("WinNT://" & Domain, Domain & "\" & strUsername, strPassword, ADS_SECURE_AUTHENTICATION)

If Err.Number <> 0 Then
IsAuthenticated = False
Else
IsAuthenticated = True
End If
Set authNamespace = Nothing
Set authObject = Nothing
End Function

%>

ASKER CERTIFIED SOLUTION

WMIF

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Abdu_Allah

ASKER

Sorry but I could not understand this code! whay you are using ADO?! I want to get members of domain in Active Diretoctory not from database.

WMIF

using ado because we need to retrieve records from the active directory database. try running that page by itself and you can see what it does. you would have to loop through the memberOf field and check for the group.

Abdu_Allah

ASKER

Ok thank you but the question now is should the administrator is member of Administrator built-in group?
Something else do active directory members can have permissions to write or read files for example? if so what are these field names to retrieve their values?

WMIF

getting the value from active directory will only give you the domain wide permissions. this wont tell you if that user has read write permissions for a specific directory. in this field, you would be looking for 'domain admins' and 'domain users'.