Abdu_Allah
asked on
How to determine if user is administrator or not in Active Directory?
Hi, I am authenticate users on Active Directory using the following code but how can I determine if this user is administrator or not, should I check if this user is member of Administrators built-in group? if so how can I do that?
Here is the authentication code:
<%Const ADS_SECURE_AUTHENTICATION = 0
Function IsAuthenticated(Domain, Username, Password)
On Error Resume Next
Dim authNamespace, authObject
Set authNamespace = GetObject("WinNT:")
Set authObject = authNamespace.OpenDSObject ("WinNT:// " & Domain, Domain & "\" & strUsername, strPassword, ADS_SECURE_AUTHENTICATION)
If Err.Number <> 0 Then
IsAuthenticated = False
Else
IsAuthenticated = True
End If
Set authNamespace = Nothing
Set authObject = Nothing
End Function
%>
Here is the authentication code:
<%Const ADS_SECURE_AUTHENTICATION = 0
Function IsAuthenticated(Domain, Username, Password)
On Error Resume Next
Dim authNamespace, authObject
Set authNamespace = GetObject("WinNT:")
Set authObject = authNamespace.OpenDSObject
If Err.Number <> 0 Then
IsAuthenticated = False
Else
IsAuthenticated = True
End If
Set authNamespace = Nothing
Set authObject = Nothing
End Function
%>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
using ado because we need to retrieve records from the active directory database. try running that page by itself and you can see what it does. you would have to loop through the memberOf field and check for the group.
ASKER
Ok thank you but the question now is should the administrator is member of Administrator built-in group?
Something else do active directory members can have permissions to write or read files for example? if so what are these field names to retrieve their values?
Something else do active directory members can have permissions to write or read files for example? if so what are these field names to retrieve their values?
getting the value from active directory will only give you the domain wide permissions. this wont tell you if that user has read write permissions for a specific directory. in this field, you would be looking for 'domain admins' and 'domain users'.
ASKER