Solved

Determine Group Memberships using ADO and Active Directory

Posted on 2002-05-16
9
225 Views
Last Modified: 2009-07-29
I am looking for code examples to determine a users' group memebership in Active Directory using ADO.  We have Win 2000 and VB 6.0.  And we want to see if a user is a member of particular group to authenticate the user using ADSI for a custom application.
0
Comment
Question by:ChiefDamon
  • 6
  • 3
9 Comments
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014041
0
 
LVL 1

Accepted Solution

by:
pjbaratelli earned 200 total points
ID: 7014240
You need two objects to compare to find out if a user is a member of a group.  The IADsUser and the IADsGroup.
Once you have these two objects set correctly, compare them.  

Private conn As ADODB.Connection

Public Function IsUserInGroup(strUserName as String, strDom as String,Optional strGroup as String) as Boolean

     if IsMissing(strGroup) then
          Set adsGroup = adGroup(dom) ' Group variable not sent
     else
          Set adsGroup = adGroup(dom,strGroup)  ' Group variable sent
     end if

     Set adsUser = adUser(strUserName)

     if  adsGroup.IsMember(adsUser.ADsPath) then
          IsUserInGroup = true
     else
          IsUserInGroup = false
     end if

       Set adsGroup = Nothing
       set adsUser = Nothing

end function

************* This snipit of code returns IADsUser ****


Public Function adUser(userName As String, dom as String) As IADsUser

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection

     strQuery = "<" & dom & ">;(&(objectClass=User)(objectCategory=person)" & _
                       "(SamAccountName=" & userName & "));AdsPath, sAMAccountName; subTree"
                     
          ADsPath = adRS(strQuery).Fields("ADsPath")
                       adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adUser = dsObj.OpenDSObject(ADsPath,  [ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
    Set conn = Nothing
           
End Function


********************* This part get the Group ****

Public Function adGroup(dom as String,Optional strGroup As Variant = "Domain Users") As IADsGroup

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection
    strQuery = "<" & dom & ">;(&(objectCategory=group)" & _
               "(cn=" & strGroup & "));AdsPath,cn; subTree"
               
    ADsPath = adRS(strQuery).Fields("ADsPath")
    adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adGroup = dsObj.OpenDSObject(ADsPath,[ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
           
End Function

***************** These functions are used by the above funcitons **********************

Private Function adConnection() As ADODB.Connection

    Set adConnection = New ADODB.Connection
     
    On Error GoTo errCode
    Set adConnection = CreateObject("ADODB.Connection")
    adConnection.Provider = "ADsDSOObject"
    adConnection.ConnectionString = "Active Directory Provider"
    adConnection.Properties("User ID") = [ Place admin ldap path here ]
    adConnection.Properties("Password") = [ Place admin pasword here ]
    adConnection.Properties("Encrypt Password") = True
    adConnection.Open
   
End Function

Public Function adRS(cmdText As String) As ADODB.Recordset

    Dim cmd As ADODB.Command
    Dim strQuery As String
    Dim ADsPath As String
   
    Set cmd = New ADODB.Command
    cmd.ActiveConnection = conn
    cmd.CommandText = cmdText
                     
    Set adRS = cmd.Execute
   
End Function

This is one way to go about this. You should include error coding of course.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014277
Hi, welcome to EE!
If you are not 200% sure that you are posting a correct/real/exact answer, just post it as comment. The person who asked the question could accept your commentas an answer if it meets the requirements anyway.
Please, read guidelines about comments/answers at bottom of this page.
If you post an answer, the question is off of list of unanswered question and asker lose the posibility to receive more help from others too.

Cheers
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014472
I use this code in my applications so I know it works, but I was unaware an answer prevented further comments.  Thanks for the advice.

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014489
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014493
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014534
gee, sorry to boring you, use reload question at right top of page instead of Refresh browser's button.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014615
Yeah, I noticed that. My bad. I left the third thing out too, which was to DIM the objects in the IsUserInGroup funciton.

Dim adsUser as IADsUser
Dim adsGroup as IADsGroup

I'll be crawling under for a bit now....
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7017554
I read in the previous question you had the user stated that you can't authenticate a user programatically.  You can. Use the reference to Windows Script Hosting.

I use it once, but I am not sure on the complete code.
Here is a start.

Dim wsh as WshShell
Dim network as WshNetwork(?)

Set wsh = New WshShell

Set network = wsh.network

username = network.username

Hope it helps

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now