Solved

Determine Group Memberships using ADO and Active Directory

Posted on 2002-05-16
9
229 Views
Last Modified: 2009-07-29
I am looking for code examples to determine a users' group memebership in Active Directory using ADO.  We have Win 2000 and VB 6.0.  And we want to see if a user is a member of particular group to authenticate the user using ADSI for a custom application.
0
Comment
Question by:ChiefDamon
  • 6
  • 3
9 Comments
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014041
0
 
LVL 1

Accepted Solution

by:
pjbaratelli earned 200 total points
ID: 7014240
You need two objects to compare to find out if a user is a member of a group.  The IADsUser and the IADsGroup.
Once you have these two objects set correctly, compare them.  

Private conn As ADODB.Connection

Public Function IsUserInGroup(strUserName as String, strDom as String,Optional strGroup as String) as Boolean

     if IsMissing(strGroup) then
          Set adsGroup = adGroup(dom) ' Group variable not sent
     else
          Set adsGroup = adGroup(dom,strGroup)  ' Group variable sent
     end if

     Set adsUser = adUser(strUserName)

     if  adsGroup.IsMember(adsUser.ADsPath) then
          IsUserInGroup = true
     else
          IsUserInGroup = false
     end if

       Set adsGroup = Nothing
       set adsUser = Nothing

end function

************* This snipit of code returns IADsUser ****


Public Function adUser(userName As String, dom as String) As IADsUser

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection

     strQuery = "<" & dom & ">;(&(objectClass=User)(objectCategory=person)" & _
                       "(SamAccountName=" & userName & "));AdsPath, sAMAccountName; subTree"
                     
          ADsPath = adRS(strQuery).Fields("ADsPath")
                       adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adUser = dsObj.OpenDSObject(ADsPath,  [ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
    Set conn = Nothing
           
End Function


********************* This part get the Group ****

Public Function adGroup(dom as String,Optional strGroup As Variant = "Domain Users") As IADsGroup

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection
    strQuery = "<" & dom & ">;(&(objectCategory=group)" & _
               "(cn=" & strGroup & "));AdsPath,cn; subTree"
               
    ADsPath = adRS(strQuery).Fields("ADsPath")
    adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adGroup = dsObj.OpenDSObject(ADsPath,[ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
           
End Function

***************** These functions are used by the above funcitons **********************

Private Function adConnection() As ADODB.Connection

    Set adConnection = New ADODB.Connection
     
    On Error GoTo errCode
    Set adConnection = CreateObject("ADODB.Connection")
    adConnection.Provider = "ADsDSOObject"
    adConnection.ConnectionString = "Active Directory Provider"
    adConnection.Properties("User ID") = [ Place admin ldap path here ]
    adConnection.Properties("Password") = [ Place admin pasword here ]
    adConnection.Properties("Encrypt Password") = True
    adConnection.Open
   
End Function

Public Function adRS(cmdText As String) As ADODB.Recordset

    Dim cmd As ADODB.Command
    Dim strQuery As String
    Dim ADsPath As String
   
    Set cmd = New ADODB.Command
    cmd.ActiveConnection = conn
    cmd.CommandText = cmdText
                     
    Set adRS = cmd.Execute
   
End Function

This is one way to go about this. You should include error coding of course.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014277
Hi, welcome to EE!
If you are not 200% sure that you are posting a correct/real/exact answer, just post it as comment. The person who asked the question could accept your commentas an answer if it meets the requirements anyway.
Please, read guidelines about comments/answers at bottom of this page.
If you post an answer, the question is off of list of unanswered question and asker lose the posibility to receive more help from others too.

Cheers
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014472
I use this code in my applications so I know it works, but I was unaware an answer prevented further comments.  Thanks for the advice.

0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014489
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014493
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014534
gee, sorry to boring you, use reload question at right top of page instead of Refresh browser's button.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014615
Yeah, I noticed that. My bad. I left the third thing out too, which was to DIM the objects in the IsUserInGroup funciton.

Dim adsUser as IADsUser
Dim adsGroup as IADsGroup

I'll be crawling under for a bit now....
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7017554
I read in the previous question you had the user stated that you can't authenticate a user programatically.  You can. Use the reference to Windows Script Hosting.

I use it once, but I am not sure on the complete code.
Here is a start.

Dim wsh as WshShell
Dim network as WshNetwork(?)

Set wsh = New WshShell

Set network = wsh.network

username = network.username

Hope it helps

0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question