• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 248
  • Last Modified:

Determine Group Memberships using ADO and Active Directory

I am looking for code examples to determine a users' group memebership in Active Directory using ADO.  We have Win 2000 and VB 6.0.  And we want to see if a user is a member of particular group to authenticate the user using ADSI for a custom application.
0
ChiefDamon
Asked:
ChiefDamon
  • 6
  • 3
1 Solution
 
Richie_SimonettiIT OperationsCommented:
0
 
pjbaratelliCommented:
You need two objects to compare to find out if a user is a member of a group.  The IADsUser and the IADsGroup.
Once you have these two objects set correctly, compare them.  

Private conn As ADODB.Connection

Public Function IsUserInGroup(strUserName as String, strDom as String,Optional strGroup as String) as Boolean

     if IsMissing(strGroup) then
          Set adsGroup = adGroup(dom) ' Group variable not sent
     else
          Set adsGroup = adGroup(dom,strGroup)  ' Group variable sent
     end if

     Set adsUser = adUser(strUserName)

     if  adsGroup.IsMember(adsUser.ADsPath) then
          IsUserInGroup = true
     else
          IsUserInGroup = false
     end if

       Set adsGroup = Nothing
       set adsUser = Nothing

end function

************* This snipit of code returns IADsUser ****


Public Function adUser(userName As String, dom as String) As IADsUser

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection

     strQuery = "<" & dom & ">;(&(objectClass=User)(objectCategory=person)" & _
                       "(SamAccountName=" & userName & "));AdsPath, sAMAccountName; subTree"
                     
          ADsPath = adRS(strQuery).Fields("ADsPath")
                       adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adUser = dsObj.OpenDSObject(ADsPath,  [ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
    Set conn = Nothing
           
End Function


********************* This part get the Group ****

Public Function adGroup(dom as String,Optional strGroup As Variant = "Domain Users") As IADsGroup

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection
    strQuery = "<" & dom & ">;(&(objectCategory=group)" & _
               "(cn=" & strGroup & "));AdsPath,cn; subTree"
               
    ADsPath = adRS(strQuery).Fields("ADsPath")
    adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adGroup = dsObj.OpenDSObject(ADsPath,[ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
           
End Function

***************** These functions are used by the above funcitons **********************

Private Function adConnection() As ADODB.Connection

    Set adConnection = New ADODB.Connection
     
    On Error GoTo errCode
    Set adConnection = CreateObject("ADODB.Connection")
    adConnection.Provider = "ADsDSOObject"
    adConnection.ConnectionString = "Active Directory Provider"
    adConnection.Properties("User ID") = [ Place admin ldap path here ]
    adConnection.Properties("Password") = [ Place admin pasword here ]
    adConnection.Properties("Encrypt Password") = True
    adConnection.Open
   
End Function

Public Function adRS(cmdText As String) As ADODB.Recordset

    Dim cmd As ADODB.Command
    Dim strQuery As String
    Dim ADsPath As String
   
    Set cmd = New ADODB.Command
    cmd.ActiveConnection = conn
    cmd.CommandText = cmdText
                     
    Set adRS = cmd.Execute
   
End Function

This is one way to go about this. You should include error coding of course.
0
 
Richie_SimonettiIT OperationsCommented:
Hi, welcome to EE!
If you are not 200% sure that you are posting a correct/real/exact answer, just post it as comment. The person who asked the question could accept your commentas an answer if it meets the requirements anyway.
Please, read guidelines about comments/answers at bottom of this page.
If you post an answer, the question is off of list of unanswered question and asker lose the posibility to receive more help from others too.

Cheers
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
pjbaratelliCommented:
I use this code in my applications so I know it works, but I was unaware an answer prevented further comments.  Thanks for the advice.

0
 
pjbaratelliCommented:
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
pjbaratelliCommented:
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
Richie_SimonettiIT OperationsCommented:
gee, sorry to boring you, use reload question at right top of page instead of Refresh browser's button.
0
 
pjbaratelliCommented:
Yeah, I noticed that. My bad. I left the third thing out too, which was to DIM the objects in the IsUserInGroup funciton.

Dim adsUser as IADsUser
Dim adsGroup as IADsGroup

I'll be crawling under for a bit now....
0
 
pjbaratelliCommented:
I read in the previous question you had the user stated that you can't authenticate a user programatically.  You can. Use the reference to Windows Script Hosting.

I use it once, but I am not sure on the complete code.
Here is a start.

Dim wsh as WshShell
Dim network as WshNetwork(?)

Set wsh = New WshShell

Set network = wsh.network

username = network.username

Hope it helps

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now