Solved

Determine Group Memberships using ADO and Active Directory

Posted on 2002-05-16
9
231 Views
Last Modified: 2009-07-29
I am looking for code examples to determine a users' group memebership in Active Directory using ADO.  We have Win 2000 and VB 6.0.  And we want to see if a user is a member of particular group to authenticate the user using ADSI for a custom application.
0
Comment
Question by:ChiefDamon
  • 6
  • 3
9 Comments
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014041
0
 
LVL 1

Accepted Solution

by:
pjbaratelli earned 200 total points
ID: 7014240
You need two objects to compare to find out if a user is a member of a group.  The IADsUser and the IADsGroup.
Once you have these two objects set correctly, compare them.  

Private conn As ADODB.Connection

Public Function IsUserInGroup(strUserName as String, strDom as String,Optional strGroup as String) as Boolean

     if IsMissing(strGroup) then
          Set adsGroup = adGroup(dom) ' Group variable not sent
     else
          Set adsGroup = adGroup(dom,strGroup)  ' Group variable sent
     end if

     Set adsUser = adUser(strUserName)

     if  adsGroup.IsMember(adsUser.ADsPath) then
          IsUserInGroup = true
     else
          IsUserInGroup = false
     end if

       Set adsGroup = Nothing
       set adsUser = Nothing

end function

************* This snipit of code returns IADsUser ****


Public Function adUser(userName As String, dom as String) As IADsUser

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection

     strQuery = "<" & dom & ">;(&(objectClass=User)(objectCategory=person)" & _
                       "(SamAccountName=" & userName & "));AdsPath, sAMAccountName; subTree"
                     
          ADsPath = adRS(strQuery).Fields("ADsPath")
                       adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adUser = dsObj.OpenDSObject(ADsPath,  [ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
    Set conn = Nothing
           
End Function


********************* This part get the Group ****

Public Function adGroup(dom as String,Optional strGroup As Variant = "Domain Users") As IADsGroup

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection
    strQuery = "<" & dom & ">;(&(objectCategory=group)" & _
               "(cn=" & strGroup & "));AdsPath,cn; subTree"
               
    ADsPath = adRS(strQuery).Fields("ADsPath")
    adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adGroup = dsObj.OpenDSObject(ADsPath,[ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
           
End Function

***************** These functions are used by the above funcitons **********************

Private Function adConnection() As ADODB.Connection

    Set adConnection = New ADODB.Connection
     
    On Error GoTo errCode
    Set adConnection = CreateObject("ADODB.Connection")
    adConnection.Provider = "ADsDSOObject"
    adConnection.ConnectionString = "Active Directory Provider"
    adConnection.Properties("User ID") = [ Place admin ldap path here ]
    adConnection.Properties("Password") = [ Place admin pasword here ]
    adConnection.Properties("Encrypt Password") = True
    adConnection.Open
   
End Function

Public Function adRS(cmdText As String) As ADODB.Recordset

    Dim cmd As ADODB.Command
    Dim strQuery As String
    Dim ADsPath As String
   
    Set cmd = New ADODB.Command
    cmd.ActiveConnection = conn
    cmd.CommandText = cmdText
                     
    Set adRS = cmd.Execute
   
End Function

This is one way to go about this. You should include error coding of course.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014277
Hi, welcome to EE!
If you are not 200% sure that you are posting a correct/real/exact answer, just post it as comment. The person who asked the question could accept your commentas an answer if it meets the requirements anyway.
Please, read guidelines about comments/answers at bottom of this page.
If you post an answer, the question is off of list of unanswered question and asker lose the posibility to receive more help from others too.

Cheers
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014472
I use this code in my applications so I know it works, but I was unaware an answer prevented further comments.  Thanks for the advice.

0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014489
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014493
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014534
gee, sorry to boring you, use reload question at right top of page instead of Refresh browser's button.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014615
Yeah, I noticed that. My bad. I left the third thing out too, which was to DIM the objects in the IsUserInGroup funciton.

Dim adsUser as IADsUser
Dim adsGroup as IADsGroup

I'll be crawling under for a bit now....
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7017554
I read in the previous question you had the user stated that you can't authenticate a user programatically.  You can. Use the reference to Windows Script Hosting.

I use it once, but I am not sure on the complete code.
Here is a start.

Dim wsh as WshShell
Dim network as WshNetwork(?)

Set wsh = New WshShell

Set network = wsh.network

username = network.username

Hope it helps

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MsgBox 2 59
Export PDF Form fields to Access  or Excel  in Tab order 16 80
VBA to find and replace multiline text from VBA modules 8 65
Set WorkSheet  not Working 9 43
There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question