Solved

Determine Group Memberships using ADO and Active Directory

Posted on 2002-05-16
9
227 Views
Last Modified: 2009-07-29
I am looking for code examples to determine a users' group memebership in Active Directory using ADO.  We have Win 2000 and VB 6.0.  And we want to see if a user is a member of particular group to authenticate the user using ADSI for a custom application.
0
Comment
Question by:ChiefDamon
  • 6
  • 3
9 Comments
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014041
0
 
LVL 1

Accepted Solution

by:
pjbaratelli earned 200 total points
ID: 7014240
You need two objects to compare to find out if a user is a member of a group.  The IADsUser and the IADsGroup.
Once you have these two objects set correctly, compare them.  

Private conn As ADODB.Connection

Public Function IsUserInGroup(strUserName as String, strDom as String,Optional strGroup as String) as Boolean

     if IsMissing(strGroup) then
          Set adsGroup = adGroup(dom) ' Group variable not sent
     else
          Set adsGroup = adGroup(dom,strGroup)  ' Group variable sent
     end if

     Set adsUser = adUser(strUserName)

     if  adsGroup.IsMember(adsUser.ADsPath) then
          IsUserInGroup = true
     else
          IsUserInGroup = false
     end if

       Set adsGroup = Nothing
       set adsUser = Nothing

end function

************* This snipit of code returns IADsUser ****


Public Function adUser(userName As String, dom as String) As IADsUser

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection

     strQuery = "<" & dom & ">;(&(objectClass=User)(objectCategory=person)" & _
                       "(SamAccountName=" & userName & "));AdsPath, sAMAccountName; subTree"
                     
          ADsPath = adRS(strQuery).Fields("ADsPath")
                       adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adUser = dsObj.OpenDSObject(ADsPath,  [ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
    Set conn = Nothing
           
End Function


********************* This part get the Group ****

Public Function adGroup(dom as String,Optional strGroup As Variant = "Domain Users") As IADsGroup

    Dim dsObj As IADsOpenDSObject
    Dim strQuery As String
    Dim ADsPath As String

    Set conn = adConnection
    strQuery = "<" & dom & ">;(&(objectCategory=group)" & _
               "(cn=" & strGroup & "));AdsPath,cn; subTree"
               
    ADsPath = adRS(strQuery).Fields("ADsPath")
    adRS(strQuery).Close
   
    Set dsObj = GetObject("LDAP:")
    Set adGroup = dsObj.OpenDSObject(ADsPath,[ Place admin ldap path here ], [ Place admin pasword here ], CLng(1))
   
    Set dsObj = Nothing
           
End Function

***************** These functions are used by the above funcitons **********************

Private Function adConnection() As ADODB.Connection

    Set adConnection = New ADODB.Connection
     
    On Error GoTo errCode
    Set adConnection = CreateObject("ADODB.Connection")
    adConnection.Provider = "ADsDSOObject"
    adConnection.ConnectionString = "Active Directory Provider"
    adConnection.Properties("User ID") = [ Place admin ldap path here ]
    adConnection.Properties("Password") = [ Place admin pasword here ]
    adConnection.Properties("Encrypt Password") = True
    adConnection.Open
   
End Function

Public Function adRS(cmdText As String) As ADODB.Recordset

    Dim cmd As ADODB.Command
    Dim strQuery As String
    Dim ADsPath As String
   
    Set cmd = New ADODB.Command
    cmd.ActiveConnection = conn
    cmd.CommandText = cmdText
                     
    Set adRS = cmd.Execute
   
End Function

This is one way to go about this. You should include error coding of course.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014277
Hi, welcome to EE!
If you are not 200% sure that you are posting a correct/real/exact answer, just post it as comment. The person who asked the question could accept your commentas an answer if it meets the requirements anyway.
Please, read guidelines about comments/answers at bottom of this page.
If you post an answer, the question is off of list of unanswered question and asker lose the posibility to receive more help from others too.

Cheers
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014472
I use this code in my applications so I know it works, but I was unaware an answer prevented further comments.  Thanks for the advice.

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014489
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014493
Three things:

1) After the IADsUser and IADsGroup object is SET, you need to make a call to gather the information. Use this code in the IsUserInGroup Function.

  adsUser.GetInfo
  adsGroup.GetInfo

2) Don't use "Domain Users" as the default for the strGroup variable.  It may not produce the results you want all the time.  Choose something other then a system group.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 7014534
gee, sorry to boring you, use reload question at right top of page instead of Refresh browser's button.
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7014615
Yeah, I noticed that. My bad. I left the third thing out too, which was to DIM the objects in the IsUserInGroup funciton.

Dim adsUser as IADsUser
Dim adsGroup as IADsGroup

I'll be crawling under for a bit now....
0
 
LVL 1

Expert Comment

by:pjbaratelli
ID: 7017554
I read in the previous question you had the user stated that you can't authenticate a user programatically.  You can. Use the reference to Windows Script Hosting.

I use it once, but I am not sure on the complete code.
Here is a start.

Dim wsh as WshShell
Dim network as WshNetwork(?)

Set wsh = New WshShell

Set network = wsh.network

username = network.username

Hope it helps

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction I needed to skip over some file processing within a For...Next loop in some old production code and wished that VB (classic) had a statement that would drop down to the end of the current iteration, bypassing the statements that were c…
Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now