Solved

Querying the Active Directory

Posted on 2003-11-25
3
729 Views
Last Modified: 2012-08-14
Hi,

I want to query the Active Directory to retrieve users based on certain criteria, like 'l', 'Department', 'ReportsTo', 'ReportsFrom', etc., but I am not able to do so via ADSI.
I tried querying the Global Catalog (GC), but it is telling that these fields were not found in the directory cache. Can anyone help??

Thanks in advance,
nganesh.
0
Comment
Question by:nganesh
3 Comments
 
LVL 14

Accepted Solution

by:
waty earned 150 total points
ID: 9830924
' #Mandix Repository#************************************************************
' * Programmer Name  : Paul Gorman
' * WebSite          : http://www.smi-texas.com
' * Date             : 06/27/2002
' **********************************************************************
' * Comments         : Active Directory Search Functions
' *
' * There are 4 different function that allow you to search your
' * companies active directory in different ways. These function
' * will allow you to search active directory by user or by group
' * to determine permissions. I am currently using these in my enterprise
' * applications so that I can set up security at a very granular
' * level. Down to a specific control if i want to.
' *
' **********************************************************************

Option Explicit
Public Enum Enum_adscAccessType
   adscDenyedAccess = 0
   adscDataReader = 1
   adscDataWriter = 2
End Enum
Public Function AllowAccess(LoginID As String, Group As String) As Boolean
   Dim oCN              As ADODB.Connection, oCM As ADODB.Command, oRS As ADODB.Recordset, oField As ADODB.Field
   Dim oUser            As IADs, oParent As IADs, oGroup As IADs
   Dim oPropList        As IADsPropertyList, oPropEntry As IADsPropertyEntry, oPropVal As IADsPropertyValue
   Dim sPath            As String, v As Variant, i As Variant
   'This function checks a specific users rights via their login and what ever group you pass in.
   'You will need to replace the {YOUR DC HERE} with your own domain controller to active directory.
   Set oCN = New ADODB.Connection
   Set oCM = New ADODB.Command
   Set oRS = New ADODB.Recordset
   oCN.Provider = "ADsDSOObject"
   oCN.Open
   Set oCM.ActiveConnection = oCN
   oCM.CommandText = "SELECT AdsPath FROM 'LDAP://OU=Branches,OU=Corp,DC={YOUR DC HERE},DC=com' " & _
      "WHERE objectCategory='person' AND cn='" & LoginID & "'"
   oCM.Properties("searchscope") = 2
   Set oRS = oCM.Execute
   If Not oRS.EOF Then
      Set oUser = GetObject(oRS("AdsPath").Value)
      oUser.GetInfo
      Set oParent = GetObject(oUser.Parent)
      Set oParent = GetObject(oParent.Parent)
      For i = 0 To oUser.PropertyCount - 1
         Set oPropEntry = oUser.Item(i)
         If oPropEntry.Name = "memberOf" Then
            For Each v In oPropEntry.Values
               Set oPropVal = v
               sPath = oPropVal.DNString
               Set oGroup = GetObject("LDAP://" & sPath)
               If oGroup.Name = "CN=" & Group Then
                  AllowAccess = True
                  GoTo ShutDown
               End If
               Set oGroup = Nothing
            Next
         End If
         oUser.Next
      Next
   End If
   AllowAccess = False
ShutDown:
   Set oCN = Nothing
   Set oRS = Nothing
   Set oCM = Nothing
   Set oField = Nothing
   Set oUser = Nothing
   Set oParent = Nothing
   Set oGroup = Nothing
   Set oPropList = Nothing
   Set oPropEntry = Nothing
   Set oPropVal = Nothing
   Set v = Nothing
End Function

Public Function ADSCAllowAccessByGroup(Group As String, UserName As String) As Boolean
   On Error Resume Next
   Dim oGroup           As ActiveDs.IADsGroup
   Dim oUser            As ActiveDs.IADsUser
   'This function checks whether or not a user is in a specific group. It will return a true or false
   'You will need to replace the {YOUR DC HERE} with your own domain controller to active directory.
   Set oGroup = GetObject("WinNT://{YOUR DC HERE}.com/" & Group)
   If oGroup Is Nothing Then
      ADSCAllowAccessByGroup = False
      Exit Function
   End If
   For Each oUser In oGroup.Members
      Debug.Print oUser.Name
      If UCase(oUser.Name) = UCase(UserName) Then
         ADSCAllowAccessByGroup = True
         Exit Function
      End If
   Next
   ADSCAllowAccessByGroup = False
End Function

Public Function ADSCAllowAccessByUser(UserName As String, Group As String) As Boolean
   On Error Resume Next
   Dim oGroup           As ActiveDs.IADsGroup
   Dim oUser            As ActiveDs.IADsUser
   Set oUser = GetObject("WinNT://{YOUR DC HERE}.com/" & UCase(UserName) & ",user")
   If oUser Is Nothing Then
      ADSCAllowAccessByUser = False
      Exit Function
   End If
   For Each oGroup In oUser.Groups
      If UCase(oGroup.Name) = UCase(Group) Then
         ADSCAllowAccessByUser = True
         Exit Function
      End If
   Next
End Function

Public Function ADSCAccessType(Location As String, UserName As String, Module As String, AppName As String) As Enum_adscAccessType
   On Error Resume Next
   Dim oGroup           As ActiveDs.IADsGroup
   Dim oUser            As ActiveDs.IADsUser
   'This function assumes that you already have 2 types of groups set up. One that has DataReader at the end and another
   'that has datawriter at the end. It alsoassumes that you have set up your group name in the following
   'order: Location_AppName & Module & DataReader/DataWriter.
   'You can change this to fit your needs. The main part is the first line of code that sets the oUser
   'You will need to replace the {YOUR DC HERE} with your own domain controller to active directory.
   Set oUser = GetObject("WinNT://{YOUR DC HERE}.com/" & UCase(UserName) & ",user")
   If oUser Is Nothing Then
      ADSCAccessType = adscDenyedAccess
      Exit Function
   End If
   For Each oGroup In oUser.Groups
      Select Case oGroup.Name
         Case Location & "_" & AppName & Module & "DataReader"
            ADSCAccessType = adscDataReader
            Exit Function
         Case Location & "_" & AppName & Module & "DataWriter"
            ADSCAccessType = adscDataWriter
            Exit Function
      End Select
   Next
   ADSCAccessType = adscDenyedAccess
End Function
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enums (shorthand for ‘enumerations’) are not often used by programmers but they can be quite valuable when they are.  What are they? An Enum is just a type of variable like a string or an Integer, but in this case one that you create that contains…
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now