Solved

ACTIVE DIRECTORY challenge!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! this one took the wind out of me

Posted on 2006-11-23
12
176 Views
Last Modified: 2010-04-18
Hi
  i have spend the day trying to crack the case. let me explain what i am trying to accomplish

THe requirement is to use the user logon to grant him access to different roles

I have queried the group and have brought back the primaryGroupToken for all groups

    cmdSearch.CommandText = "select cn,primaryGroupToken " _
        & "from 'LDAP://domain/cn=my,DC=domain,DC=name' " _
        & "where objectClass='group' " 

returns

A,1
B,3
C,2
Domain Users,513

when i return the primary group id of hte user i get
513,user1,userEmail1 .....

But it always returns 513 which is the Domain Users group....
How can i find the group of the logged into the site and grant him appr rights

Any help would be appreciated

 
0
Comment
Question by:crystalguy2000
12 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18006083
Are you trying to identify the site the user is logged onto?  Group memberships or primary group will not change at all.  The primary group is a thow back and fairly pointless now afaik, was it another of the POSIX compatabilities we all had to learn about for MCSE and never use.... can't remember.

Anyway so are you saying you have three sites and are trying to identify the site the user is at (if so why not assign a script to the site perhaps?).  I asume if so you have the subnets and sites defined in AD already in Sites and Services.

Please clarify?
0
 

Author Comment

by:crystalguy2000
ID: 18008701
I am new to AD. So i dont know if the site you are referring to is a "Security Group"

I am trying to return the role of the logged in user.... I want to know whether he belong to security group A or security group B or Security group 3... If he is in group A then he is an admin..if he belongs to group b then he is not an admin and so on...
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 250 total points
ID: 18009265
The thing is he could be in group a, b, and c.  If you need to check his group membership you can do something like this:

http://www.computerperformance.co.uk/vbscript/vbscript_group_user_memberof.htm

The script there can give you the list of groups the user is a member of and you can check against that to identify which groups the user is in -->

The sites things means a different logon script and policies can apply depending upon which physical location you login if your network is setup with multiple sites -- e.g. a company with different buildings or locations.  It sounds like that isn't actualyl what you are after anyway.

Steve
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 18011461
The Primary Group is always 513.

You want to use "ifmember" or a vbscript that does the same thing to determine membership.

If you are looking to add people to Security Groups depending on other group membership then keep in mind it won't apply to them until they log off and back on again.

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 18341992
Accept dragon-it or split...
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18342007
Would like some response.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18344202
Well that is always preferred of course otherwise we are just talking amongst ourselves and the occasional cleanup volunteer :-)
0
 
LVL 20

Expert Comment

by:Venabili
ID: 18348521
>>Would like some response.
Me too. And peace in the whole world. :) But for some reason in most questions like this I think the latter have bigger chance
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18351029
LOL.  Split them up then.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now