?
Solved

ACTIVE DIRECTORY challenge!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! this one took the wind out of me

Posted on 2006-11-23
12
Medium Priority
?
182 Views
Last Modified: 2010-04-18
Hi
  i have spend the day trying to crack the case. let me explain what i am trying to accomplish

THe requirement is to use the user logon to grant him access to different roles

I have queried the group and have brought back the primaryGroupToken for all groups

    cmdSearch.CommandText = "select cn,primaryGroupToken " _
        & "from 'LDAP://domain/cn=my,DC=domain,DC=name' " _
        & "where objectClass='group' " 

returns

A,1
B,3
C,2
Domain Users,513

when i return the primary group id of hte user i get
513,user1,userEmail1 .....

But it always returns 513 which is the Domain Users group....
How can i find the group of the logged into the site and grant him appr rights

Any help would be appreciated

 
0
Comment
Question by:crystalguy2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18006083
Are you trying to identify the site the user is logged onto?  Group memberships or primary group will not change at all.  The primary group is a thow back and fairly pointless now afaik, was it another of the POSIX compatabilities we all had to learn about for MCSE and never use.... can't remember.

Anyway so are you saying you have three sites and are trying to identify the site the user is at (if so why not assign a script to the site perhaps?).  I asume if so you have the subnets and sites defined in AD already in Sites and Services.

Please clarify?
0
 

Author Comment

by:crystalguy2000
ID: 18008701
I am new to AD. So i dont know if the site you are referring to is a "Security Group"

I am trying to return the role of the logged in user.... I want to know whether he belong to security group A or security group B or Security group 3... If he is in group A then he is an admin..if he belongs to group b then he is not an admin and so on...
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 1000 total points
ID: 18009265
The thing is he could be in group a, b, and c.  If you need to check his group membership you can do something like this:

http://www.computerperformance.co.uk/vbscript/vbscript_group_user_memberof.htm

The script there can give you the list of groups the user is a member of and you can check against that to identify which groups the user is in -->

The sites things means a different logon script and policies can apply depending upon which physical location you login if your network is setup with multiple sites -- e.g. a company with different buildings or locations.  It sounds like that isn't actualyl what you are after anyway.

Steve
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 1000 total points
ID: 18011461
The Primary Group is always 513.

You want to use "ifmember" or a vbscript that does the same thing to determine membership.

If you are looking to add people to Security Groups depending on other group membership then keep in mind it won't apply to them until they log off and back on again.

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18341992
Accept dragon-it or split...
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18342007
Would like some response.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18344202
Well that is always preferred of course otherwise we are just talking amongst ourselves and the occasional cleanup volunteer :-)
0
 
LVL 20

Expert Comment

by:Venabili
ID: 18348521
>>Would like some response.
Me too. And peace in the whole world. :) But for some reason in most questions like this I think the latter have bigger chance
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18351029
LOL.  Split them up then.
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question