Solved

ACTIVE DIRECTORY challenge!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! this one took the wind out of me

Posted on 2006-11-23
12
172 Views
Last Modified: 2010-04-18
Hi
  i have spend the day trying to crack the case. let me explain what i am trying to accomplish

THe requirement is to use the user logon to grant him access to different roles

I have queried the group and have brought back the primaryGroupToken for all groups

    cmdSearch.CommandText = "select cn,primaryGroupToken " _
        & "from 'LDAP://domain/cn=my,DC=domain,DC=name' " _
        & "where objectClass='group' "

returns

A,1
B,3
C,2
Domain Users,513

when i return the primary group id of hte user i get
513,user1,userEmail1 .....

But it always returns 513 which is the Domain Users group....
How can i find the group of the logged into the site and grant him appr rights

Any help would be appreciated

 
0
Comment
Question by:crystalguy2000
12 Comments
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Are you trying to identify the site the user is logged onto?  Group memberships or primary group will not change at all.  The primary group is a thow back and fairly pointless now afaik, was it another of the POSIX compatabilities we all had to learn about for MCSE and never use.... can't remember.

Anyway so are you saying you have three sites and are trying to identify the site the user is at (if so why not assign a script to the site perhaps?).  I asume if so you have the subnets and sites defined in AD already in Sites and Services.

Please clarify?
0
 

Author Comment

by:crystalguy2000
Comment Utility
I am new to AD. So i dont know if the site you are referring to is a "Security Group"

I am trying to return the role of the logged in user.... I want to know whether he belong to security group A or security group B or Security group 3... If he is in group A then he is an admin..if he belongs to group b then he is not an admin and so on...
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 250 total points
Comment Utility
The thing is he could be in group a, b, and c.  If you need to check his group membership you can do something like this:

http://www.computerperformance.co.uk/vbscript/vbscript_group_user_memberof.htm

The script there can give you the list of groups the user is a member of and you can check against that to identify which groups the user is in -->

The sites things means a different logon script and policies can apply depending upon which physical location you login if your network is setup with multiple sites -- e.g. a company with different buildings or locations.  It sounds like that isn't actualyl what you are after anyway.

Steve
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
Comment Utility
The Primary Group is always 513.

You want to use "ifmember" or a vbscript that does the same thing to determine membership.

If you are looking to add people to Security Groups depending on other group membership then keep in mind it won't apply to them until they log off and back on again.

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Accept dragon-it or split...
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
Would like some response.
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Well that is always preferred of course otherwise we are just talking amongst ourselves and the occasional cleanup volunteer :-)
0
 
LVL 20

Expert Comment

by:Venabili
Comment Utility
>>Would like some response.
Me too. And peace in the whole world. :) But for some reason in most questions like this I think the latter have bigger chance
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
LOL.  Split them up then.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now