Solved

ACTIVE DIRECTORY challenge!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! this one took the wind out of me

Posted on 2006-11-23
12
178 Views
Last Modified: 2010-04-18
Hi
  i have spend the day trying to crack the case. let me explain what i am trying to accomplish

THe requirement is to use the user logon to grant him access to different roles

I have queried the group and have brought back the primaryGroupToken for all groups

    cmdSearch.CommandText = "select cn,primaryGroupToken " _
        & "from 'LDAP://domain/cn=my,DC=domain,DC=name' " _
        & "where objectClass='group' " 

returns

A,1
B,3
C,2
Domain Users,513

when i return the primary group id of hte user i get
513,user1,userEmail1 .....

But it always returns 513 which is the Domain Users group....
How can i find the group of the logged into the site and grant him appr rights

Any help would be appreciated

 
0
Comment
Question by:crystalguy2000
12 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18006083
Are you trying to identify the site the user is logged onto?  Group memberships or primary group will not change at all.  The primary group is a thow back and fairly pointless now afaik, was it another of the POSIX compatabilities we all had to learn about for MCSE and never use.... can't remember.

Anyway so are you saying you have three sites and are trying to identify the site the user is at (if so why not assign a script to the site perhaps?).  I asume if so you have the subnets and sites defined in AD already in Sites and Services.

Please clarify?
0
 

Author Comment

by:crystalguy2000
ID: 18008701
I am new to AD. So i dont know if the site you are referring to is a "Security Group"

I am trying to return the role of the logged in user.... I want to know whether he belong to security group A or security group B or Security group 3... If he is in group A then he is an admin..if he belongs to group b then he is not an admin and so on...
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 250 total points
ID: 18009265
The thing is he could be in group a, b, and c.  If you need to check his group membership you can do something like this:

http://www.computerperformance.co.uk/vbscript/vbscript_group_user_memberof.htm

The script there can give you the list of groups the user is a member of and you can check against that to identify which groups the user is in -->

The sites things means a different logon script and policies can apply depending upon which physical location you login if your network is setup with multiple sites -- e.g. a company with different buildings or locations.  It sounds like that isn't actualyl what you are after anyway.

Steve
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 18011461
The Primary Group is always 513.

You want to use "ifmember" or a vbscript that does the same thing to determine membership.

If you are looking to add people to Security Groups depending on other group membership then keep in mind it won't apply to them until they log off and back on again.

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18341992
Accept dragon-it or split...
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18342007
Would like some response.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18344202
Well that is always preferred of course otherwise we are just talking amongst ourselves and the occasional cleanup volunteer :-)
0
 
LVL 20

Expert Comment

by:Venabili
ID: 18348521
>>Would like some response.
Me too. And peace in the whole world. :) But for some reason in most questions like this I think the latter have bigger chance
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18351029
LOL.  Split them up then.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question