Solved

ACTIVE DIRECTORY challenge!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! this one took the wind out of me

Posted on 2006-11-23
12
180 Views
Last Modified: 2010-04-18
Hi
  i have spend the day trying to crack the case. let me explain what i am trying to accomplish

THe requirement is to use the user logon to grant him access to different roles

I have queried the group and have brought back the primaryGroupToken for all groups

    cmdSearch.CommandText = "select cn,primaryGroupToken " _
        & "from 'LDAP://domain/cn=my,DC=domain,DC=name' " _
        & "where objectClass='group' " 

returns

A,1
B,3
C,2
Domain Users,513

when i return the primary group id of hte user i get
513,user1,userEmail1 .....

But it always returns 513 which is the Domain Users group....
How can i find the group of the logged into the site and grant him appr rights

Any help would be appreciated

 
0
Comment
Question by:crystalguy2000
12 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18006083
Are you trying to identify the site the user is logged onto?  Group memberships or primary group will not change at all.  The primary group is a thow back and fairly pointless now afaik, was it another of the POSIX compatabilities we all had to learn about for MCSE and never use.... can't remember.

Anyway so are you saying you have three sites and are trying to identify the site the user is at (if so why not assign a script to the site perhaps?).  I asume if so you have the subnets and sites defined in AD already in Sites and Services.

Please clarify?
0
 

Author Comment

by:crystalguy2000
ID: 18008701
I am new to AD. So i dont know if the site you are referring to is a "Security Group"

I am trying to return the role of the logged in user.... I want to know whether he belong to security group A or security group B or Security group 3... If he is in group A then he is an admin..if he belongs to group b then he is not an admin and so on...
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 250 total points
ID: 18009265
The thing is he could be in group a, b, and c.  If you need to check his group membership you can do something like this:

http://www.computerperformance.co.uk/vbscript/vbscript_group_user_memberof.htm

The script there can give you the list of groups the user is a member of and you can check against that to identify which groups the user is in -->

The sites things means a different logon script and policies can apply depending upon which physical location you login if your network is setup with multiple sites -- e.g. a company with different buildings or locations.  It sounds like that isn't actualyl what you are after anyway.

Steve
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 18011461
The Primary Group is always 513.

You want to use "ifmember" or a vbscript that does the same thing to determine membership.

If you are looking to add people to Security Groups depending on other group membership then keep in mind it won't apply to them until they log off and back on again.

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18341992
Accept dragon-it or split...
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18342007
Would like some response.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18344202
Well that is always preferred of course otherwise we are just talking amongst ourselves and the occasional cleanup volunteer :-)
0
 
LVL 20

Expert Comment

by:Venabili
ID: 18348521
>>Would like some response.
Me too. And peace in the whole world. :) But for some reason in most questions like this I think the latter have bigger chance
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18351029
LOL.  Split them up then.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
"Why did the system shutdown, unexpectedly? Getting the message at login. 4 70
Screen Mirroring 7 93
why user can't see mapped share folder 8 63
ticket bloat 3 70
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question