Solved

Visual Basic 2008 Active Directory Group Membrship

Posted on 2008-09-29
7
1,014 Views
Last Modified: 2012-03-15
I have an application I'm creating that when a user starts I want to check an security group in AD to verify the users membership.  I was able to create the routines to get the domain & UserID by the workstation login so now i just need a process for comparing a user to a AD group.

Thanks in advance!

Michael
0
Comment
Question by:MKC06
  • 3
  • 3
7 Comments
 
LVL 5

Expert Comment

by:minvis
Comment Utility
If you don't mind using a commandline tool in you script: Dsquery and Dsmod

Dsquery is to get an object from AD and Dsget if for getting a property of the object.
So if you want to know who is member of the the domain admins try:
dsquery group -name "domain admins" | dsget group -members

I hope thios works for you. Good luck!
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Hi Michael,

That should be fine. Can we a ssume the program is running as an authenticated user?

If so, we have System.DirectoryServices. We can use that to find the user in AD and grab the group membership (memberOf). Presumably you'd like samples? ;)

Chris
0
 

Author Comment

by:MKC06
Comment Utility
Hi Chris,

Yes,if you have an example that would be great, I'm just not sure how to construct the code.  For example, I have the user name captured in a variable called strGetUserID, and the domain strDomain, I want to validate the user against an AD group called a_Synapse_Admins.

Thank you,

Michael
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

Hi Michael,

Before I post a lot I have to add a little note. I'm not a programmer at all, I work with AD and know how to do a lot of these things. However, my way might not necessarily the best way (just so you know :)).

Anyway, that said... here's a simple way of finding and retrieving group membership for a single user.

I can't attach a project, perhaps imagine a form with three buttons: Username, GroupName and DomainName (e.g. domain.com). The sub just writes  the result of a quick search to another text box, default value is false, but it if does a basic match that becomes true.

Chris
    Private Sub MemberOf_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MemberOf.Click
 

        Dim rootDSE As New DirectoryEntry("LDAP://" & DomainName.Text & "/RootDSE")
 

        Dim filterString As String = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & Username.Text & "))"

        Dim domainRoot As New DirectoryEntry("LDAP://" & DomainName.Text & "/" & rootDSE.Properties("defaultNamingContext")(0).ToString())

        Dim domainSearch As New DirectorySearcher(domainRoot, filterString)

        domainSearch.PropertiesToLoad.Add("memberOf")
 

        Dim domainSearchResult As SearchResult = domainSearch.FindOne()
 

        Results.Text = "MemberOf: False"

        For Each domainGroup In domainSearchResult.Properties("memberof")

            If InStr(domainGroup, GroupName.Text) > 0 Then

                Results.Text = "MemberOf: True"

                Exit For

            End If

        Next

    End Sub

Open in new window

0
 

Author Comment

by:MKC06
Comment Utility
That works perfectly Chris!, thank you so much.  Below is the code I came up with for my project
        'Check AD group member ship in the A_Synapse_Admins AD group

        'Returns True if the userid is a synapse Admin

        Dim rootDSE As New DirectoryEntry("LDAP://" & rDomain() & "/RootDSE")

        Dim strGroupName As String
 

        Dim filterString As String = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & rGetUserName() & "))"

        Dim domainRoot As New DirectoryEntry("LDAP://" & rDomain() & "/" & rootDSE.Properties("defaultNamingContext")(0).ToString())

        Dim domainSearch As New DirectorySearcher(domainRoot, filterString)

        domainSearch.PropertiesToLoad.Add("memberOf")
 

        Dim domainSearchResult As SearchResult = domainSearch.FindOne()

        strGroupName = "a_Synapse_Admins"

        sResults.Text = "MemberOf: False"

        For Each domainGroup In domainSearchResult.Properties("memberof")

            If InStr(domainGroup, strGroupName) > 0 Then

                sResults.Text = "MemberOf: True"

                Exit For

            End If

Open in new window

0
 

Author Closing Comment

by:MKC06
Comment Utility
Thanks again!
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Glad I could help out :)

Chris
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now