Visual Basic 2008 Active Directory Group Membrship

I have an application I'm creating that when a user starts I want to check an security group in AD to verify the users membership.  I was able to create the routines to get the domain & UserID by the workstation login so now i just need a process for comparing a user to a AD group.

Thanks in advance!

Michael
MKC06Asked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Hi Michael,

Before I post a lot I have to add a little note. I'm not a programmer at all, I work with AD and know how to do a lot of these things. However, my way might not necessarily the best way (just so you know :)).

Anyway, that said... here's a simple way of finding and retrieving group membership for a single user.

I can't attach a project, perhaps imagine a form with three buttons: Username, GroupName and DomainName (e.g. domain.com). The sub just writes  the result of a quick search to another text box, default value is false, but it if does a basic match that becomes true.

Chris
    Private Sub MemberOf_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MemberOf.Click
 
        Dim rootDSE As New DirectoryEntry("LDAP://" & DomainName.Text & "/RootDSE")
 
        Dim filterString As String = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & Username.Text & "))"
        Dim domainRoot As New DirectoryEntry("LDAP://" & DomainName.Text & "/" & rootDSE.Properties("defaultNamingContext")(0).ToString())
        Dim domainSearch As New DirectorySearcher(domainRoot, filterString)
        domainSearch.PropertiesToLoad.Add("memberOf")
 
        Dim domainSearchResult As SearchResult = domainSearch.FindOne()
 
        Results.Text = "MemberOf: False"
        For Each domainGroup In domainSearchResult.Properties("memberof")
            If InStr(domainGroup, GroupName.Text) > 0 Then
                Results.Text = "MemberOf: True"
                Exit For
            End If
        Next
    End Sub

Open in new window

0
 
minvisCommented:
If you don't mind using a commandline tool in you script: Dsquery and Dsmod

Dsquery is to get an object from AD and Dsget if for getting a property of the object.
So if you want to know who is member of the the domain admins try:
dsquery group -name "domain admins" | dsget group -members

I hope thios works for you. Good luck!
0
 
Chris DentPowerShell DeveloperCommented:

Hi Michael,

That should be fine. Can we a ssume the program is running as an authenticated user?

If so, we have System.DirectoryServices. We can use that to find the user in AD and grab the group membership (memberOf). Presumably you'd like samples? ;)

Chris
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
MKC06Author Commented:
Hi Chris,

Yes,if you have an example that would be great, I'm just not sure how to construct the code.  For example, I have the user name captured in a variable called strGetUserID, and the domain strDomain, I want to validate the user against an AD group called a_Synapse_Admins.

Thank you,

Michael
0
 
MKC06Author Commented:
That works perfectly Chris!, thank you so much.  Below is the code I came up with for my project
        'Check AD group member ship in the A_Synapse_Admins AD group
        'Returns True if the userid is a synapse Admin
        Dim rootDSE As New DirectoryEntry("LDAP://" & rDomain() & "/RootDSE")
        Dim strGroupName As String
 
        Dim filterString As String = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" & rGetUserName() & "))"
        Dim domainRoot As New DirectoryEntry("LDAP://" & rDomain() & "/" & rootDSE.Properties("defaultNamingContext")(0).ToString())
        Dim domainSearch As New DirectorySearcher(domainRoot, filterString)
        domainSearch.PropertiesToLoad.Add("memberOf")
 
        Dim domainSearchResult As SearchResult = domainSearch.FindOne()
        strGroupName = "a_Synapse_Admins"
        sResults.Text = "MemberOf: False"
        For Each domainGroup In domainSearchResult.Properties("memberof")
            If InStr(domainGroup, strGroupName) > 0 Then
                sResults.Text = "MemberOf: True"
                Exit For
            End If

Open in new window

0
 
MKC06Author Commented:
Thanks again!
0
 
Chris DentPowerShell DeveloperCommented:

Glad I could help out :)

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.