Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 451
  • Last Modified:

Script to Prompt User for Active Directory Credientials and Log User into Webpage

Our company's technology helpdesk currently has about 10 users created that can log in to it. Each of these user accounts are assigned to a site. Every staff member at that site uses that user to login to the helpdesk. For example, if a user with the Active Directory username "Jmoody" was based at the Atlanta site, he would use the username atlanta and the password georgia to log in to the helpdesk.

What I would like, if possible, is a link that when executed prompts a user for their Active Directory username and crediential. The script then would validate that the credientials exist and check the group membership to see if the supplied username is a member of a distribution group. Let's say that the active directory username was a member of the Atlanta Distribution group, the script would then supply the helpdesk with the helpdesk username and password for the atlanta user.

I do not know if this is possible but I would be very greatful for some help! I hope what I am describing is clear.

Thanks!
0
Joseph Moody
Asked:
Joseph Moody
1 Solution
 
bluntTonyCommented:
I think I understand what you're trying to achieve - and I'm assuming that you mean that the 10 helpdesk logins are not windows integrated, hence why you need to do this.
The below script gets as far as determining whether the user entered is a member of the group, and echoes a message accordingly. You will need to change the variable strDistGroup to the DN of your group. It tests the entered credentials by trying to connect to the root of the domain, if it fails it's considered a bad login. You will need to enter the username in the format DOMAIN\username.
After that, you can echo whatever information you want, although I have to say that this isn't very secure.
Give it a try. Please let me know if I've missed the point :0)

Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_ENCRYPTION = 2
Set objRoot = GetObject("LDAP://RootDSE")
 
strUser = InputBox("Please Enter Username")
strPass = InputBox("Please Enter Password")
strPath = "LDAP://" & objRoot.get("defaultNamingContext")
 
strDistGroup = "<ENTER THE DN OF THE SPECIFIC DISTRIBUTION GROUP HERE>"
 
Set objDSO = GetObject("LDAP:")
On Error Resume Next
Set objDomTest = objDSO.OpenDSObject (strPath, strUser, strPass, ADS_USE_ENCRYPTION OR ADS_SECURE_AUTHENTICATION)
If Err.Number <> 0 Then
	If Err = -2147023570 Then WScript.Echo "Login Failure - Bad Username/Password" Else _
		WScript.Echo "Error: " & Err.Number & " - " & Err.Description
		WScript.Quit
Else
	On Error Goto 0
	strAccount = Mid(strUser,InStr(strUser,"\") + 1)
	Set objUser = GetObject("LDAP://" & getUserDN(strAccount))
	groups = objUser.memberof
	If IsEmpty(groups) Then
		'Nothing
	ElseIf (TypeName(groups) = "String") Then
		If groups = strDistGroup Then booMember = True
	Else
    	For Each strGroup In groups
    		If strGroup = strDistGroup Then booMember = True
    	Next
	End If
	If booMember = True Then WScript.Echo "IS A MEMBER!!!" Else WScript.Echo "NOT A MEMBER!!!"
	
	'**CONTINUE TO DO WHAT YOU NEED HERE***
	
End If
 
 
 
Function getUserDN(strAccount)
Set oRootDSE = GetObject("LDAP://RootDSE")
strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"
strFilter = "(&(objectclass=user)(objectCategory=person)(sAMAccountName=" & strAccount & "));" 
strAttrs  = "distinguishedName;"
strScope  = "subtree"
 
Set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
 
objRS.MoveFirst
getUserDN = Replace(objRS.Fields(0).Value,"/","\/")
End Function

Open in new window

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now