Script to Prompt User for Active Directory Credientials and Log User into Webpage

Posted on 2009-04-27
Last Modified: 2013-12-24
Our company's technology helpdesk currently has about 10 users created that can log in to it. Each of these user accounts are assigned to a site. Every staff member at that site uses that user to login to the helpdesk. For example, if a user with the Active Directory username "Jmoody" was based at the Atlanta site, he would use the username atlanta and the password georgia to log in to the helpdesk.

What I would like, if possible, is a link that when executed prompts a user for their Active Directory username and crediential. The script then would validate that the credientials exist and check the group membership to see if the supplied username is a member of a distribution group. Let's say that the active directory username was a member of the Atlanta Distribution group, the script would then supply the helpdesk with the helpdesk username and password for the atlanta user.

I do not know if this is possible but I would be very greatful for some help! I hope what I am describing is clear.

Question by:Joseph Moody
    1 Comment
    LVL 27

    Accepted Solution

    I think I understand what you're trying to achieve - and I'm assuming that you mean that the 10 helpdesk logins are not windows integrated, hence why you need to do this.
    The below script gets as far as determining whether the user entered is a member of the group, and echoes a message accordingly. You will need to change the variable strDistGroup to the DN of your group. It tests the entered credentials by trying to connect to the root of the domain, if it fails it's considered a bad login. You will need to enter the username in the format DOMAIN\username.
    After that, you can echo whatever information you want, although I have to say that this isn't very secure.
    Give it a try. Please let me know if I've missed the point :0)

    Set objRoot = GetObject("LDAP://RootDSE")
    strUser = InputBox("Please Enter Username")
    strPass = InputBox("Please Enter Password")
    strPath = "LDAP://" & objRoot.get("defaultNamingContext")
    Set objDSO = GetObject("LDAP:")
    On Error Resume Next
    Set objDomTest = objDSO.OpenDSObject (strPath, strUser, strPass, ADS_USE_ENCRYPTION OR ADS_SECURE_AUTHENTICATION)
    If Err.Number <> 0 Then
    	If Err = -2147023570 Then WScript.Echo "Login Failure - Bad Username/Password" Else _
    		WScript.Echo "Error: " & Err.Number & " - " & Err.Description
    	On Error Goto 0
    	strAccount = Mid(strUser,InStr(strUser,"\") + 1)
    	Set objUser = GetObject("LDAP://" & getUserDN(strAccount))
    	groups = objUser.memberof
    	If IsEmpty(groups) Then
    	ElseIf (TypeName(groups) = "String") Then
    		If groups = strDistGroup Then booMember = True
        	For Each strGroup In groups
        		If strGroup = strDistGroup Then booMember = True
    	End If
    	If booMember = True Then WScript.Echo "IS A MEMBER!!!" Else WScript.Echo "NOT A MEMBER!!!"
    End If
    Function getUserDN(strAccount)
    Set oRootDSE = GetObject("LDAP://RootDSE")
    strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"
    strFilter = "(&(objectclass=user)(objectCategory=person)(sAMAccountName=" & strAccount & "));" 
    strAttrs  = "distinguishedName;"
    strScope  = "subtree"
    Set objConn = CreateObject("ADODB.Connection")
    objConn.Provider = "ADsDSOObject"
    objConn.Open "Active Directory Provider"
    Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
    getUserDN = Replace(objRS.Fields(0).Value,"/","\/")
    End Function

    Open in new window


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    CCModeler offers a way to enter basic information like entities, attributes and relationships and export them as yEd or erviz diagram. It also can import existing Access or SQL Server tables with relationships.
    Read about achieving the basic levels of HRIS security in the workplace.
    Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now