Aaron Cumiskey
asked on
End user web based AD attribute viewer
Hi Experts,
Environment: Corp LAN, MS servers and clients, W2k3 and WinXP, 5000 userbase
Goal: To provide the userbase with an intranet URL which displays a page showing an attribute named "houseIdentifier" from their AD user account object. The page must obviously deduce the user account details automatically to look at the right user object in AD.
My expectation: A browser page with a script to interrogate AD for the data
Let me know if you need more.
Environment: Corp LAN, MS servers and clients, W2k3 and WinXP, 5000 userbase
Goal: To provide the userbase with an intranet URL which displays a page showing an attribute named "houseIdentifier" from their AD user account object. The page must obviously deduce the user account details automatically to look at the right user object in AD.
My expectation: A browser page with a script to interrogate AD for the data
Let me know if you need more.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Saved as a html file, opening with MSIE 6.0 - but did not result in any contents on the page.
The Title was correct, and viewing the source showed your code as written above, but no output to the page (?)
The relevant Windows domain account has data in the fields/attributes being requested.
(I cannot code for toffee, so excuse this question - Is the strop/apostrophe on line 36 intentional?)
What should we try next?
The Title was correct, and viewing the source showed your code as written above, but no output to the page (?)
The relevant Windows domain account has data in the fields/attributes being requested.
(I cannot code for toffee, so excuse this question - Is the strop/apostrophe on line 36 intentional?)
What should we try next?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah thanks Jo.
Will test it tomorrow.
Will test it tomorrow.
ASKER
I have enabled asp on an IIS server, and removed the anonymous access, and we are seeing the attached error in the browser.
I am a novice when it comes to IIS
permissions.PNG
browser-error.PNG
I am a novice when it comes to IIS
permissions.PNG
browser-error.PNG
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After testing I see that the credentials required are for a security context for the request to be made of AD.
Good.
I am guessing the answer to this is no, else you would have done it but -
Is it not possible to use the currently logged on account of the server process running the script, for a security context under which to query AD?
I.E. I would like to avoid putting credentials in the clear
Good.
I am guessing the answer to this is no, else you would have done it but -
Is it not possible to use the currently logged on account of the server process running the script, for a security context under which to query AD?
I.E. I would like to avoid putting credentials in the clear
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. I wont go with the reduction of application protection, but shall use the hard coded user (created a domain a/c and locked it down)
ASKER