MichaelDee72
asked on
How to Query AD to Pull Email Address in Web Page
I would like to query AD to pull the email address of the current logged in user and enter that value into a hidden form field.. I found some code on another question that works to return the AD Full Name value but don't know how to pull the email address... I know this is probably simple but don't have the time to devote looking..
Thanks!
Working Code to pull full name:
Thanks!
Working Code to pull full name:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<%
sLogonUser = Request.ServerVariables("Logon_User")
sDomain = Mid(sLogonUser, 1, Instr(1, sLogonUser, "\") - 1)
sLogonName = Mid(sLogonUser, Instr(1, sLogonUser, "\") + 1)
Response.Write GetUserFullName(sDomain, sLogonName)
Function GetUserFullName(sDomainName, sLogonName)
On Error Resume Next
Set oUser = GetObject("WinNT://" & sDomainName & "/" & sLogonName & ",user")
GetUserFullName = oUser.FullName
Set oUser = Nothing
If Err <> 0 Then
GetUserFullName = "User not found"
End If
End Function
%>
</body>
</html>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Tasmantt
When I try to use this code:
I get:
Microsoft VBScript runtime error '800a01f4'
Variable is undefined: 'strNTName'
/untitled-1.asp, line 19
When I try to use this code:
<%@ LANGUAGE=VBSCRIPT %>
<%Option Explicit%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>ASP Code to access AD with LDAP Page</title>
</head>
<body>
<%
'From Richar Mueller : http://www.rlmueller.net/CharactersEscaped.htm
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' Specify the NetBIOS name of the domain and the NT name of the user.
strNTName = "DOMAIN\USER"
' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Replace any "/" characters with "\/".
' All other characters that need to be escaped already are escaped.
strUserDN = Replace(strUserDN, "/", "\/")
Set objUser = GetObject("LDAP://" & strUserDN)
strMail = objUser.mail
%>
</body>
</html>
I get:
Microsoft VBScript runtime error '800a01f4'
Variable is undefined: 'strNTName'
/untitled-1.asp, line 19
ASKER
@gavsmith; I got that one to work and bring up my details but two things..
1. I want it to bring up the details for whatever user is logged in.. I tried changing the "strUserID=" to sLogonUser = Request.ServerVariables("L ogon_User" ) but that didn't work..
2. Is there any way to not have user/password credentials in the page?
Thanks much!
1. I want it to bring up the details for whatever user is logged in.. I tried changing the "strUserID=" to sLogonUser = Request.ServerVariables("L
2. Is there any way to not have user/password credentials in the page?
Thanks much!
Does Request.ServerVariables("L OGON_USER" ) actually return your username?
If it doesn't try using Request.ServerVariables("A UTH_USER") .
You are then passing sLogonUser to the query instead of strUserID?? (just checking)
- Sorry but I don't know your experience it would have been easier to change to strUserID = Request.ServerVariables("L OGON_USER" )
You do not have to provide credentials at all, but it will then try to use the credentials of the user (client) to query the server using LDAP, which they may not have permissions to do!
P.S you have disabled anonymous access on your webserver right?
If it doesn't try using Request.ServerVariables("A
You are then passing sLogonUser to the query instead of strUserID?? (just checking)
- Sorry but I don't know your experience it would have been easier to change to strUserID = Request.ServerVariables("L
You do not have to provide credentials at all, but it will then try to use the credentials of the user (client) to query the server using LDAP, which they may not have permissions to do!
P.S you have disabled anonymous access on your webserver right?
ASKER
Some further clarification..
1. Yes, I have annoymous access turned off for this page.
2. Request.ServerVariables("L OGON_USER" ) and Request.ServerVariables("A UTH_USER") return the same values: DOMAINNAME\USERABC
3. I just need the USERABC part to be passed as the strUserID so I have to strip off the DOMAINNAME\
4. Lastly, I can't get the Request.ServerVariables("L OGON_USER" ) when <%Option Explicit%> is on line 2 so I don't know what to do there..
1. Yes, I have annoymous access turned off for this page.
2. Request.ServerVariables("L
3. I just need the USERABC part to be passed as the strUserID so I have to strip off the DOMAINNAME\
4. Lastly, I can't get the Request.ServerVariables("L
Please post your modified code, you are possibly just missing a declaration of a variable. I'm just guessing though.
ASKER
<%@ LANGUAGE=VBSCRIPT %>
<%Option Explicit%>
<%
Function getADUserInfo(strUID)
on error resume next
strGeneralLookupError = false
strBase = "<LDAP://DC=DOMAIN,DC=NET>"
strFilter = "(sAMAccountName=" & strUID & ")"
strAttributes = "cn, mail, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
'strAttributes = "cn, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
strScope = "subtree"
strFullCommand = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
set rsADUserInfo = Server.CreateObject("ADODB.Recordset")
set rsADUserInfo = connAD.Execute(strFullCommand)
if err.number <> 0 then
strGeneralLookupError = true
end if
set getADUserInfo = rsADUserInfo
set rsADUserInfo = Nothing
End Function
Sub getUserData(p_strUserID)
on error resume next
set rsUserData = Server.CreateObject("ADODB.Recordset")
set rsUserData = getADUserInfo(p_strUserID)
if not rsUserData.EOF then
strUserGN = rsUserData("givenName")
strUserSN = rsUserData("sn")
strUserOU = rsUserData("company")
strUserEmail = rsUserData("mail")
strUserPhone = rsUserData("telephoneNumber")
else
strADLookupSuccess = false
end if
rsUserData.Close
set rsUserData = Nothing
End Sub
on error resume next
response.expires = 0
DIM connAD, rsUserData, rsADUserInfo
DIM strUserGN, strUserSN, strUserOU, strUserEmail, strUserPhone
DIM strBase, strFilter,strAttributes, strScope, strFullCommand
DIM strGeneralLookupError, strADLookupSuccess
DIM strUserID
strUserGN = "The user can not be found in the system."
strGeneralLookupError = false
strADLookupSuccess = true
set connAD = Server.CreateObject("ADODB.Connection")
connAD.Provider = "ADsDSOObject"
connAD.Properties("User ID") = "domain\user" ' ### remember to make sure this user has rights to access AD
connAD.Properties("Password") = "Password"
connAD.Properties("Encrypt Password") = true
connAD.Open
[b]sLogonUser = Request.ServerVariables("Auth_User")
sLogonName = Mid(sLogonUser, Instr(1, sLogonUser, "\") + 1)
strUserID = sLogonName
[/b]call getUserData(strUserID)
connAD.Close
set connAD = Nothing
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>ASP Code to access AD with LDAP Page</title>
</head>
<body>
<%=sLogonName%>
<%=strUserGN%>
<%=strUserSN%><br />
<%=strUserOU%><br />
<%=strUserEmail%><br />
<%=strUserPhone%><br />
</body>
</html>
ASKER
I tried to bold my changes but since they were inside the code brackets they didn't bold.. Look for th
ASKER
Any ideas?
Try adding sLogonUser to the variable declarations:
DIM connAD, rsUserData, rsADUserInfo
DIM strUserGN, strUserSN, strUserOU, strUserEmail, strUserPhone
DIM strBase, strFilter,strAttributes, strScope, strFullCommand
DIM strGeneralLookupError, strADLookupSuccess
DIM strUserID, sLogonUser
or
The line:
<%Option Explicit%>
requires that you declare all the variables correctly which VBscript usually lets you get away with (i think). Does it work if you just remove that line?? That shouldn't be a problem but if you can, leave it there and make sure you declare all your variables correctly it will help later on.
DIM connAD, rsUserData, rsADUserInfo
DIM strUserGN, strUserSN, strUserOU, strUserEmail, strUserPhone
DIM strBase, strFilter,strAttributes, strScope, strFullCommand
DIM strGeneralLookupError, strADLookupSuccess
DIM strUserID, sLogonUser
or
The line:
<%Option Explicit%>
requires that you declare all the variables correctly which VBscript usually lets you get away with (i think). Does it work if you just remove that line?? That shouldn't be a problem but if you can, leave it there and make sure you declare all your variables correctly it will help later on.
Removing the <%Option Explicit%> allows it to work, sweet!
Next issue is the credentials being stored in the page.. If I comment out:
set connAD = Server.CreateObject("ADODB .Connectio n")
connAD.Provider = "ADsDSOObject"
'connAD.Properties("User ID") = "domain\user" ' ### remember to make sure this user has rights to access AD
'connAD.Properties("Passwo rd") = "Password"
'connAD.Properties("Encryp t Password") = true
connAD.Open
Then I get "The user can not be found in the system".. I understand not all users may have the permissions to query AD but my account does.. To confirm I even put my credentials in the above code and it worked.. However, visiting the page as me with those lines commented out returns use not found.. :S
Next issue is the credentials being stored in the page.. If I comment out:
set connAD = Server.CreateObject("ADODB
connAD.Provider = "ADsDSOObject"
'connAD.Properties("User ID") = "domain\user" ' ### remember to make sure this user has rights to access AD
'connAD.Properties("Passwo
'connAD.Properties("Encryp
connAD.Open
Then I get "The user can not be found in the system".. I understand not all users may have the permissions to query AD but my account does.. To confirm I even put my credentials in the above code and it worked.. However, visiting the page as me with those lines commented out returns use not found.. :S
Why not just ask the user for it...? have a control on your form to pick it up like a text box?
Not ideal.. I don't want another avenue for users to get locked out..
It's probably a double-hop authentication issue... but that's a whole other problem, it would require a new question.
I've requested that this question be deleted for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
I don't think this question has been abandoned the answer just hasn't been accepted. I'd like to think I answered the original question asked.
But you can use information you already get to translate the user name to LDAP name and therefore be able to get email adress. I've attached code from Richard Mueller to achieve this.
Open in new window