asked on

How to Query AD to Pull Email Address in Web Page

I would like to query AD to pull the email address of the current logged in user and enter that value into a hidden form field.. I found some code on another question that works to return the AD Full Name value but don't know how to pull the email address... I know this is probably simple but don't have the time to devote looking..

Thanks!

Working Code to pull full name:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<%
sLogonUser = Request.ServerVariables("Logon_User")
sDomain = Mid(sLogonUser, 1, Instr(1, sLogonUser, "\") - 1)
sLogonName = Mid(sLogonUser, Instr(1, sLogonUser, "\") + 1)

Response.Write GetUserFullName(sDomain, sLogonName)

Function GetUserFullName(sDomainName, sLogonName)
    On Error Resume Next
    
    Set oUser = GetObject("WinNT://" & sDomainName & "/" & sLogonName & ",user")
    GetUserFullName = oUser.FullName
    Set oUser = Nothing
    
    If Err <> 0 Then
        GetUserFullName = "User not found"
    End If
End Function
%> 

</body>
</html>

Open in new window

ASKER CERTIFIED SOLUTION

gavsmith

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Tasmant

You cannot retrieve email address using the WinNT provider. (http://msdn.microsoft.com/en-us/library/aa746507%28VS.85%29.aspx)
But you can use information you already get to translate the user name to LDAP name and therefore be able to get email adress. I've attached code from Richard Mueller to achieve this.

'From Richar Mueller : http://www.rlmueller.net/CharactersEscaped.htm

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify the NetBIOS name of the domain and the NT name of the user.
strNTName = "MyDomain\TestUser"

' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")

objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName

strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Replace any "/" characters with "\/".
' All other characters that need to be escaped already are escaped.

strUserDN = Replace(strUserDN, "/", "\/")
Set objUser = GetObject("LDAP://" & strUserDN)
strMail = objUser.mail

Open in new window

MichaelDee72

ASKER

@Tasmantt

When I try to use this code:

<%@ LANGUAGE=VBSCRIPT %>
<%Option Explicit%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>ASP Code to access AD with LDAP Page</title>
</head>
<body>
<%
'From Richar Mueller : http://www.rlmueller.net/CharactersEscaped.htm

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify the NetBIOS name of the domain and the NT name of the user.
strNTName = "DOMAIN\USER"

' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")

objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_NT4, strNTName

strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Replace any "/" characters with "\/".
' All other characters that need to be escaped already are escaped.

strUserDN = Replace(strUserDN, "/", "\/")
Set objUser = GetObject("LDAP://" & strUserDN)
strMail = objUser.mail
%>

</body>
</html>

Open in new window

I get:

Microsoft VBScript runtime error '800a01f4'

Variable is undefined: 'strNTName'

/untitled-1.asp, line 19

MichaelDee72

ASKER

@gavsmith; I got that one to work and bring up my details but two things..

1. I want it to bring up the details for whatever user is logged in.. I tried changing the "strUserID=" to sLogonUser = Request.ServerVariables("Logon_User") but that didn't work..

2. Is there any way to not have user/password credentials in the page?

Thanks much!

gavsmith

Does Request.ServerVariables("LOGON_USER") actually return your username?
If it doesn't try using Request.ServerVariables("AUTH_USER").

You are then passing sLogonUser to the query instead of strUserID?? (just checking)
- Sorry but I don't know your experience it would have been easier to change to strUserID = Request.ServerVariables("LOGON_USER")

You do not have to provide credentials at all, but it will then try to use the credentials of the user (client) to query the server using LDAP, which they may not have permissions to do!

P.S you have disabled anonymous access on your webserver right?

MichaelDee72

ASKER

Some further clarification..

1. Yes, I have annoymous access turned off for this page.
2. Request.ServerVariables("LOGON_USER") and Request.ServerVariables("AUTH_USER") return the same values: DOMAINNAME\USERABC
3. I just need the USERABC part to be passed as the strUserID so I have to strip off the DOMAINNAME\
4. Lastly, I can't get the Request.ServerVariables("LOGON_USER") when <%Option Explicit%> is on line 2 so I don't know what to do there..

gavsmith

Please post your modified code, you are possibly just missing a declaration of a variable. I'm just guessing though.

MichaelDee72

ASKER

<%@ LANGUAGE=VBSCRIPT %>
<%Option Explicit%>
<%
Function getADUserInfo(strUID)
	on error resume next
	strGeneralLookupError = false
	strBase = "<LDAP://DC=DOMAIN,DC=NET>"
	strFilter = "(sAMAccountName=" & strUID & ")" 
	strAttributes = "cn, mail, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	'strAttributes = "cn, company, givenName, sn, ADsPath, name, sAMAccountName, telephoneNumber"
	strScope = "subtree"	
	strFullCommand = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
	set rsADUserInfo = Server.CreateObject("ADODB.Recordset")
	set	rsADUserInfo = connAD.Execute(strFullCommand)
	if err.number <> 0 then
		strGeneralLookupError = true
	end if
	set getADUserInfo = rsADUserInfo
	set rsADUserInfo = Nothing
End Function

Sub getUserData(p_strUserID)
	on error resume next
	set rsUserData = Server.CreateObject("ADODB.Recordset")
	set rsUserData = getADUserInfo(p_strUserID)
	if not rsUserData.EOF then
		strUserGN = rsUserData("givenName")
		strUserSN = rsUserData("sn")
		strUserOU = rsUserData("company")
		strUserEmail = rsUserData("mail")
		strUserPhone = rsUserData("telephoneNumber")
	else
		strADLookupSuccess = false
	end if
	rsUserData.Close
	set rsUserData = Nothing
End Sub

on error resume next

response.expires = 0

DIM connAD, rsUserData, rsADUserInfo
DIM strUserGN, strUserSN, strUserOU, strUserEmail, strUserPhone
DIM strBase, strFilter,strAttributes, strScope, strFullCommand
DIM strGeneralLookupError, strADLookupSuccess
DIM strUserID

strUserGN = "The user can not be found in the system."
strGeneralLookupError = false
strADLookupSuccess = true

set connAD = Server.CreateObject("ADODB.Connection")
connAD.Provider = "ADsDSOObject"
connAD.Properties("User ID") = "domain\user" ' ### remember to make sure this user has rights to access AD
connAD.Properties("Password") = "Password"
connAD.Properties("Encrypt Password") = true
connAD.Open

[b]sLogonUser = Request.ServerVariables("Auth_User")
sLogonName = Mid(sLogonUser, Instr(1, sLogonUser, "\") + 1)

strUserID = sLogonName
[/b]call getUserData(strUserID)

connAD.Close
set connAD = Nothing
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>ASP Code to access AD with LDAP Page</title>
</head>
<body>

<%=sLogonName%>
<%=strUserGN%>&nbsp;
<%=strUserSN%><br />
<%=strUserOU%><br />
<%=strUserEmail%><br />
<%=strUserPhone%><br />
</body>
</html>

Open in new window

MichaelDee72

ASKER

I tried to bold my changes but since they were inside the code brackets they didn't bold.. Look for th

MichaelDee72

ASKER

Any ideas?

gavsmith

Try adding sLogonUser to the variable declarations:

DIM connAD, rsUserData, rsADUserInfo
DIM strUserGN, strUserSN, strUserOU, strUserEmail, strUserPhone
DIM strBase, strFilter,strAttributes, strScope, strFullCommand
DIM strGeneralLookupError, strADLookupSuccess
DIM strUserID, sLogonUser

or

The line:
<%Option Explicit%>
requires that you declare all the variables correctly which VBscript usually lets you get away with (i think). Does it work if you just remove that line?? That shouldn't be a problem but if you can, leave it there and make sure you declare all your variables correctly it will help later on.

TBIRD2340

Removing the <%Option Explicit%> allows it to work, sweet!

Next issue is the credentials being stored in the page.. If I comment out:

set connAD = Server.CreateObject("ADODB.Connection")
connAD.Provider = "ADsDSOObject"
'connAD.Properties("User ID") = "domain\user" ' ### remember to make sure this user has rights to access AD
'connAD.Properties("Password") = "Password"
'connAD.Properties("Encrypt Password") = true
connAD.Open

Then I get "The user can not be found in the system".. I understand not all users may have the permissions to query AD but my account does.. To confirm I even put my credentials in the above code and it worked.. However, visiting the page as me with those lines commented out returns use not found.. :S

GlobaLevel

Why not just ask the user for it...? have a control on your form to pick it up like a text box?

TBIRD2340

Not ideal.. I don't want another avenue for users to get locked out..

gavsmith

It's probably a double-hop authentication issue... but that's a whole other problem, it would require a new question.

Guy Hengel [angelIII / a3]

I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

gavsmith

I don't think this question has been abandoned the answer just hasn't been accepted. I'd like to think I answered the original question asked.