I'm trying to do a check to see if a specific active directory user account
exists in active directory AND a specific group. I can't seem to get the
filter down right.
I can do this to find a matching name in active directory:
=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult
osearcher.Filte r = "(&(sAMAccountN ame=jsmith))"
oresult = osearcher.FindA ll
For Each result In oresult
If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
End If
Next
'This results in "jsmith' being printed to the screen (if jsmith exists in
active directory)
=============== =============== =============== ===
I can do this to find a specific group name:
=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult
osearcher.Filte r = "(&(objectCateg ory=Group)(sAMA ccountName=Doma in Admins))"
oresult = osearcher.FindA ll
For Each result In oresult
If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
End If
Next
'This results in "Domain Admins' being printed to the screen
=============== =============== =============== ===
I can even change the osearcher.filte r to just (sAMAccountName =Domain
Admins) and get the same result.
I'm trying to figure out how I can return the result (say, the user name
(samaccountname )) if the search paramater is both in AD and in the specific
group (or just the specific group).
My goal is to do a check like this (pseudocode):
=============== =============== =============== ===
Dim strUser as string = Request.ServerV ariables("AUTH_ USER")
Dim strADUser = osearcher.Filte r = "(&(sAMAccountN ame=" & strUser & "))"
If strUser = strADUser Then
Page.Redirect(T oSomePage)
Else
Page.Redirect(T oFailedPage)
End If
=============== =============== =============== ===
I Also need to check to see if they're in a specific group. I don't know how
I'd go about that. If, for instance, they're in the Sales group in AD, then
I could redirect them to the appropriate page. I could also, of course, keep
them out of other pages if they don't belong.
TIA,
Jim
exists in active directory AND a specific group. I can't seem to get the
filter down right.
I can do this to find a matching name in active directory:
=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult
osearcher.Filte r = "(&(sAMAccountN ame=jsmith))"
oresult = osearcher.FindA ll
For Each result In oresult
If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
End If
Next
'This results in "jsmith' being printed to the screen (if jsmith exists in
active directory)
=============== =============== =============== ===
I can do this to find a specific group name:
=============== =============== =============== ===
Dim oroot As DirectoryEntry = New DirectoryEntry( "LDAP://my.domain.local ")
Dim osearcher As DirectorySearch er = New DirectorySearch er(oroot)
Dim oresult As SearchResultCol lection
Dim result As SearchResult
osearcher.Filte r = "(&(objectCateg ory=Group)(sAMA ccountName=Doma in Admins))"
oresult = osearcher.FindA ll
For Each result In oresult
If Not result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value Is
Nothing Then
Response.Write( result.GetDirec toryEntry.Prope rties("SAMAccou ntName").Value
& "<br />")
End If
Next
'This results in "Domain Admins' being printed to the screen
=============== =============== =============== ===
I can even change the osearcher.filte r to just (sAMAccountName =Domain
Admins) and get the same result.
I'm trying to figure out how I can return the result (say, the user name
(samaccountname )) if the search paramater is both in AD and in the specific
group (or just the specific group).
My goal is to do a check like this (pseudocode):
=============== =============== =============== ===
Dim strUser as string = Request.ServerV ariables("AUTH_ USER")
Dim strADUser = osearcher.Filte r = "(&(sAMAccountN ame=" & strUser & "))"
If strUser = strADUser Then
Page.Redirect(T oSomePage)
Else
Page.Redirect(T oFailedPage)
End If
=============== =============== =============== ===
I Also need to check to see if they're in a specific group. I don't know how
I'd go about that. If, for instance, they're in the Sales group in AD, then
I could redirect them to the appropriate page. I could also, of course, keep
them out of other pages if they don't belong.
TIA,
Jim
Comment