Windows server 2008, cannot run Active Directory Users and Computers

Asked By 7060 points N/A Posted on -
qa-featured

I have a .net 2008 desktop application that I would like to be able to coordinate access rights per user by taking information from windows authentication and tying that information to the active directory.

Basically I would like to take the username from windows authentication and pass that information to the active directory so I can determine what groups the user has access to.

SHARE
Best Answer by ronwilke
Best Answer
Best Answer
Answered By 0 points N/A #80193

Windows server 2008, cannot run Active Directory Users and Computers

qa-featured

let me answer

If the user is authenticated to the domain you can use ADsysteminfo object to retrieve  their distinguished Name

With the distinguished Name you can bind to the user object in AD and invoke the IADsUser interface to retrieve any attributes desired, such as MemberOf. The MemberOf attribute is a collection of the distinguished Names of the groups the user is a direct member of (except their "primary" group, which should be "Domain Users").

If you have only one or a few group memberships to check, it would be more efficient to bind to the group object in AD and use the IsMember method (exposed by the IADsGroup interface) of the object to check if the current user (retrieved from ADSystemInfo) is a member. Details depend on the language, but you should find documentation in MSDN.

Here is a VB example:

Dim SysInfo As New ADSystemInfo

UserDN=SysInfo.UserName

Dim Group  As IADsGroup

Set Group = GetObject (("LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com")
If  (Group.IsMember("LDAP://" & UserDN) = True) Then
' Current user is a direct member of the group.
Else
' Current user is NOT a direct member of the group.
End If

 

 

 

 

Login/Register to Answer

Related Questions