WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

ADSI
plus

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Member of Nested Group


Question:

I'm using the dsisMemberGrp function to check for group membership. But it appears to only look for objects directly in the group specified. It is possible for this function to return a success if the queried user is a member of a GROUP nested within the group queried? For instance:
user = me
group1: the only member is 'group2'

group2: the only member is 'me' Does this make sense?

Answer:

Unfortunately, the "dsisMemberGrp" function only works for testing direct membership, mostly because of the way MSFT desided to implement ADSI.

In order to find indirect membership you can trace the group nesting tree and test each group. Or you can get a list of all the groups a user belongs to using "dsGetUsersGrps" and search the result for the group of interest. The second method is much easier but some users have reported problems with the "dsGetUserGrp" function when they attempt to use it on a large number of users in quick succession. You can try it for yourself to see if it will work for you.

Here is a snippet from a script that may get you started:

UserPath = "LDAP://shamrock/CN=Homer Simpson,CN=Users,DC=jClass,DC=org"
TargetGroup = "Test Group"

; Get the user's group's names.
GroupNames = ""
Groups = dsGetUsersGrps(UserPath)
Count = ItemCount(Groups, @Tab)
for i=1 to Count
   GroupPath = ItemExtract(i, Groups, @Tab)
   GroupName = ItemExtract(1, GroupPath, ",")
   GroupName = ItemExtract(2, GroupName, "=")
   ;message("Group Name", GroupName)
   if StriCmp(GroupName, TargetGroup) == 0 then break
next

; Show the result.
if i < Count
   message(UserPath, "Is a member of %TargetGroup%")
else
   message(UserPath, "Is NOT a member of %TargetGroup%")
endif

Article ID:   W16319
File Created: 2005:02:18:12:19:48
Last Updated: 2005:02:18:12:19:48