Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

• !!DISCLAIMER!!
• AD Syncronization
• Add Computer to an Active Directory Group
• ADSI COM Find Primary Group
• ADSI COM List Groups
• ADSI Create Group
• ADSI Extender Security Descriptor Sample
• ADSI Get OU Properties
• ADSI Get Subgroups of Group
• ADSI List Group Names and Email Property
• ADSI Primer
• ADSI Query String Creator
• Create a Mail Enabled Contact
• Create Enable and Disable User Account
• Create Exchange 2000 User Account
• Create IIS Virtual Directory
• Create User in AD with CSV file
• Delete Computer Account
• Determine if a WS and a server are in the same AD Site
• Determine LastLogin
• DsGetDcName
• Figure out User Account Attributes
• Get a list of users and write out to CSV file
• Get all Domain printers
• Get Date User Account was Created
• Get Nested User Groups
• Get TCP IP Configuration From Each Domain Controller
• Get User Information From Another Domain
• Getting E-Mail Address for all users in OU
• Group Exist
• Hierarchically Adding Users to Groups
• JoinDomain
• List ADSI Paths of Groups and their Members
• List All Servers in the Current Domain
• List Users
• OLE COM dsGetMemGrps Alternative
• Recursive DsGetMemGrp Example
• REmove User from Printer Object
• Set Home Directory for User
• Translate NT Name to LDAP Path
• Traverse OU and Generate a Report of Objects
• Useful ADSI Site server functions

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Get Nested User Groups

---

The following is far from polished but may give you an idea or two. It uses both ADSI COM objects and the ADIS extender to get all groups. It will be much slower than the extender but in this case that may be a good thing.

AddExtender("wwads34i.dll")  ;;; Adsi extender

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;; User Defined Functions
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;***************************************************************************
;**  Recursive function that adds each group's groups to the list.
;**  Input sPreFix - moniker prefix LDAP:// + server or domain or ""
;**        sGroup  - DN of group to add
;**        lGroup  - tab delimited list of groups so far
;**  Return - list of groups with group DNs+Prefix added.
;***************************************************************************
#DefineFunction AddGroups(sPreFix, sGroup, lGroups)

   ;Get the group object.
   saMemberOf = 0
   LastError()
   nErrorMode = ErrorMode(@OFF)
   objGroup = ObjectGet( StrCat(sPrefix, sGroup) )

   ; Make sure an object was returned.
   If ObjectTypeGet(objGroup) == "DISPATCH"
      saMemberOf = objGroup.GetEx("MemberOf")
    EndIf
   ErrorMode(nErrorMode)

   ; Only if user has groups.
   If ObjectTypeGet(saMemberOf) == "ARRAY|VARIANT"

      ; Add each group's groups
      ForEach sGroup In saMemberOf
         If sGroup != ""
            lGroups = AddGroups(sPrefix, sGroup, lGroups)
            lGroups = ItemInsert( StrCat(sPrefix, sGroup) , -1, lGroups, @TAB)
         EndIf
      Next
   EndIf

   objGroup = 0
   Return lGroups
#EndFunction


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;; Main - Get all groups for a user.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

ADS_SECURE_AUTHENTICATION = 1       ; Regular authentication
sPrefix    = "LDAP://shamrock/"   ; Using server but could be domain.
sUser      = "jclass\GuessWho"    ; Credentials
sPassword  = "*TopSecret*"
lGroups    = ""                   ; Result as list of group paths.

;  Get the top level class object
objLdap  = ObjectGet("LDAP:")

; Create target user path
sAdsPath = StrCat(sPrefix,"CN=Homer Simpson,CN=Users,DC=jclass,DC=org")

; Can use ObjectGet, if an AD object is open.
objUser  = objLdap.OpenDsObject( sAdsPath, sUser, sPassword, ADS_SECURE_AUTHENTICATION)

; This call will error if the user only has a primary group.
saMemberOf = 0
LastError()
nErrorMode = ErrorMode(@OFF)
saMemberOf = objUser.GetEx("MemberOf")
ErrorMode(nErrorMode)


; Does the user belongs any groups?
If ObjectTypeGet(saMemberOf) == "ARRAY|VARIANT"

   ForEach sGroup In saMemberOf

      ; A group object?
      If sGroup != ""

         ; Add parent groups.
         lGroups = AddGroups(sPreFix, sGroup, lGroups)
         lGroups = ItemInsert( StrCat(sPrefix, sGroup), -1, lGroups, @TAB)
      EndIf
   Next

EndIf

;******************************************************
; Note that we are hanging on to the user object so we
; don't have to re-autenticate.
;******************************************************

; Use the extender to get the Primary group
; (Can be done with COM but is a bit convoluted. if dsGetPrimGrp
; is causing a problem, a COM based solution can be worked up.)
sPrimeGroup = dsGetPrimGrp(sAdsPath)

; Get the dn so we don't have to parse the full path.
sPrimeGroup = dsGetProperty(sPrimeGroup, "distinguishedName")

; Now add any parent groups.
lGroups = AddGroups(sPreFix, sPrimeGroup, lGroups)

; Finally, add the primary group.
lGroups = ItemInsert( StrCat(sPrefix, sPrimeGroup), -1, lGroups, @TAB)

; Finish cleanup
objUser = 0
objLdap = 0

; Did it work?
Message("Groups", lGroups)

---

Article ID:   W16813

File Created: 2007:07:03:14:26:22

Last Updated: 2007:07:03:14:26:22