[AccessD] Update a database using Active Directory

MartyConnelly martyconnelly at shaw.ca
Fri Mar 16 19:14:36 CDT 2007


You can get via LDAP and ADSI Sample code follows
May have to be run from Network admin account

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/groups/#EnumGroupmembership.htm

Returns information about the manager assigned to an Active Directory 
security group named Scientists.

On Error Resume Next
 
Set objGroup = GetObject _
  ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
 
strManagedBy = objGroup.Get("managedBy")
 
If IsEmpty(strManagedBy) = TRUE Then
  WScript.Echo "No user account is assigned to manage " & _
    "this group."
Else
  Set objUser = GetObject("LDAP://" & strManagedBy)
  strPhysicalDeliveryOfficeName = _
    objUser.Get("physicalDeliveryOfficeName")
  strStreetAddress = objUser.Get("streetAddress")
  strLocalityName = objUser.Get("l")
  strStateProvince = objUser.Get("st")
  strCountryName = objUser.Get("c")
  strTelephoneNumber = objUser.Get("telephoneNumber")
  strFacsimileTelephoneNumber = _
    objUser.Get("facsimileTelephoneNumber")
 
  Call GetUpdateMemberList
 
  WScript.echo "physicalDeliveryOfficeName: " & _
    strPhysicalDeliveryOfficeName 
  WScript.echo "streetAddress: " & strStreetAddress
  WScript.echo "l: " & strLocalityName
  WScript.echo "state/province: " & strStateProvince
  WScript.echo "c: " & strCountryName
  WScript.echo "telephoneNumber: " & strTelephoneNumber
  WScript.echo "facsimileTelephoneNumber: " & _
    strFacsimileTelephoneNumber
End If
 
Sub GetUpdateMemberList
  Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
  Const Member_SchemaIDGuid = "{BF9679C0-0DE6-11D0-A285-00AA003049E2}"
  Const ADS_RIGHT_DS_WRITE_PROP = &H20
  objUser.GetInfoEx Array("canonicalName"),0
  strCanonicalName = objUser.Get("canonicalName")
  strDomain = Mid(strCanonicalName,1,InStr(1,strCanonicalName,".")-1)
  strSAMAccountName = objUser.Get("sAMAccountName")
 
  Set objNtSecurityDescriptor = objGroup.Get("ntSecurityDescriptor")
  Set objDiscretionaryAcl = objNtSecurityDescriptor.DiscretionaryAcl
 
  blnMatch = False
  For Each objAce In objDiscretionaryAcl
    If LCase(objAce.Trustee) = _
      LCase(strDomain & "\" & strSAMAccountName) AND _
      objAce.ObjectType =  Member_SchemaIDGuid AND _
      objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT AND _
      objAce.AccessMask And ADS_RIGHT_DS_WRITE_PROP Then
      blnMatch = True
    End If 
  Next
  If blnMatch Then
    WScript.Echo "Manager can update the member list"
  Else
    WScript.Echo "Manager cannot update the member list."
  End If
End Sub

Martin Reid wrote:

>Drew
> 
>Can you explain how you hit the AD form Access for example If I wanted a simple connection to pull name, location, telephone and unit form the AD. Stick this in Access and build a little .net search interface to it on the web.
> 
>What permissions on the AD would I need?
> 
>Whats the conenction strings or process? 
> 
>I can even connect to teh AD I can figure the rest out.
> 
>Martin
> 
> 
> 
>Martin WP Reid
>Training and Assessment Unit
>Riddle Hall
>Belfast
> 
>tel: 02890 974477
> 
>
> 
>
Marty Connelly
Victoria, B.C.
Canada




More information about the AccessD mailing list