MartyConnelly
martyconnelly at shaw.ca
Fri Mar 16 19:14:36 CDT 2007
You can get via LDAP and ADSI Sample code follows
May have to be run from Network admin account
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/groups/#EnumGroupmembership.htm
Returns information about the manager assigned to an Active Directory
security group named Scientists.
On Error Resume Next
Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
strManagedBy = objGroup.Get("managedBy")
If IsEmpty(strManagedBy) = TRUE Then
WScript.Echo "No user account is assigned to manage " & _
"this group."
Else
Set objUser = GetObject("LDAP://" & strManagedBy)
strPhysicalDeliveryOfficeName = _
objUser.Get("physicalDeliveryOfficeName")
strStreetAddress = objUser.Get("streetAddress")
strLocalityName = objUser.Get("l")
strStateProvince = objUser.Get("st")
strCountryName = objUser.Get("c")
strTelephoneNumber = objUser.Get("telephoneNumber")
strFacsimileTelephoneNumber = _
objUser.Get("facsimileTelephoneNumber")
Call GetUpdateMemberList
WScript.echo "physicalDeliveryOfficeName: " & _
strPhysicalDeliveryOfficeName
WScript.echo "streetAddress: " & strStreetAddress
WScript.echo "l: " & strLocalityName
WScript.echo "state/province: " & strStateProvince
WScript.echo "c: " & strCountryName
WScript.echo "telephoneNumber: " & strTelephoneNumber
WScript.echo "facsimileTelephoneNumber: " & _
strFacsimileTelephoneNumber
End If
Sub GetUpdateMemberList
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const Member_SchemaIDGuid = "{BF9679C0-0DE6-11D0-A285-00AA003049E2}"
Const ADS_RIGHT_DS_WRITE_PROP = &H20
objUser.GetInfoEx Array("canonicalName"),0
strCanonicalName = objUser.Get("canonicalName")
strDomain = Mid(strCanonicalName,1,InStr(1,strCanonicalName,".")-1)
strSAMAccountName = objUser.Get("sAMAccountName")
Set objNtSecurityDescriptor = objGroup.Get("ntSecurityDescriptor")
Set objDiscretionaryAcl = objNtSecurityDescriptor.DiscretionaryAcl
blnMatch = False
For Each objAce In objDiscretionaryAcl
If LCase(objAce.Trustee) = _
LCase(strDomain & "\" & strSAMAccountName) AND _
objAce.ObjectType = Member_SchemaIDGuid AND _
objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT AND _
objAce.AccessMask And ADS_RIGHT_DS_WRITE_PROP Then
blnMatch = True
End If
Next
If blnMatch Then
WScript.Echo "Manager can update the member list"
Else
WScript.Echo "Manager cannot update the member list."
End If
End Sub
Martin Reid wrote:
>Drew
>
>Can you explain how you hit the AD form Access for example If I wanted a simple connection to pull name, location, telephone and unit form the AD. Stick this in Access and build a little .net search interface to it on the web.
>
>What permissions on the AD would I need?
>
>Whats the conenction strings or process?
>
>I can even connect to teh AD I can figure the rest out.
>
>Martin
>
>
>
>Martin WP Reid
>Training and Assessment Unit
>Riddle Hall
>Belfast
>
>tel: 02890 974477
>
>
>
>
Marty Connelly
Victoria, B.C.
Canada