Drew Wutka
DWUTKA at Marlow.com
Fri Nov 14 15:48:32 CST 2008
Ok, you asked, so sit back and read. I am not going to include any code at this point, because there would be too much to throw at you at once! To start with, there are a few ways to get AD information. The easiest and least code intensive is to just go off of NT User name (or Active Directory Account name). To retrieve this name, is a very simple function (just a few lines of code). You can also retrieve the name of the domain you are on with a simple line of code too. So if you just want to know that jsmith on MyCompany domain is getting into your database, you can use those two simple functions to verify that. HOWEVER, the steps above are going to go off of the credentials of the user currently logged into the machine. It will even work if the user is technically 'offline', because the functions for those will go off of the local machine's cached credentials. This is usually as far as most Access developers will go to integrate their systems with Active Directory. However, if you want to go further, you can actually 'query' Active Directory. Querying AD is a little different then Access Queries. The language is a bit different, different qualifiers, structure, etc. However, by querying AD, you can get a list of all current users, groups, group membership, etc. You can also 'authenticate' a user against Active directory. I have a function that will do that if you provide the username and password. So, if you truly want to make a system that is integrated with Active Directory, I would build a 'user framework'. I do this with a global user class. When it initializes, it gets all the current user information based off of the logged in user, but it can be changed to represent another user through the authentication method I described earlier. All functions/features are then verified through this class. I will caution you, however, that while Access is a great RAD tool, when it is used as a Front End, it is less then secure. I personally have never used AD integration with an Access FE, I have used it with a VB FE and with Web based front ends, where the database is not directly available to the users. So if you are looking to use AD integration as a simple method of user administration, go ahead, but if you are planning on user AD integration for security purposes, I would recommend a different platform for your front end. Drew -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Lawrence Mrazek Sent: Friday, November 14, 2008 1:03 PM To: 'Access Developers discussion and problem solving' Subject: [AccessD] Active Directory Authentication or Lookup for DB Hi Folks: Is it possible to use Active Directory to login to an Access DB (XP in this case)? Can I access the current AD username and groups via VBA code? I'm just trying to see what's possible in this area right now and if anyone is using this functionality in their apps. Thanks in advance. Larry Mrazek ph. 314-432-5886 lmrazek at lcm-res.com http://www.lcm-res.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com The information contained in this transmission is intended only for the person or entity to which it is addressed and may contain II-VI Proprietary and/or II-VI Business Sensitive material. If you are not the intended recipient, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. You are notified that any review, retransmission, copying, disclosure, dissemination, or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.