Is this possible?
Anybody got any ideas on how I can retrieve information from AD based on user logon? [Name, email etc]

I use a batch file to display a personalised welcome message in my network apps. It uses the dos 'net user' command the output of which I pipe to a text file and then parse to get the "Full Name".

You don't get email address details so it might not be what you want.

I have also used-

lan = System.GetLANInfo();
user=lan.User

just to get the network username but this isn't really meaningful on our network as payroll numbers are used to logon to the network.

Hope someone comes up with something more useful.

I have noticed from time to time some people have asked, as in the thread how to do Active Directory queries (LDAP) lookups.

I had the same issue and here is what I have come up with using LDAP and the AMSWscript plugin (thanks for the GREAT plugin).

Maybe someone else will get some use out of it.

sUsr = "Joe Blow"

code = [[
sDomainDNSW2Kx = "DomainNameGoesHere.net"
Dim sPath, sUsr, title, phone, allInfo
ssAMAccountName = "]]..sUsr..[["
Set oShell = CreateObject( "WScript.Shell" )
Set oConnection = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOObject"
oConnection.Open "ADs Provider"
Set oCommand.ActiveConnection = oConnection
sQuery = "SELECT DistinguishedName FROM 'LDAP://" & sDomainDNSW2Kx & "' WHERE displayName = '" & ssAMAccountName & "'"
oCommand.CommandText = sQuery
Set oResults = oCommand.Execute
sObjDN = oResults.Fields("DistinguishedName")
sObjDN = "LDAP://" & sObjDN
Set objUser = GetObject(sObjDN)

title = (objUser.title)
phone = (objUser.telephoneNumber)

strInfo = title &"|"& phone
]]

Script.AddCode(code, Script_InternalCode);
result = Script.GetResultAsString("strInfo");

Dialog.Message("Notice", result, MB_OK, MB_ICONINFORMATION, MB_DEFBUTTON1);

In the above example, the title and phone number are being queried.

Just add and remove to get whatever it is you are going after.

Thought I would also include a function to get a list of ALL users assigned to an AD group.

This one uses luacom and LDAP lookup.

grpName = "GROUP-NAME-GOES-HERE"

objGroup = luacom.GetObject("LDAP://cn="..grpName..",ou=OU-NAME-GOES-HERE,dc=DOMAIN-NAME-GOES-HERE,dc=COM")
for e, strUser in objGroup:Member() do
result = String.Left(String.Mid(strUser, 4, -1), String.Find(String.Mid(strUser, 4, -1),",",1,false) - 1);
ListBox.AddItem("ListBox1", result);
end

Ok here is the last one...unless someone needs something having to do with LDAP lookups.

This will get ALL GROUPS A USER IS A MEMBER OF.

This one also uses AMSWscript and LDAP (ADO) for doing the query.

sUsr = "Joe Blow"

code = [[
Option Explicit
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strNTName, varName
Dim objUser, strDN, arrMemberOf, Group
Dim oFilesys, oFiletxt, sPath, sFilename
Dim result

varName = "]]..sUsr..[["

strNTName = varName

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

strFilter = "(&(objectCategory=person)(objectClass=user)" & "(displayName=" & strNTName & "))"

strAttributes = "distinguishedName"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("distinguishedName").Value
Set objUser = GetObject("LDAP://" & strDN)
arrMemberOf = objUser.GetEx("memberOf")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each Group in arrMemberOf
result = result + Group
Next
Else
WScript.Echo vbTab & "memberOf attribute is not set"
Err.Clear
End If
adoRecordset.MoveNext
Loop


adoRecordset.Close
adoConnection.Close

]]

Script.AddCode(code, Script_InternalCode);
stringvalue = Script.GetResultAsString("result");

tblUsrGroups = DelimitedStringToTable(stringvalue, "CN=")
for each, record in tblUsrGroups do
ListBox.AddItem("ListBox1", record, "");
end

How can you use this to authenticate a user in AD to start an application?
Or better yet Radius support.

The way I handle that is to create an AD group and add all the users you want to have access to that app to the group and then check what groups the logged on user is a member of when the app is started.

Or have the user enter a username and then check that.

For multiple apps just repeat the above process.

All the code you need to perform this is already in this thread.

Hope that helps.