AMS7 & Active Directory

[Derek]

Is this possible?
Anybody got any ideas on how I can retrieve information from AD based on user logon? [Name, email etc]

[longedge]

I use a batch file to display a personalised welcome message in my network apps. It uses the dos 'net user' command the output of which I pipe to a text file and then parse to get the "Full Name".

You don't get email address details so it might not be what you want.

I have also used-

Code:

lan = System.GetLANInfo();
user=lan.User

just to get the network username but this isn't really meaningful on our network as payroll numbers are used to logon to the network.

Hope someone comes up with something more useful.

[mwreyf1]

I have noticed from time to time some people have asked, as in the thread how to do Active Directory queries (LDAP) lookups.

I had the same issue and here is what I have come up with using LDAP and the AMSWscript plugin (thanks for the GREAT plugin).

Maybe someone else will get some use out of it.

Code:

sUsr = "Joe Blow"

code = [[
	sDomainDNSW2Kx = "DomainNameGoesHere.net"
	Dim sPath, sUsr, title, phone, allInfo
	ssAMAccountName = "]]..sUsr..[["
	Set oShell = CreateObject( "WScript.Shell" )
	Set oConnection = CreateObject("ADODB.Connection")
	Set oCommand = CreateObject("ADODB.Command")
	oConnection.Provider = "ADsDSOObject"
	oConnection.Open "ADs Provider"
	Set oCommand.ActiveConnection = oConnection
	sQuery = "SELECT DistinguishedName FROM 'LDAP://" & sDomainDNSW2Kx & "' WHERE displayName = '" & ssAMAccountName & "'"
	oCommand.CommandText = sQuery
	Set oResults = oCommand.Execute
	sObjDN = oResults.Fields("DistinguishedName")
	sObjDN = "LDAP://" & sObjDN
	Set objUser = GetObject(sObjDN) 
	
	title = (objUser.title)
	phone = (objUser.telephoneNumber)
	
	strInfo = title &"|"& phone
]]

Script.AddCode(code, Script_InternalCode);
result = Script.GetResultAsString("strInfo");

Dialog.Message("Notice", result, MB_OK, MB_ICONINFORMATION, MB_DEFBUTTON1);

In the above example, the title and phone number are being queried.

Just add and remove to get whatever it is you are going after.

[mwreyf1]

Thought I would also include a function to get a list of ALL users assigned to an AD group.

This one uses luacom and LDAP lookup.

Code:

grpName = "GROUP-NAME-GOES-HERE"

objGroup = luacom.GetObject("LDAP://cn="..grpName..",ou=OU-NAME-GOES-HERE,dc=DOMAIN-NAME-GOES-HERE,dc=COM")
for e, strUser in objGroup:Member() do
	result = String.Left(String.Mid(strUser, 4, -1), String.Find(String.Mid(strUser, 4, -1),",",1,false) - 1);
	ListBox.AddItem("ListBox1", result);
end

[mwreyf1]

Ok here is the last one...unless someone needs something having to do with LDAP lookups.

This will get ALL GROUPS A USER IS A MEMBER OF.

This one also uses AMSWscript and LDAP (ADO) for doing the query.

Code:

sUsr = "Joe Blow"

code = [[
	Option Explicit 
	Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
	
	Dim adoCommand, adoConnection, strBase, strFilter, strAttributes 
	Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strNTName, varName
	Dim objUser, strDN, arrMemberOf, Group
	Dim oFilesys, oFiletxt, sPath, sFilename
	Dim result
	
	varName = "]]..sUsr..[["
	
	strNTName = varName
	
	Set adoCommand = CreateObject("ADODB.Command") 
	Set adoConnection = CreateObject("ADODB.Connection") 
	adoConnection.Provider = "ADsDSOObject" 
	adoConnection.Open "Active Directory Provider" 
	adoCommand.ActiveConnection = adoConnection 
	
	Set objRootDSE = GetObject("LDAP://RootDSE") 
	
	strDNSDomain = objRootDSE.Get("defaultNamingContext") 
	strBase = "<LDAP://" & strDNSDomain & ">" 
	
	strFilter = "(&(objectCategory=person)(objectClass=user)" & "(displayName=" & strNTName & "))" 
	
	strAttributes = "distinguishedName" 
	
	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" 
	adoCommand.CommandText = strQuery 
	adoCommand.Properties("Page Size") = 100 
	adoCommand.Properties("Timeout") = 30 
	adoCommand.Properties("Cache Results") = False 
	
	Set adoRecordset = adoCommand.Execute 
	
	Do Until adoRecordset.EOF 
		strDN = adoRecordset.Fields("distinguishedName").Value 
		Set objUser = GetObject("LDAP://" & strDN) 
		arrMemberOf = objUser.GetEx("memberOf")
		If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
			For Each Group in arrMemberOf
				result = result + Group
			Next
		Else
			WScript.Echo vbTab & "memberOf attribute is not set"
			Err.Clear
		End If
	    adoRecordset.MoveNext 
	Loop 
	
	
	adoRecordset.Close 
	adoConnection.Close

]]

Script.AddCode(code, Script_InternalCode);
stringvalue = Script.GetResultAsString("result");

tblUsrGroups = DelimitedStringToTable(stringvalue, "CN=")
for each, record in tblUsrGroups do
	ListBox.AddItem("ListBox1", record, "");
end

[markstaylor]

How can you use this to authenticate a user in AD to start an application?
Or better yet Radius support.

[mwreyf1]

The way I handle that is to create an AD group and add all the users you want to have access to that app to the group and then check what groups the logged on user is a member of when the app is started.

Or have the user enter a username and then check that.

For multiple apps just repeat the above process.

All the code you need to perform this is already in this thread.

Hope that helps.