Active Directory Group Membership

[Country73]

I was requested to put together a small little tool to assist our End Users at my work.

Plan was to create something very basic that didn't take a whole lot of time, on my part, to put together. (Due to other projects)

There's a new application that is slowly rolling out that depends on the AD Groups an individual belongs to determine which portions of the application they will have access to.

Since several different departments will eventually be using this software, we wanted a simple means for the user to see the groups they are a part of and direction for submitting a request to be added to specific groups.

This GUI does exactly what was requested, but now I have been asked to break down the display of the groups a user belongs to by 'Security' groups and 'Distribution' groups.

Haven't really decided how to display yet, once this portion is figured out. Changing color,separate display,organized differently,etc...

Been searching around for this, but haven't quite figured out how to handle, and becoming very limited in the time to put towards this.

At least it may be a handy little tool some of the folks out here may benefit from.

Here is my current GUI:

expandcollapse popup

#region - ;Includes
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <ListBoxConstants.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <IE.au3>
#include <EditConstants.au3>
#include <Array.au3>
#endregion
;
#region - ;Options
Opt("GUIOnEventMode", 1)
Opt("TrayMenuMode",1)
#endregion
;
#region - ;Globals
Global $objConnection = ObjCreate("ADODB.Connection")  ; Create COM object to AD
$objConnection.ConnectionString = "Provider=ADsDSOObject"
$objConnection.Open ("Active Directory Provider")  ; Open connection to AD
Global $objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext")  ; Retrieve the current AD domain name
Global $strHostServer = $objRootDSE.Get ("dnsHostName") ; Retrieve the name of the connected DC
Global $usergroups
Global $Main
Global $Details
Global $Exit,$Boston,$Kansas
Global $Total
#endregion
;
#region - ;GUI
$Main = GUICreate("Group Memberships", 495, 466, 193, 115, BitOR($WS_SYSMENU,$WS_CAPTION,$WS_POPUP,$WS_POPUPWINDOW,$WS_BORDER,$WS_CLIPSIBLINGS))
    GUISetOnEvent($GUI_EVENT_CLOSE, "_ExitNow")
    $Total      = GUICtrlCreateLabel("", 16, 8, 450, 34, $SS_CENTER, $WS_EX_STATICEDGE)
    GUICtrlSetFont($Total,14,500,'','Times New Roman')
    $Details    = GUICtrlCreateEdit('',16,48,449,370,BitOR($ES_MULTILINE,$WS_VSCROLL,$ES_READONLY));$ES_MULTILINE);,$WS_VSCROLL))
    GUICtrlSetBkColor($Details,0xFFFFFF)
    GUICtrlSetFont($Details,14,400,'','Times New Roman')
    $Boston     = GUICtrlCreateButton("Boston Group Req",104,432,100,25,0)
    $Exit       = GUICtrlCreateButton("EXIT",209, 432, 75, 25, 0)
    $Kansas     = GUICtrlCreateButton("KC Group Req",289,432,100,25,0)
    GUICtrlSetTip($Boston,'To submit a request to be added to a "Boston" Group')
    GUICtrlSetTip($Kansas,'To submit a request to be added to a "Kansas City" Group')
    GUICtrlSetOnEvent($Exit, "_ExitNow")
    GUICtrlSetOnEvent($Boston,'_BRequest')
    GUICtrlSetOnEvent($Kansas,'_KCRequest')
    GUICtrlSetState($Exit,$GUI_FOCUS)
GUISetState(@SW_SHOW)
_SearchAD()
#endregion
;
#region - ;While Loop
While 1
    Sleep(100)
WEnd
#endregion
;
#region - ;Active Directory Search
Func _SearchAD()
    Local $user = @UserName
    Local $oUsr
    
    $strQuery = "<LDAP://" & $strHostServer & "/" & $strDNSDomain & ">;(sAMAccountName=" & $user & ");ADsPath;subtree"
    $objRecordSet = $objConnection.Execute ($strQuery)  ; Retrieve the FQDN for the logged on user
    $ldap_entry = $objRecordSet.fields (0).value
    $oUsr = ObjGet($ldap_entry)                         ; Retrieve the COM Object for the logged on user
    
    $usergroups = $oUsr.GetEx ("memberof")
    
    $oUsr = 0
    
    $count = UBound($usergroups)
    _ArrayInsert($usergroups, 0, $count)        ;Drop into Array
    _ArrayTrim($usergroups,3,0,1,$usergroups[0])    ;Trim the "CN=" 
    _ArraySort($usergroups,0)           ;Sort Descending
    
    ;Replace FQN with just Group Name
    ;Strips of everything after Group Name
    For $x = 1 To $usergroups[0]
        Local $Len,$Search
        $Search = StringInStr($usergroups[$x],',',0,1)
        $newVal = StringLeft($usergroups[$x],($Search)-1)
        _ArraySwap($usergroups[$x],$newVal) 
    Next
    Local $Data
    GUICtrlSetData($Total,StringUpper($user) & " Group Memberships: " & $usergroups[0])
    For $z = 1 To $usergroups[0]
        $Data &= $z & @TAB & $usergroups[$z] & @CRLF
    Next
    GUICtrlSetData($Details,$Data)
EndFunc
#endregion
;
#region - ;Boston Request
Func _BRequest()
    GUISetState(@SW_HIDE,$Main)
    Local $oIE = _IECreate('<url of ticket request system>',0,1,1,1)
    _ExitNow()
EndFunc
#endregion
;
#region - ;Kansas City Request
Func _KCRequest()
    GUISetState(@SW_HIDE,$Main)
    Local $oIE = _IECreate('<url of ticket request system for local>',0,1,1,1)
    _ExitNow()
EndFunc
#endregion
;
;
#region - ;ExitNow
Func _ExitNow()
    Exit
EndFunc
#endregion
;

Here is a VBScript I've been looking at, so hopefully something similar to this to add into my current code:

expandcollapse popup

On Error Resume Next
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000
 
Set objGroup = GetObject _
  ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo
 
strName = objGroup.Get("name")
strSAMAccountName = objGroup.Get("sAMAccountName")
strMail = objGroup.Get("mail")
intgroupType = objGroup.Get("groupType")
strInfo = objGroup.Get("info")
 
strDescription = objGroup.GetEx("description")
 
WScript.Echo "name: " & strName
WScript.Echo "sAMAccountName: " & strSAMAccountName
WScript.Echo "mail: " & strMail
WScript.Echo "info: " & strInfo
 
WScript.StdOut.Write "Group scope: "
If intGroupType AND ADS_GROUP_TYPE_LOCAL_GROUP Then
  WScript.Echo "Domain local"
ElseIf intGroupType AND ADS_GROUP_TYPE_GLOBAL_GROUP Then
  WScript.Echo "Global"
ElseIf intGroupType AND ADS_GROUP_TYPE_UNIVERSAL_GROUP Then
  WScript.Echo "Universal"
Else
  WScript.Echo "Unknown"
End If
 
WScript.StdOut.Write "Group type: "
If intGroupType AND ADS_GROUP_TYPE_SECURITY_ENABLED Then
  WScript.Echo "Security group"
Else
  WScript.Echo "Distribution group"
End If
 
For Each strValue in strDescription
  WScript.Echo "description: " & strValue
Next

This is the small bit, out of that VBScript, that I'm hoping to work into mine:

If intGroupType AND ADS_GROUP_TYPE_SECURITY_ENABLED Then
  WScript.Echo "Security group"
Else
  WScript.Echo "Distribution group"
End If

Any other pointers on the code layout itself is also appreciated.

[water]

Here you'll find a few of my Active Directory scripts. Maybe you can make use of some ideas.

I would suggest to create a listview, insert a column for the type (security or distribution). If there are only two different types you can change the color of each entry depending on the type. You can make the list sortable by simply clicking on the column header.

Edited October 14, 2009 by water

[Country73]

Thanks for the reply.

Looking over your files to see if I can use any for what I need.

I do apologize but right now I'm struggling a little bit on the language.

Following a little bit on the code, but the rest I really can't follow.

I thought about going with List View first, but since I'm only setting this up for viewing I went with the EDIT.

May wind up changing over to ListView, once I decide how to display everything.

Currently I'm stuck on extracting the GroupType for each group the user is a member of.

Security type will be listed together, while Distribution type will be listed together.

Thanks again,

[water]

You could have a look at this code. It returns all properties of an AD object. This could be a good place to start.