Sign in to follow this  
Followers 0
Meir

Windows Group Menegment

2 posts in this topic

I want to check if a user is in a group in the active directory

How can i check if a user is in a group ?

Share this post


Link to post
Share on other sites



@Meir

This is something that get you started.

$Group = ""

GetUserGroups($Group)

Func GetUserGroups(ByRef $usergroups)
Dim $objConnection, $oUsr
Dim $usergroups[1], $i = 1

$objConnection = ObjCreate("ADODB.Connection") ; Create COM object to AD
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open ("Active Directory Provider") ; Open connection to AD

$objRootDSE = ObjGet("LDAP://RootDSE")
Global $strDNSDomain = $objRootDSE.Get ("defaultNamingContext") ; Retrieve the current AD domain name
$strQuery = "<LDAP://" & $strDNSDomain & ">;(sAMAccountName=" & @UserName & ");ADsPath;subtree"
$objRecordSet = $objConnection.Execute ($strQuery) ; Retrieve the FQDN for the logged on user
$ldap_entry = $objRecordSet.fields (0).value
$oUsr = ObjGet($ldap_entry) ; Retrieve the COM Object for the logged on user
$groups = $oUsr.groups ; Get the list of group objects from the user
For $groupname In $groups
ReDim $usergroups[UBound($usergroups) + 1]
$usergroups[0] += 1 ; Increment the count of groups
$usergroups[$i] = StringTrimLeft($groupname.name, 3)
$i += 1
ConsoleWrite(StringTrimLeft($groupname.name, 3)&@CR)
Next
EndFunc ;==>GetUserGroups

There are more scripts available.

Search in the EXAMPLE scripts and look for Active Directory.

Enjoy !!

Regards

ptrex

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0