Active Directory EmployeeID field obtainable via VBA Access? 1

[03Explorer]

I am working on a project that the Access database rights are using the AD credentials to identify them... This part works like a champ! I asked IT to populate the EmployeeID with the IDs I use in my application which are the PK for ADP. This thinking was that I now can match up people to my system and incorporate phantom security/limitations.

The fun now is simply... How can I use the logged in person (NET ID) to see their AD.EmployeeID So I have a match to my tables.

[Code Logged_in_User_Name]
Function UserName()

Dim objSysInfo As Object
Dim objcurrentuser As Object

Set objSysInfo = CreateObject("ADSystemInfo")
Set objcurrentuser = GetObject("LDAP://" & objSysInfo.UserName)
Debug.Print objcurrentuser.givenName
Debug.Print objcurrentuser.LastName


End Function
[/code]

 

[strongm]

Just an observation - AD already has unique identifiers for all objects. Why introduce another one, when you could leverage the existing ones (such as the distinguished name or objectGUID)?

 

[03Explorer]

I am trying to figure out how to match up AD logons to ADP staff. AD is completely rouge where ADP gives a staff member a unique ID that not matter if they marry, have a name change or what not... they are tied to their record. I can't use AD Given field of First or Last Name or even their LOGON id as a match to ADP. =
AD has natively a field called [EmployeeID]

I am hoping I can leverage that native field in AD to be populated with ADP Primary Key (ID) and BOOM I have matches. I am just struggling how to get to see that field. [EmployeeID]

 

[strongm]

>unique ID that not matter if they marry, have a name change or what not

Which is exactly what objectGUID is

 

[03Explorer]

So you are saying the objectGUID is the unique id for the AD record for the network logon owner? right?

I don't want to know what is unique id for AD because that'd be useful if I went to HR and asked them to add that ID to the ADP database and give me an output with their info and objectGUID... WAY outside scope of what I am after...

IT already populated the field in AD for all staff for EmployeeID with the ADP Primary Key... I just need to get access to that field via VBA.

Sorry Strongm if we are not speaking apples to apples... I have AD already with all I need to match to ADP (Automatic Data Processing) LINK tables.

 

[strongm]

>unique id for the AD record for the network logon owner? right?

That's exactly what objectGUID is, a (globally) unique and perpetual id for each and every AD object, not just users.

 

[03Explorer]

Strongm, the objectGUID does not makes sense to me when I have a field in active directory (AD) populated with the Primary Key from ADP (called [EmployeeID]). The field [EmployeeID] is native to AD. I need to know how to read it in VBA so I can match it up to ADP data.

 

[strongm]

Given you've alreadyu gone to the effort of getting IT to populate EmployeeID in AD (given that it is NOT populated by default) I can understand why you are keen to use it. My point was not that you shouldn't, but that it was suprising you had not used an existing unique identifier in AD - particularly one such as objectGUID

Still, if you want employeeID, it should be as easy as:

Function UserName()

    Dim objSysInfo As Object
    Dim objcurrentuser As Object
    
    Set objSysInfo = CreateObject("ADSystemInfo")
    Set objcurrentuser = GetObject("LDAP://" & objSysInfo.UserName)
    Debug.Print objcurrentuser.givenName
    Debug.Print objcurrentuser.LastName
    [b][blue]Debug.Print objcurrentuser.get("employeeID")[/blue][/b]

End Function

 

[03Explorer]

Thank you Strongm, funny at the same time you posted this I came across a friend who also helped and I am going to share the code he provided. I am delighted to have two different methods to acquire the same result.

Function GetEmployeeID()
    
    'Use default AD domain and root
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strRoot = objRootDSE.get("DefaultNamingContext")
    
    'Get logged on Username from local computer
    Set objNetwork = CreateObject("Wscript.Network")
    strUserName = objNetwork.UserName
    'strUserName = "hdriscoll"                 'test id if not wanting to use your own
   
    'Build Command executor
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection
    
    'Build Query - Separate additional AD properties by a comma
    strQueryText = "<LDAP://" & strRoot & ">;(&(objectCategory=Person)(samAccountName=" & strUserName & "));" _
      & "employeeID"
      
      
    
    'Build and Execute command
    objCommand.CommandText = strQueryText
    objCommand.Properties("Timeout") = 60
    objCommand.Properties("Cache Results") = False
    Set objRecordSet = objCommand.Execute
    objRecordSet.MoveFirst
    
    
    
    GetEmployeeID = objRecordSet.Fields("employeeID").Value
    
End Function

 

[strongm]

I know which one I prefer ...