ADSI recursive groups

[Ouch]

Hi all,

I am writing a script to check if a users is a member of a group recursivly.

i am trying to pick up which groups are in a group so i can find out if my user in linked to any of these groups but isMember() only seems to return users?

has anyone done any recursive group checking?
e.g. of what i am tring to do.
Q. is Harper a member of gISUsers?
A. should be yes

Harperg is member of gISLRSD
gISStaff is member of gISLRSD
gISLRSD is member of gISUsers

my function so far

Function gMembers(groupName)
on error resume next
Set o = GetObject("WinNT:")
Set objgrp = penDSObject("WinNT://domain/"& groupName & ",group", "domain\user" , "password", 1)
if objgrp.adsPath = "" then
flgIsMember = "Group does not exsist!"
else
Set grp = GetObject("WinNT://domain/" & groupName)
Set memberList = grp.Members
For Each m In memberList
Set member = m
Response.write member.Name & "(" & member.Class & ")<BR/>"
Next
grp.members.filter = Array("group")
For Each usr In grp.Members
Response.write usr.Name & "," & usr.Class & "<BR/>"
Next

Set grp = nothing
end if
Set objgrp = nothing
Set o = nothing

IsMemberOf = flgIsMember
End Function

 

[tsuji]

Hello Ouch,

It stands no chance at all if we use WinNT provider. A good sample can be found at R L Mueller's site.

http://www.rlmueller.net/List User Groups.htm

regards - tsuji

 

[Ouch]

Thanks, that seems to do the job when i run it from my machine.

But our ldap servers require an authenticated bind and i am calling this from a web page any idea how i would pass the credetials before doing the getobject("LDAP:")

I Have the credetials

Cheers

 

[Ouch]

I have sussed the authenticated bind stuff and now it works like a dream.

thanks to r l mueller for some fantastic code..

<%
username = "MyUsername"
password = "MyPassword"
strusername = "adf\" & username
strGrpPassed = false
group = "gISStaff"

Dim objGroupList, objUser, strDN
On Error Resume Next

strDN = "CN=harperg,OU=eLearning Team,OU=Staff,OU=LRSD,OU=Staff,OU=Information Services,DC=adf,DC=bham,DC=ac,DC=uk"

Set o = GetObject("LDAP:")  
Set objUser = o.OpenDSObject("LDAP://adf.bham.ac.uk/", strusername , password , 1)

If Err.Number <> 0 Then
  On Error GoTo 0
  Response.write "User not found" & vbCrLf & strDN
End If
On Error GoTo 0

' Bind to dictionary object.
Set objGroupList = CreateObject("Scripting.Dictionary")

' Enumerate group memberships.
Call EnumGroups(objUser)

' Clean up.
Set objGroupList = Nothing
Set objUser = Nothing
set o = Nothing

response.write strGrpPassed

Sub EnumGroups(objADObject)
' Recursive subroutine to enumerate user group memberships.
' Includes nested group memberships.
  Dim colstrGroups, objGroup, j
  objGroupList.CompareMode = vbTextCompare
  colstrGroups = objADObject.memberOf
  If IsEmpty(colstrGroups) Then
    Exit Sub
  End If
  If TypeName(colstrGroups) = "String" Then
    Set objGroup = o.OpenDSObject("LDAP://adf.bham.ac.uk/" & colstrGroups, strusername , password , 1)
    'Set objGroup = GetObject("LDAP://" & colstrGroups)
    If Not objGroupList.Exists(objGroup.sAMAccountName) Then
      objGroupList(objGroup.sAMAccountName) = True
      response.write right(objGroup.Name,len(objGroup.Name)-3) & "<BR/>"
      if Group = right(objGroup.Name,len(objGroup.Name)-3) then strGrpPassed = true
      Call EnumGroups(objGroup)
    End If
    Set objGroup = Nothing
    Exit Sub
  End If
  For j = 0 To UBound(colstrGroups)
  Set objGroup = o.OpenDSObject("LDAP://adf.bham.ac.uk/" & colstrGroups(j), strusername , password , 1)
    If Not objGroupList.Exists(objGroup.sAMAccountName) Then
      objGroupList(objGroup.sAMAccountName) = True
      response.write right(objGroup.Name,len(objGroup.Name) -3) & "<BR/>"
      if Group = right(objGroup.Name,len(objGroup.Name) -3) then strGrpPassed = true
      Call EnumGroups(objGroup)
    End If
  Next
  Set objGroup = Nothing
End Sub

%>