Help me make list of groups a user belongs to 1

[ClaytonQ]

Hi everyone. I am in the midst of moving our Intranet system from Windows NT to Windows 2000. (I know, I know.) I am a web programmer, not a network admin. Our old Windows NT Intranet was relying on a dll called NTUtils to get a list of groups. On the new system, I want to use the abilities built into VBScript.
I'm new to the terms ADSI, LDAP, and the WINNT provider of ADSI.
For a week, I've gotten nothing but errors. I've cut and pasted and tweaked scripts from the Microsoft script archive, O'Reilly, etc. and read up as much as I could. Nothing seems to works. But the closest I've come is MrNiceGuy's explanation of LDAP in thread329-731498.
When I do this:
Dim strGroups
'Bind to Active Directory System Info
Set AdsSysteminfo = CreateObject("adsysteminfo")
'Bind to the currently logged on user.
Set UserObj= Getobject("LDAP://" & adsSysteminfo.UserName)

'display the Ldap Path of the OU the user is in. (it's parent)
strGroups = UserObj.Parent
session("Groups") = lcase(strGroups)

It correctly returns the ldap path of the parent. It's beautiful. Music to my eyes. But when I take it a step farther:

'get list of groups from login name
Dim strGroups
'Bind to Active Directory System Info
Set AdsSysteminfo = CreateObject("adsysteminfo")
'Bind to the currently logged on user.
Set UserObj= Getobject("LDAP://" & adsSysteminfo.UserName)

'display the Ldap Path of the OU the user is in. (it's parent)
strGroups = UserObj.Parent

'bind to the OU.
Set OUobj=GetObject(strGroups)

'display the name of the OU. after removing the "OU="
strGroups = replace(OUobj.name,"OU=","")
session("Groups") = lcase(strGroups)

I get error '8007200a' and the line number it complains about is the one: Set OUobj=GetObject(strGroups)

My goal (and the reason my variable is named strGroups) is to store a list of all a user's groups, comma-delimited, in a session variable for an ASP application. This code is going in my global.asa file. The site is set up in IIS so that the users have to login. I can get their login name from this. (str = Request.ServerVariables("Auth_USER")). The Intranet relies heavily on this list of groups. The way we give people authority to use certain pages is by placing them in a group.

Thanks in advance, and for the help I've already gotten. I feel like I understand more about this after a couple of hours in this forum than after a week of surfing the web in general.

 

[mrmovie]

i am not sure what your dependance is on the OU the user is in.

if you want to get the Security groups the user is a member of then you only need to use

Set UserObj= Getobject("LDAP://" & adsSysteminfo.UserName)
Set Groups = objUser.Groups

For Each aGroup In Groups
strGroups = strGroups & aGroup.Name & ","
Next

session("Groups") = lcase(strGroups)

 

[ClaytonQ]

Thanks mrmovie. I wasn't really dependant on the OU, it's just that that was the only piece of information I've been able to get so far, because everything else gave me an error. It was progress, but not progress in a straight line toward my goal.

I tried the code, and got an error:
Microsoft VBScript runtime error '800a01a8'

Object required: 'ObjUser'

But it looked like it was caused by a little typo. It looks like you changed the name of the variable from UserObj to objUser in the second line. So I "fixed" that, and got this error:

Active Directory error '8000500c'

The Active Directory datatype cannot be converted to/from a native DS datatype

I got this error in the same line where I had "fixed" the "typo." The reason for the quotes here is that, since I still got an error, I'm not sure I fixed anything, or even that it was a typo. Anyway...

I'm beginning to thing my code is good, but that the server isn't prepared to understand my code. Is that possible? Could it be a configuration issue? Do I need to install something? It is a Windows 2000 server. 5.00.2195 Service Pack 4.

The error about not being able to convert to a native DS data type is one I've seen a lot of over the past week and a half, as I've struggled with this script. I don't understand what the error means.

Thanks again. I really feel like we're closing in on the solution.

 

[mrmovie]

not that you should have to but this should work, theres no real reason why the LDAP provider should work just a question of getting the function call correct, i havent got an example to hand but the below should work for now

Set WshNetwork = Wscript.CreateObject("Wscript.Network")
strUserName = WshNetwork.UserName

Set objUser = GetObject("WinNT://domain/" & strUserName)
Set Groups = objUser.Groups

For Each aGroup In Groups
strGroups = strGroups & aGroup.Name & ","
Next

session("Groups") = lcase(strGroups)

Set Groups = Nothing
Set objUser = Nothing
Set WshNetwork

 

[ClaytonQ]

The first line of the script triggers this error on my server:

Microsoft VBScript runtime error '800a01a8'

Object required: 'Wscript'

//global.asa, line 134

Wierd, isn't it?

 

[mrmovie]

sorry are you running this as asp code?
if so change

Set WshNetwork = Wscript.CreateObject("Wscript.Network")

to

Set WshNetwork = CreateObject("Wscript.Network")

 

[ClaytonQ]

WOO HOO!!! Thank you thank you thank you.

It has correctly listed every group I'm in. Yee-haw. *Victory dance*

I am running this as ASP code. Is that why LDAP wasn't working?

Thanks again. I can be productive again now that I'm past this barrier.

 

[mrmovie]

na, the asp ldap thing shoudlnt matter, at least i dont think so.

you should be able to get the username from an asp session property i would guess.

saying that you might be better off getting it via ASP rather than the WshNetwork, well unless the code is client side.

anyhow, good luck

 

[markdmac]

You were getting the error with the LDAP because there was an error int he code.

Here is what you were using:
Set UserObj= Getobject("LDAP://" & adsSysteminfo.UserName)
Set Groups = objUser.Groups

Here is what needed to be changed:
Set objUser= Getobject("LDAP://" & adsSysteminfo.UserName)
Set Groups = objUser.Groups

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark