LDAP SECURITY GROUPS AND DISTRIBUTION LISTS

[attarMo]

To ZCOLTON or anyone who can help

Hi,

I Have been trying to develope a web interface for active directory using classic ASP and LDAP.

Currently I have a page which displays all of the relevent SECURITY GROUPS in AD. Each group is actually a HREF which when clicked on displays a list of all users within the selected SECURITY GROUP.

The issues I would like to resolve are as follows:

1)Currently when a security group is selected a list of users belonging to that group is displayed, however the list of users is not displayed in a table. What I would like to do is to have the users belonging to that group displayed in a table next to the table containing the groups, I would also like each user to be a HREF link.

2)My second problem is I would like to create a page that works exactly the same way as my SECURITY GROUPS page (sg.asp) but for displaying DISTRIBUTION LISTS in AD.

I have included my code below for the SECURITY GROUPS page sg.asp aswell as the code for the header.asp include file:

sg.asp:

<html>
<head>
<!--#include file="header.asp" -->
<script language=JScript runat=server>
    function SortVBArray(arrVBArray) {
        return arrVBArray.toArray().sort().join('\b');
    }
</script>
</head>
<body>

<%
groupDSN=request.querystring("group")
groupCN=request.querystring("cn")

Const ADS_GROUP_TYPE_GLOBAL_GROUP         = &h00000002
Const ADS_GROUP_TYPE_SECURITY_ENABLED     = &h80000000

sGroupScope = ADS_GROUP_TYPE_GLOBAL_GROUP or ADS_GROUP_TYPE_SECURITY_ENABLED

Com.CommandText = "Select cn, adspath from 'GC://"+objADsPath+"' Where objectclass='group' AND GroupType='" & sGroupScope & "'"

Set rs = Com.Execute 
 response.Write "<table name=groups cellspacing=0 cellpadding=7 bordercolor=BLACK border=1 align=left>"
 response.write "<td valign=top align=center><b>All Available Groups:</b></td>"
 response.write "<tr></tr>"
do while not rs.EOF
 response.write "<td><a href='sg.asp?group="&rs("adspath")&"&cn="&rs("cn")&" '> " & rs("cn") & "</a></td><tr>"
 rs.movenext
loop
 response.Write "</table>"


if groupDSN > "" then
set objgroup=GetObject(groupDSN)
 response.write "<b>Members Of "+groupCN+"</b><br>"
  tempstr=""
  For each objMember in objGroup.Members
   if tempstr<>"" then
    tempstr=tempstr&"#"
   end if
   tempstr=tempstr&objMember.CN
  next
  Set objGroup=nothing
  temparray=split(tempstr,"#")
  SortArray = Split(SortVBArray(temparray), Chr(8))
  For iLoop = LBound(SortArray) to UBound(SortArray)
   
response.write +SortArray(iLoop)+"<br>"
  next
end if

   rs.close
   set rs=nothing
   con.close
   set con=nothing
%>
</body
</html>

header.asp:

<%
Dim strUsername,strUser,strEmail,con,rs,rsg,Com,objADsPath,objDomain

strUsername = Request.ServerVariables("auth_user")
strUsername = Right(strUserName, Len(strUserName) - InStrRev(strUserName, "\"))

Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select name,mail FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set rs = Com.Execute

strUser=rs("name")
strEmail=rs("mail")
Set rs = Nothing
%>


<html>
<head>
</head>
<body>

<table cellspacing="0" cellpadding="40" bordercolor="BLUE" border="0" align="center">
    <td><span class="b_FieldText_B"><b>User:</b></span> <%=strUser%></td>
    <td><span class="b_FieldText_B"><b>E-mail:</b></span> <%=strEmail%></td>
    <td><span class="b_FieldText_B"><b>Date:</b></span> <%= day(Date()) &"/"& month(Date()) &"/"& year(Date())%></td>
    <td><span class="b_FieldText_B"><b>Logon Time:</b></span> <%=response.write(Time)%></td>
   <tr></tr>

       <table border="0" cellspacing="0" cellpadding="50" align="center">
          <tr>
            <td height="51"> 
              <div align="center"> 
                <input type="submit" name="Submit"  value="             Security Groups              " onClick="window.location='/AD/sg.asp'">
                <input type="submit" name="Submit2" value="        E-mail Distribution Lists        "onClick="window.location='/AD/dg.asp'">
                <input type="submit" name="Submit3" value="      Add/Remove/Edit Users      "onClick="window.location='/AD/user.asp'">
              </div>
            </td>
          </tr>
       </table>
</table>

</body>
</html>

Any help with these issues would be greatly appreciated.

Thanks in advance,

Mo

 

[zcolton]

attarMo,

Please give me a day to have the whole thing completed.

zcolton

 

[attarMo]

ZCOLTON

Thanks, I have managed to resolve issue number 2)creating a page that displays the DISTRIBUTION LISTS in AD and also displays the members for each DL.

I duplicated the page I had for the security groups, but changed the groupscope:

dlGroup=request.querystring("dlGroup")
dlCN=request.querystring("dlCN")

[highlight]Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h00000002
dlGroupScope = ADS_GROUP_TYPE_GLOBAL_GROUP[/highlight]

Com.CommandText = "Select cn, adspath from 'GC://"+objADsPath+"' Where objectclass='group' AND GroupType='" & dlGroupScope & "'"

Set rs = Com.Execute 
 response.Write "<table name=dlGroups cellspacing=0 cellpadding=7 bordercolor=BLACK border=1 align=left>"
 response.write "<td valign=top align=center><b>Available Distribution Lists:</b></td>"
 response.write "<tr></tr>"
do while not rs.EOF
 response.write "<td><a href='dl.asp?dlGroup="&rs("adspath")&"&dlCN="&rs("cn")&" '> " & rs("cn") & "</a></td><tr>"
 rs.movenext
loop
 response.Write "</table>"

So now all I really need to do is:

1) Get the members displayed nicely in a table next to the groups, and have each member as a href.

2) Try adding/removing security groups to AD (I'm not sure how I'm going to do this). The only thing I have found on the net that describes how to do this was on the page I'd referenced last time, but unfortunately all of the code is in ASP.net rather than classic ASP, did you ever get a spare minute to look at that page for me?

http://www.wwwcoder.com/main/parentid/260/site/2150/68/default.aspx

Thanks again in advance,

Mo

 

[zcolton]

attarMo,

work in progress (I have to clean up the code a bit, but it functions) I'm also starting to build a page to do edits, adds, and deletes with groups and users. This is a single page that takes care of security groups and DL's. the page is dynamic enough so that it doesn't matter what you name it (whatever.ASP)

<html>
<head>
<style>
body { font-size: 11px; font-family: Tahoma,Arial,Helvetica; font-weight:normal; color: #000000; background-color: #ffffff; }
#headerdiv { position: absolute; top:10px; left:  0px; width: 780; text-align: center; }
#buttonsdiv { position: absolute; top:30px; left: 0px; width: 780; text-align: center; }
#grouplist  { position: absolute; top:60px; left: 10px; width: 180; text-align: center; }
#userlist  { position: absolute; top:60px; left: 200px; width: 180; text-align: center; }
.headerspan { margin: 20px 20px 20px 20px; }
#listspan { width: 100%; text-align: left; padding: 1px; cursor: hand; }
#listspan p { padding-left: 4px; }
.over { background-color: #FFFF66; }
.out { background-color: #ffffff; }
</style>
<script language=JScript runat=server>
    function SortVBArray(arrVBArray) {
        return arrVBArray.toArray().sort().join('\b');
    }
</script>
</head>
</head>
<body>
<%
strUsername = Request.ServerVariables("auth_user")
strUsername = Right(strUserName, Len(strUserName) - InStrRev(strUserName, "\"))

thispage = Request.ServerVariables("SCRIPT_NAME")

Set objDomain = GetObject ("GC://rootDSE")
objADsPath = objDomain.Get("defaultNamingContext")
Set objDomain = Nothing
Set con = Server.CreateObject("ADODB.Connection")
con.provider ="ADsDSOObject"
con.open "Active Directory Provider"
Set Com = CreateObject("ADODB.Command")
Set Com.ActiveConnection = con
Com.CommandText ="select name,mail FROM 'GC://"+objADsPath+"' where sAMAccountname='"+strUsername+"'"
Set rs = Com.Execute

strUser=rs("name")
strEmail=rs("mail")
Set rs = Nothing
%>
<div id="headerdiv"><span class="headerspan"><b>User:</b> <%=strUser%><span class="headerspan"><b>E-mail:</b> <%=strEmail%><span class="headerspan"><b>Date:</b> <%= day(Date()) &"/"& month(Date()) &"/"& year(Date())%><span class="headerspan"><b>Logon Time:</b> <%=response.write(Time)%></span></div>
<div id="buttonsdiv"><input type="submit" name="Submit" value="          Security Groups           " onClick="window.location='<%=thispage%>?type=security'">  <input type="submit" name="Submit2" value="     E-mail Distribution Lists     "onClick="window.location='<%=thispage%>?type=distribution'">  <input type="submit" name="Submit3" value="   Add/Remove/Edit Users   "onClick="window.location='/AD/user.asp'"></div>
<%
groupdsn=request.querystring("group")
grouptype=request.querystring("type")

Select Case grouptype
 case "security"
  sAMAccountType="268435456"
  grouptypename="Security Groups"
 case "distribution"
  sAMAccountType="268435457"
  grouptypename="Distribution Lists"
End Select

Com.CommandText = "SELECT cn, adspath from 'GC://"+objADsPath+"' WHERE objectcategory='group' AND sAMAccountType='" + sAMAccountType + "' ORDER BY cn"
Set rs = Com.Execute 
%>
<div id="grouplist"><b><%=grouptypename%></b><br>
<%
do while not rs.EOF
 %><span id="listspan" onMouseOver="this.className='over'" onMouseOut="this.className='out'" class="out" onClick="window.location='<%=thispage%>?type=<% =grouptype %>&group=<%=rs("adspath")%>'"><p><%=rs("cn")%></p></span><%
 rs.movenext
loop
%>
</div>
<%

if groupdsn > "" then
set objgroup=GetObject(groupdsn)
groupdsntxt=Replace(groupdsn,",",", ")
%>
<div id="userlist">
<%
  response.write "<b>Members of<br>"+groupdsntxt+"</b><br>"
  tempstr=""
  For each objMember in objGroup.Members
   if tempstr<>"" then
    tempstr=tempstr&"#"
   end if
   tempstr=tempstr&objMember.CN
  next
  Set objGroup=nothing
  temparray=split(tempstr,"#")
  SortArray = Split(SortVBArray(temparray), Chr(8))
  For iLoop = LBound(SortArray) to UBound(SortArray)
   %><span id="listspan" onMouseOver="this.className='over'" onMouseOut="this.className='out'" class="out"><p><%=SortArray(iLoop)%></p></span><%
  next
%>
</div>
<%
end if

   rs.close
   set rs=nothing
   con.close
   set con=nothing
%>
</body
</html>

zcolton

 

[attarMo]

ZCOLTON

The page you created is pretty cool, I like the way you've used select cases to keep everything on one page, especially since I had'nt thought of that myself

Just one thing though, would it be possible to have the lists of groups and users displayed in tables rather than just lists? (I did this for the groups, but was unable to get the users displayed in a table)

As that would make the lists a little easier to manipulate (layout and asthetic wise).

Apart from that it's spot on, your a genius, can't wait to see the add/remove/edit page!

Yet again you've been a great help and I can't thank you enough for all the help you've given me so far.

Thanks in advance (for the add/remove/edit page)

Mo

 

[zcolton]

attarMo,

Quite some time ago, I've learned it's much easier, and in most cases more powerful to use span's and div's and styles to control them. You'ld have a lot more control over data location and such. Tables also make webpages take longer to load.

Still working on other pages...

zcolton

 

[attarMo]

ZCOLTON

I've been playing with Spans and Divs and I see what you mean now.

By the way how are the pages you were working on coming along? (pretty excited to see them actually, as they'll be a great help with my project)

Thanks for the advice, I look forward to hearing from you,

Mo

 

[zcolton]

Mo,

I haven't had the chance to do any coding, but I know how I want to lay them out. I've busy around here trying to automate a few other things. I should have a chance to dive into it tomorrow.

zcolton

 

[zcolton]

Mo,

What functions did you want to perform?

Z

 

[attarMo]

zcolton,

1) Adding/Removing of Security Groups
2) Adding/Removing of Distribution Lists
3) Adding/Removing of Users to Security groups and DistributionLists
4) Adding/Removing of Users in AD
5) Editing of users e.g password reset

The 1,2,3 are essential to me but 4,5 are extras that I'd like to implement

Any help would be greatly appreciated,
Thanks in advance,

Mo