Board index » vbscript

All times are UTC



 enumerating membership of groups by the user's token 
Author Message
matthew_hallso
#1 / 2
 enumerating membership of groups by the user's token

Hello,

Does anyone know if there is a way to enumerate the
membership of a W2K user in VBS based on the contents of
their token?  This way I will get nested membership
without having to check thousands of groups.  I have seen
implementations of this in c++ but I want to do it in VBS
is possible.

Regards,
Matt Hallson



Sun, 29 May 2005 00:58:22 GMT  
Richard Muelle
#2 / 2
 enumerating membership of groups by the user's token

Quote:

>Hello,

>Does anyone know if there is a way to enumerate the
>membership of a W2K user in VBS based on the contents of
>their token?  This way I will get nested membership
>without having to check thousands of groups.  I have seen
>implementations of this in c++ but I want to do it in VBS
>is possible.

Hi,

I assume you refer to the "TokenGroups" attribute. Here is
code for an IsMember function you can modify as desired.
The dictionary object oGroupList is Dim'd so it will be
global.

Option Explicit
Dim oUser, sGroup, oGroupList

' Bind to the user object in Active Directory.
Set oUser = GetObject
("LDAP://cn=TestUser,ou=Sales,dc=MyDomain,dc=com")

sGroup = "Students"
If IsMember(sGroup) Then
  MsgBox "User is a member of group " & sGroup
Else
  MsgBox "User is NOT a member of group " & sGroup
End If

Function IsMember(sGroup)
' Function to test for group membership.
' sGroup is the sAMAccountName of the group to test.
' oGroupList is a dictionary object, with global scope.
' Returns True if the user or computer is a member.
  If IsEmpty(oGroupList) Then
    Call LoadGroups
  End If
  IsMember = oGroupList.Exists(sGroup)
End Function

Sub LoadGroups
' Subroutine to populate dictionary object with groups.
' oUser is the user or computer object, with global scope.
' oGroupList is a dictionary object, with global scope.
  Dim hUserGroups, j
  Dim sUserGroupSid(), oGroup

  Set oGroupList = CreateObject("Scripting.Dictionary")
  oGroupList.CompareMode = vbTextCompare

  oUser.GetInfoEx Array("TokenGroups"), 0
  hUserGroups = oUser.Get("TokenGroups")

  ReDim sUserGroupSid(UBound(hUserGroups))

  For j = 0 To UBound(hUserGroups)
    sUserGroupSid(j) = OctetToHexStr(hUserGroups(j))
    Set oGroup = GetObject("LDAP://<SID=" _
      & sUserGroupSid(j) & ">")
    oGroupList(oGroup.sAMAccountName) = True
  Next
  Set oGroup = Nothing

End Sub

Function OctetToHexStr(hOctet)
' Function to convert OctetString (byte array)
' to Hex string.
  Dim k
  OctetToHexStr = ""
  For k = 1 To Lenb(hOctet)
    OctetToHexStr = OctetToHexStr & Right("0" _
      & Hex(Ascb(Midb(hOctet, k, 1))), 2)
  Next
End Function

Richard



Sun, 29 May 2005 02:44:36 GMT  
 
 Page 1 of 1
  [ 2 post ] 

 Relevant Pages 

1. Enumerating a User's OU membership

2. Capturing logged-on user's Group Membership on NT 4 Network

3. Get User's rights/group membership details

4. Want to test user's security group membership in Access

5. Retrieving group membership's of Novell user?

6. Users' Group Membership

7. Get User's Group Memberships

8. How do I programatically modify a User's NT Group membership in VB

9. Users' Group Membership

10. Q:How do determine a user's NT group membership

11. How to check a user's NT group membership

12. How do I get the logged on user's NT Group membership

  

 
Powered by phpBB® Forum Software