Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Accessing Active Directory

Status
Not open for further replies.
oharab

oharab

Programmer
May 21, 2002
2,152
GB
I have a lovely little function that collects a user's email address from AD. It works just the way I want to in VBScript & VB & VBA.
Code: 
Public Function Email(LoginName As String) As Variant
    'PURPOSE: Display Email Address that is available in
    'the Active Directory about a given user

    'PARAMETER: Login Name for user

    'RETURNS: String with selected information about
    'user, or empty string if there is no such
    'login on the current domain

    'REQUIRES: Windows 2000 ADSI, LDAP Provider
    'Proper Security Credentials.

    'EXAMPLE: msgbox EMail("Administrator")

    Static conn As ADODB.Connection
    Dim rs As ADODB.Recordset
    Dim oRoot As IADs
    Dim oDomain As IADs
    Dim oGroup As IADsGroup
    Dim sBase As String
    Dim sFilter As String
    Dim sDomain As String

    Dim sAttribs As String
    Dim sDepth As String
    Dim sQuery As String
    Dim sAns As Variant

    Dim user As IADsUser

    On Error GoTo ErrHandler:

    sAns = Null
    
    If conn Is Nothing Then
        Set conn = New ADODB.Connection
    End If
    'Get user Using LDAP/ADO.  There is an easier way
    'to bind to a user object using the WinNT provider,
    'but this way is a better for educational purposes
    Set oRoot = GetObject("LDAP://rootDSE")
    'work in the default domain
    sDomain = oRoot.Get("defaultNamingContext")
    Set oDomain = GetObject("LDAP://" & sDomain)
    sBase = "<" & oDomain.ADsPath & ">"
    'Only get user name requested
    sFilter = "(&(objectCategory=person)(objectClass=user)(name=" _
            & LoginName & "))"
    sAttribs = "adsPath"
    sDepth = "subTree"

    sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth

    If conn.State = adStateClosed Then
        conn.Open _
                "Data Source=Active Directory Provider;Provider=ADsDSOObject"
    End If
    Set rs = conn.Execute(sQuery)

    If Not rs.EOF Then
        Set user = GetObject(rs("adsPath"))
        With user

            'if the attribute is not stored in AD,
            'an error will occur.  Therefore, this
            'will return data only from populated attributes
            On Error Resume Next
            sAns = .EmailAddress
            On Error GoTo ErrHandler:
        End With
    End If
    Email = sAns

ErrHandler:

    On Error Resume Next
    If Not rs Is Nothing Then
        If rs.State <> 0 Then rs.Close
        Set rs = Nothing
    End If


    Set oRoot = Nothing
    Set oDomain = Nothing
End Function

I would like to use it in a web application I'm building, so I've modified it for ASP:
Code: 
<%
Response.Write Email("721116")
Public Function Email(LoginName)
    'PURPOSE: Display Email Address that is available in
    'the Active Directory about a given user

    'PARAMETER: Login Name for user

    'RETURNS: String with selected information about
    'user, or empty string if there is no such
    'login on the current domain

    'REQUIRES: Windows 2000 ADSI, LDAP Provider
    'Proper Security Credentials.

    Dim conn
    Dim rs
    Dim oRoot
    Dim oDomain
    Dim oGroup
    Dim sBase
    Dim sFilter
    Dim sDomain

    Dim sAttribs
    Dim sDepth
    Dim sQuery
    Dim sAns

    Dim user

    sAns = Null
    
    Set conn = Server.CreateObject("ADODB.Connection")
    Set oRoot = GetObject("LDAP://rootDSE")
    sDomain = oRoot.Get("defaultNamingContext")
    [COLOR=red]Set oDomain = GetObject("LDAP://" & sDomain)[/color]
    sBase = "<" & oDomain.ADsPath & ">"
    sFilter = "(&(objectCategory=person)(objectClass=user)(name=" _
            & LoginName & "))"
    sAttribs = "adsPath"
    sDepth = "subTree"
    sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth
        conn.Open _
                "Data Source=Active Directory Provider;Provider=ADsDSOObject"
    Set rs = conn.Execute(sQuery)

    If Not rs.EOF Then
        Set user = GetObject(rs("adsPath"))
        With user
            On Error Resume Next
            sAns = .EmailAddress
            On Error GoTo 0
        End With
    End If
    Email = sAns

    On Error Resume Next
        If rs.State <> 0 Then rs.Close
        Set rs = Nothing

    Set oRoot = Nothing
    Set oDomain = Nothing
End Function
%>

I'm sure you'll agree, nothing major's changed, but when I run the page I just get
Code: 
error '80072020'

/phonebook/Default.asp, line 39 (Highlighted in red)

IIS is set up to use Integrated Windows Authentication. If I change it so that it uses Basic Authentication, it works, but this means users have to log in to the system again, which is not ideal.
IIS is not running on the DC.
I've tried to work out a solution from Googling round, but I'm at an impasse. Please can someone help me. I'm starting to lose the will to live.

Cheers

Ben

----------------------------------------------
Ben O'Hara "Where are all the stupid people from...
...And how'd they get so dumb?"
rockband.gif
NoFX-The Decline
----------------------------------------------
Want to get great answers to your Tek-Tips questions? Have a look at F
 
Sort by date Sort by votes
The problem might be that the default account used for anonymous access is not a domain account. The IUSR_MachineName account is only a local account and has almost no privilages.

Perhaps if you use a different account for anon access then your users will not need to log in again but the downside of this approach is that the rest of your site better be secure because now anyone that can reach the site has elevated permissions.
 
Upvote 0 Downvote
I thougt it was an access problem. The problem is I can't use anonymous access as I need to pick up the user name etc. of the logged in user.
Does anyone have any thoughts of possible work rounds?

Ben

----------------------------------------------
Ben O'Hara "Where are all the stupid people from...
...And how'd they get so dumb?"
rockband.gif
NoFX-The Decline
----------------------------------------------
Want to get great answers to your Tek-Tips questions? Have a look at F
 
Upvote 0 Downvote
Thanks for the link, but it doesn't help much.
What I've done is create a new website on the server with a single page in it that runs under a specific user account with the required access rights.
This single page returns an xml document with the active directory data. It's not ideal, but it's the best work round I could come up with!

Cheers

Ben

----------------------------------------------
Ben O'Hara "Where are all the stupid people from...
...And how'd they get so dumb?"
rockband.gif
NoFX-The Decline
----------------------------------------------
Want to get great answers to your Tek-Tips questions? Have a look at F
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tord Bergset
  • Locked
  • Question
Classic asp - Only some active directory attributes can be updated.
Replies
3
Views
433
Tord Bergset
Tord Bergset
greenber
  • Locked
  • Question
Accessing an Access database in JavaScript - Classic ASP 1
Replies
6
Views
361
guitarzan
guitarzan
AndrewWiggins99
  • Locked
  • Question
Determine Active Directories username
Replies
2
Views
244
ChrisHirst
ChrisHirst
BunBo900
  • Locked
  • Question
Error: Active Server Pages error 'ASP 0113'
Replies
3
Views
590
ChrisHirst
ChrisHirst
sidj
  • Locked
  • Question
Access 2010 error when accessing using ASP
Replies
4
Views
188
xwb
xwb

Part and Inventory Search

Sponsor

Back
Top