|
-
Mar 18th, 2003, 05:16 AM
#1
Thread Starter
Member
adding and removing users from AD
I am trying to add and remove accounts in my AD depending on membership of a certain group.
------------------------------------------------
Dim test As DirectoryEntry
Try
test = entrypc.Children.Find("john", "User")
entrypc.Children.Remove(test)
-------------------------------------------------
I have succeeded to add and remove but I don't understand how to determine if a user is a member of a specific group.
Does anyone know how to solve this problem, please?
/Anders
-
Mar 18th, 2003, 09:10 AM
#2
Hyperactive Member
I'm doing something similar. Here's the code that works for me:
VB Code:
Dim entryGroup As New DirectoryServices.DirectoryEntry(szPathGroup)
' only remove the user if already a member
If entryGroup.Invoke("ismember", szPathUser) Then
entryGroup.Invoke("remove", szPathUser)
End If
-
Mar 18th, 2003, 09:37 AM
#3
Thread Starter
Member
OK, that looks good but I didn't get it to work.
Are you using WinNT://.. or LDAP://...?
-
Mar 18th, 2003, 09:54 AM
#4
Hyperactive Member
I used WinNT since I was managing local groups.
I'm guessing you're having the problems with LDAP?
I do remember fighting LDAP for a while and then finally
giving up to use WinNT since it was an option. However, I need
to do the same stuff for domain groups soon and am going to
need LDAP. So hopefully we can figure out what the problem is.
-
Mar 18th, 2003, 10:04 AM
#5
Thread Starter
Member
No, I am using WinNT too.
I think that the problem is with the syntax for path.
-------------------------------------------------
Dim entryGroup As New DirectoryServices.DirectoryEntry(szPathGroup)
-------------------------------------------------
I have a group called "univ" in the domain LTAG in the server LT.
So, my version of your szPathGroup looks like this:
("WinNT://ltag/lt/univ")
I don't see any errors but the phrase with "ismember" just doesn't prove "true"
-
Mar 18th, 2003, 10:34 AM
#6
Hyperactive Member
Here's my complete function to see if that helps. I did notice I
appended ", group" to the end of my entrypath but I doubt that's
necessary...
Another option is to use the COM component directly instead of
DirectoryServices (which is what is being used under the covers
anyway, hence the "invoke")
VB Code:
Private Function RemoveUserFromWinGroup(ByVal szGroup As String, ByVal szUser As String) As Boolean
Const MODULE_NAME = "RemoveUserFromWinGroup"
Const ADSI_PROVIDER = "WinNT://"
Dim szPathGroup As String = ADSI_PROVIDER & m_szLocalMachine & "/" & szGroup & ",group"
' the username comes in looking like <domain>\<username>
' we need it to look like <domain>/<username> for ADSI to work
Dim szPathUser As String = ADSI_PROVIDER & szUser.Replace("\", "/") & ""
Try
Dim entryGroup As New DirectoryServices.DirectoryEntry(szPathGroup)
' only remove the user if already a member
If entryGroup.Invoke("ismember", szPathUser) Then
entryGroup.Invoke("remove", szPathUser)
End If
Catch
m_szLastError = MODULE_NAME & ": " & Err.Description
Return (False)
End Try
Return (True)
End Function
-
Mar 18th, 2003, 11:14 AM
#7
Thread Starter
Member
I think the path is OK because I can read some attributes from the groupentry now, but the "ismember" still doesn't work. :-(
I have also tried all varieties of <domain>\or/<username> in the ismember-test but it doesn't get true anyway.
What do you mean by using the COM component?
How would that syntax be?
-
Mar 18th, 2003, 01:11 PM
#8
Hyperactive Member
You want to use the IADsGroup interface.
This is the guy that exposes the IsMember method.
Reference the ActiveDs component from the COM tab and then
you can get at it with Intellisense as in:
Dim test As ActiveDs.IADsGroup
Here's a link that helped me out a while back
http://www.dotnet247.com/247reference/msgs/17/88443.aspx
Good luck
-
Mar 19th, 2003, 10:03 AM
#9
Thread Starter
Member
It works now!
----------------------------------------------
Dim test As ActiveDs.IADsGroup
test = GetObject("WinNT://ltag/univ")
If test.IsMember("WinNT://ltag/andfa") Then
'Yes, this works...!!
End If
----------------------------------------------
I think the real problem was that I added the computername as well in the path description above.
Thank you very much for your assistance and patience.
/Anders
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|