Results 1 to 9 of 9

Thread: adding and removing users from AD

  1. #1

    Thread Starter
    Member
    Join Date
    Nov 2001
    Location
    Linkoping, Sweden
    Posts
    50

    adding and removing users from AD

    I am trying to add and remove accounts in my AD depending on membership of a certain group.

    ------------------------------------------------
    Dim test As DirectoryEntry
    Try
    test = entrypc.Children.Find("john", "User")
    entrypc.Children.Remove(test)
    -------------------------------------------------
    I have succeeded to add and remove but I don't understand how to determine if a user is a member of a specific group.

    Does anyone know how to solve this problem, please?

    /Anders

  2. #2
    Hyperactive Member
    Join Date
    Jan 2003
    Location
    Cape Cod, US
    Posts
    292
    I'm doing something similar. Here's the code that works for me:

    VB Code:
    1. Dim entryGroup As New DirectoryServices.DirectoryEntry(szPathGroup)
    2.  
    3. ' only remove the user if already a member
    4. If entryGroup.Invoke("ismember", szPathUser) Then
    5.     entryGroup.Invoke("remove", szPathUser)
    6. End If

  3. #3

    Thread Starter
    Member
    Join Date
    Nov 2001
    Location
    Linkoping, Sweden
    Posts
    50
    OK, that looks good but I didn't get it to work.

    Are you using WinNT://.. or LDAP://...?

  4. #4
    Hyperactive Member
    Join Date
    Jan 2003
    Location
    Cape Cod, US
    Posts
    292
    I used WinNT since I was managing local groups.
    I'm guessing you're having the problems with LDAP?

    I do remember fighting LDAP for a while and then finally
    giving up to use WinNT since it was an option. However, I need
    to do the same stuff for domain groups soon and am going to
    need LDAP. So hopefully we can figure out what the problem is.

  5. #5

    Thread Starter
    Member
    Join Date
    Nov 2001
    Location
    Linkoping, Sweden
    Posts
    50
    No, I am using WinNT too.

    I think that the problem is with the syntax for path.
    -------------------------------------------------
    Dim entryGroup As New DirectoryServices.DirectoryEntry(szPathGroup)
    -------------------------------------------------

    I have a group called "univ" in the domain LTAG in the server LT.

    So, my version of your szPathGroup looks like this:
    ("WinNT://ltag/lt/univ")

    I don't see any errors but the phrase with "ismember" just doesn't prove "true"

  6. #6
    Hyperactive Member
    Join Date
    Jan 2003
    Location
    Cape Cod, US
    Posts
    292
    Here's my complete function to see if that helps. I did notice I
    appended ", group" to the end of my entrypath but I doubt that's
    necessary...

    Another option is to use the COM component directly instead of
    DirectoryServices (which is what is being used under the covers
    anyway, hence the "invoke")


    VB Code:
    1. Private Function RemoveUserFromWinGroup(ByVal szGroup As String, ByVal szUser As String) As Boolean
    2.  
    3.         Const MODULE_NAME = "RemoveUserFromWinGroup"
    4.         Const ADSI_PROVIDER = "WinNT://"
    5.  
    6.         Dim szPathGroup As String = ADSI_PROVIDER & m_szLocalMachine & "/" & szGroup & ",group"
    7.  
    8.         ' the username comes in looking like <domain>\<username>
    9.         ' we need it to look like <domain>/<username> for ADSI to work
    10.         Dim szPathUser As String = ADSI_PROVIDER & szUser.Replace("\", "/") & ""
    11.  
    12.         Try
    13.             Dim entryGroup As New DirectoryServices.DirectoryEntry(szPathGroup)
    14.  
    15.             ' only remove the user if already a member
    16.             If entryGroup.Invoke("ismember", szPathUser) Then
    17.                 entryGroup.Invoke("remove", szPathUser)
    18.             End If
    19.  
    20.         Catch
    21.             m_szLastError = MODULE_NAME & ": " & Err.Description
    22.             Return (False)
    23.         End Try
    24.  
    25.         Return (True)
    26.  
    27.     End Function

  7. #7

    Thread Starter
    Member
    Join Date
    Nov 2001
    Location
    Linkoping, Sweden
    Posts
    50
    I think the path is OK because I can read some attributes from the groupentry now, but the "ismember" still doesn't work. :-(

    I have also tried all varieties of <domain>\or/<username> in the ismember-test but it doesn't get true anyway.

    What do you mean by using the COM component?

    How would that syntax be?

  8. #8
    Hyperactive Member
    Join Date
    Jan 2003
    Location
    Cape Cod, US
    Posts
    292
    You want to use the IADsGroup interface.
    This is the guy that exposes the IsMember method.

    Reference the ActiveDs component from the COM tab and then
    you can get at it with Intellisense as in:

    Dim test As ActiveDs.IADsGroup

    Here's a link that helped me out a while back

    http://www.dotnet247.com/247reference/msgs/17/88443.aspx


    Good luck

  9. #9

    Thread Starter
    Member
    Join Date
    Nov 2001
    Location
    Linkoping, Sweden
    Posts
    50

    Thumbs up It works now!

    ----------------------------------------------
    Dim test As ActiveDs.IADsGroup

    test = GetObject("WinNT://ltag/univ")

    If test.IsMember("WinNT://ltag/andfa") Then
    'Yes, this works...!!

    End If
    ----------------------------------------------

    I think the real problem was that I added the computername as well in the path description above.

    Thank you very much for your assistance and patience.

    /Anders

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width