How to get groups a user is in with Active Directory?

[Jim]

How can I retrive teh Groups a user is a member of using Delphi 7 and Active
Directory?

Jim

[Marc Scheuner]

>How can I retrive teh Groups a user is a member of using Delphi 7 and Active
>Directory?

1) Bind to the user object

var
myUser : IADsUser;
rc : HRESULT;
begin
rc :=
ADsGetObject('LDAP://cn=MyUser,cn=Users,dc=YourCOmpany,dc=com',
IID_IADsUser, myUser);

if Succeeded(rc) then begin
// do next step here
end;

2) Once you have your user interface (of type IADsUser), you can get
the list of groups the user's a member of by looking at the 'memberOf'
attribute - this will return an variant which really is an array of
variant strings:

var
oMemberOf : Variant;

oMemberOf := myUser.Get('memberOf');

3) Then, enumerate that array, and get the values from it, one by one
- they represent the group's DN (distinguishedName) properties:

var
ix : integer;
wsGroupDN : WideString;


if VarIsArray(oMemberOf) then begin
for ix := 0 to VarArrayHighBound(oMemberOf, 1) do begin
wsGroupDN := oMemberOf[ix];
// do something with DN
end;
end;

Mind you - the 'memberOf' property has two major drawbacks - first, it
will *NOT* list the so called primary group a user is a member of
(usually "domain users"), and secondly, it will *NOT* list nested
group memberships (e.g. since user "John Doe" is member of Group A,
which in turn is member of Group B, John Doe is really also a member
of Group B, but that won't show up in 'memberOf').

Hope this helps
Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

[Dhaval Shah]

Hi Peers,
how do i get the schema (structure) of user object?
like,
user
-FullName
-First Name
-Title
-Department
-Division
..whatever
??

---
Dhaval Shah
Sr. Software Developer
Perth, Australia

[Joanna Carter (TeamB)]

"Dhaval Shah" <MrDhav...@yahoo.com.au> a écrit dans le message de news:
4186F24A...@yahoo.com.au...

> Hi Peers,
> how do i get the schema (structure) of user object?
> like,
> user
> -FullName
> -First Name
> -Title
> -Department
> -Division
> ..whatever
> ??

Please elucidate further, what exactly are you trying to do??

Joanna

--
Joanna Carter (TeamB)

Consultant Software Engineer
TeamBUG support for UK-BUG
TeamMM support for ModelMaker

[Kurt Barthelmess [TeamB]]

"Joanna Carter \(TeamB\)" <joa...@btinternetxx.com> wrote:

>Please elucidate further, what exactly are you trying to do??

I think he's looking for an alternate data stream. See "Version
Information" in this group, beginning with
<4180...@newsgroups.borland.com>

Kurt

[Dhaval Shah]

Joanna Carter (TeamB) wrote:
> Please elucidate further, what exactly are you trying to do??
>
> Joanna
>
> --
> Joanna Carter (TeamB)
>

Hi Joanna/Kurt/Peers,
I'm trying to get the user's "structure" info. something that i need to
synchronize with our database which contains similar information like
Firstname, lastname, department etc.
I'm not sure :-( what it's called, maybe a "user schema" or "user
object's properties" or "atttibutes" or something else. I'm looking for
all available user information on the active directory.

The idea is to develop a service application or something that'd
synchronize the data both ways, i.e. when a person's details are changed
in my software, i'd update the Active directory (change of extension,
department, phone nos etc.) and vice versa.
So far, i "think" (yes, i do that from time to time. ;-) ) i'm moving in
the right direction.
Here's a test procedure i've done:
* * *
var Container : IADsContainer;
NewObject : IADs;
User : IADsUser;
hr : HREsult;
begin
// Bind to the container.
hr := ADsGetObject('WinNT://PHONECONTROL/DOMAINSERVER',IADsContainer,
Container);
if Failed(hr) then Exit;

// Get the User object to be modified
NewObject := Container.GetObject('User','Dhaval Shah') as IADs;
// Get the IADsUser interface from the user object.
NewObject.QueryInterface(IID_IADsUser, User);
// trying to change the full name.
User.getInfo;
User.FullName := 'Dhaval Shah-modified';
User.SetInfo;

// Cleanup.
try
User._Release;
except
end;
try
Container._Release;
except
end;
try
NewObject._Release;
except
end;
* * *
This works (except the nagging access violation error towards the end,
don't know why)

Like the above example where i'm changing the "FullName", i want to know
which *other* things are defined for the user (like first name, last
name, department, ???) I'm after *a list* of all i can read and change,
pertaining to the user object.

I'd highly appreciate if you could educate me further in this regards.

[Dhaval Shah]

:-(

[Dhaval Shah]

Here's the way, just in case if anyone else's interested:
(*solution based on Deepak Shenoy's knowledge base article on the same *)

var
Usr: IAdsUser;
obj : IAds;
s : WideString;
cls : IADsClass;
cont : IADsContainer;
i : integer;

begin
ADsGetObject('WinNT://' + <Domain> + '/' + <username>, IADsUser, Usr);
AdsGetObject(Usr.AdsPath, IADs, obj );
s := obj.Get_Schema;
AdsGetObject(s, IADsClass, cls );
if VarIsArray(cls.MandatoryProperties) then
begin
for i := VarArrayLowBound(cls.MandatoryProperties,1) to
VarArrayHighBound(cls.MandatoryProperties,1) do
begin
s := cls.MandatoryProperties[i];
lbMandatory.Items.Add(s);
//lbMandatory is a listbox showing the mandatory properties
end;
end;
if VarIsArray(cls.OptionalProperties) then
begin
for i := VarArrayLowBound(cls.OptionalProperties,1) to
VarArrayHighBound(cls.OptionalProperties,1) do
begin
s := cls.OptionalProperties[i];
lbOptional.Items.Add(s);
//lbOptional is a listbox showing the optional properties
end;
end;

Thanks Deepak ! :-)
cheers