473,320 Members | 2,052 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

User tokenGroups -> All Groups? Help!!

First, sorry for crossposting, not sure exactly where to place this
question...

I can not seem to find a way to get a users (or my) tokenGroups from ADS
using VB.NET. I have seen several examples, but I can't get them to work.
Please check out my code below and let me know what I'm doing wrong...

Thanks!

Chad

CODE:

Public Shared Function GetGroups(ByVal strUsername As String) As SortedList
Dim i As Integer
Dim tmp As String
'Dim groupSid As Object
Dim sid() As Byte
Dim slGroupMembers As New SortedList
'Try
Dim dsUser As DirectorySearcher = New DirectorySearcher("(sAMAccountName=" +
strUsername + ")")
Dim res As SearchResult = dsUser.FindOne()
If res Is Nothing Then
HttpContext.Current.Response.Write("User not found!<br>")
Else
HttpContext.Current.Response.Write("User found!<br>")
Dim de As DirectoryEntry = res.GetDirectoryEntry
HttpContext.Current.Response.Write(de.Path & "<br>")
Dim props() As String = {"tokenGroups"}
de.RefreshCache(props)
HttpContext.Current.Response.Write(de.Properties(" tokenGroups").Count.ToString()
& " Groups Found<br>")
'loop through each sid in the tokenGroups
For Each groupSid As Byte() In de.Properties("tokenGroups")
HttpContext.Current.Response.Write(ConvertToOctetS tring(sid, False, False) &
"<br>")
'Next
'For Each groupSid In de.Properties("tokenGroups")
'just another way of doing a ctype.
'sid = DirectCast(groupSid, Byte())
sid = groupSid
'set up the groupentry for query
'ConvertToOctetString is the important part here. This is where the real
work is.
HttpContext.Current.Response.Write(String.Format(" LDAP://{0}",
ConvertToOctetString(sid, False, False)) & "<br>")
Dim groupEntry As New DirectoryEntry(String.Format("LDAP://{0}",
ConvertToOctetString(sid, False, False)))
Dim propcoll As PropertyCollection = groupEntry.Properties
slGroupMembers.Add(propcoll.Item("sn").Value.ToStr ing,
propcoll.Item("sAMAccountName").Value.ToString & "|;|" &
propcoll.Item("sn").Value.ToString)
Next
End If
'Catch ex As Exception
' 'process exception
'End Try
Return slGroupMembers
End Function
RESULTS (what is outputted to the web page)

User found!
LDAP://CN=cbeckner,OU=Accounts,DC=XX,DC=XX,DC=XX
0 Groups Found
Nov 21 '05 #1
4 3971
Update on this: I have been able to take the following code and run it in a
VB app just fine. However, in ASP.NET (using VB.NET), I still can't get the
token groups! HELP! :) The output is:

ADS\cbeckner
User found!
LDAP://CN=cbeckner,OU=Accounts,DC=xxx,DC=xx,DC=xxx
CN=cbeckner
0 Groups Found

CODE:

Dim slUserGroups As New SortedList
Dim Chad() As String
slUserGroups = GetUser_ADS_Groups("cbeckner")
For Each strUsername As String In slUserGroups.Values
Chad = strUsername.Split("|;|".ToCharArray)
Response.Write(Trim(Chad(0)) & "<br>")
Next

Public Shared Function GetUser_ADS_Groups(ByVal strUsername As String) As
SortedList
Dim objRootDSE As New DirectoryEntry("LDAP://RootDSE")
Dim searchRoot As DirectoryEntry = New DirectoryEntry("LDAP://" &
objRootDSE.Properties("defaultNamingContext")(0).T oString(), Nothing,
Nothing, AuthenticationTypes.Secure)
Dim slGroups As New SortedList

Try
Dim dsUser As DirectorySearcher = New
DirectorySearcher(String.Format("(&(objectCategory =person)(sAMAccountName={0}))",
strUsername))
Dim srcUser As SearchResultCollection = dsUser.FindAll()
If IsNothing(srcUser) Then
HttpContext.Current.Response.Write("User not found!<br>")
Else
HttpContext.Current.Response.Write("User found!<br>")
Dim de As DirectoryEntry = srcUser(0).GetDirectoryEntry
HttpContext.Current.Response.Write(de.Path & "<br>")
Dim props() As String = {"tokenGroups"}
de.RefreshCache(props)

HttpContext.Current.Response.Write(de.Name() & "<br>")
HttpContext.Current.Response.Flush()

HttpContext.Current.Response.Write(de.Properties(" tokenGroups").Count.ToString()
& " Groups Found<br>")
HttpContext.Current.Response.Flush()

If de.Properties("tokenGroups").Count > 0 Then
<---------------- THIS IS WHERE IT "STOPS" ------------------------
Dim sb As New StringBuilder
sb.Append("(|")
For Each groupSid As Byte() In
de.Properties("tokenGroups")
sb.AppendFormat("(objectSid={0})",
ConvertToOctetString(groupSid))
Next
sb.Append(")")

Dim ds As DirectorySearcher
ds = New DirectorySearcher(searchRoot, sb.ToString(),
New String() {"cn", "distinguishedName"}, SearchScope.Subtree)

Dim src As SearchResultCollection
src = ds.FindAll

HttpContext.Current.Response.Write("IsNothing? " &
IsNothing(src).TrueString & "<br>")
HttpContext.Current.Response.Flush()

If Not IsNothing(src) Then
'slGroups = New SortedList
For intGroupIndex As Integer = 0 To src.Count - 1
slGroups.Add(src(intGroupIndex).Properties("cn")(0 ).ToString(),
src(intGroupIndex).Properties("cn")(0).ToString() & "|;|" &
src(intGroupIndex).Properties("distinguishedName") (0).ToString())
Next
End If
End If
End If
Catch ex As Exception
Throw
End Try

Return slGroups
End Function
Thanks!

Chad
Nov 21 '05 #2
Like I said, this sounds like a security problem then. Your credentials are
probably not "hopping" to AD correctly and your are being authenticated as
anonymous remotely. You can check this with the class I posted here that
can show your remote auth status:

http://groups-beta.google.com/group/...e=source&hl=en

Note that also, your code below seems to create a DirectoryEntry object to
use as the search root for the DirectorySearcher and then does not use it on
the DirectorySearcher. This is mysterious.

The first thing I would suggest you do for troubleshooting purposes is
create a DirectoryEntry using the 4 parameter constructor that takes a
username, password and authentication types (use
AuthenticationTypes.Secure). Hard code the same credentials you are logging
in with and see if that works.

Joe K.

"Chad Beckner" <cb******@iupui.edu> wrote in message
news:uo**************@TK2MSFTNGP15.phx.gbl...
Update on this: I have been able to take the following code and run it in
a VB app just fine. However, in ASP.NET (using VB.NET), I still can't get
the token groups! HELP! :) The output is:

ADS\cbeckner
User found!
LDAP://CN=cbeckner,OU=Accounts,DC=xxx,DC=xx,DC=xxx
CN=cbeckner
0 Groups Found

CODE:

Dim slUserGroups As New SortedList
Dim Chad() As String
slUserGroups = GetUser_ADS_Groups("cbeckner")
For Each strUsername As String In slUserGroups.Values
Chad = strUsername.Split("|;|".ToCharArray)
Response.Write(Trim(Chad(0)) & "<br>")
Next

Public Shared Function GetUser_ADS_Groups(ByVal strUsername As String) As
SortedList
Dim objRootDSE As New DirectoryEntry("LDAP://RootDSE")
Dim searchRoot As DirectoryEntry = New DirectoryEntry("LDAP://" &
objRootDSE.Properties("defaultNamingContext")(0).T oString(), Nothing,
Nothing, AuthenticationTypes.Secure)
Dim slGroups As New SortedList

Try
Dim dsUser As DirectorySearcher = New
DirectorySearcher(String.Format("(&(objectCategory =person)(sAMAccountName={0}))",
strUsername))
Dim srcUser As SearchResultCollection = dsUser.FindAll()
If IsNothing(srcUser) Then
HttpContext.Current.Response.Write("User not found!<br>")
Else
HttpContext.Current.Response.Write("User found!<br>")
Dim de As DirectoryEntry = srcUser(0).GetDirectoryEntry
HttpContext.Current.Response.Write(de.Path & "<br>")
Dim props() As String = {"tokenGroups"}
de.RefreshCache(props)

HttpContext.Current.Response.Write(de.Name() & "<br>")
HttpContext.Current.Response.Flush()
HttpContext.Current.Response.Write(de.Properties(" tokenGroups").Count.ToString()
& " Groups Found<br>")
HttpContext.Current.Response.Flush()

If de.Properties("tokenGroups").Count > 0 Then
<---------------- THIS IS WHERE IT "STOPS" ------------------------
Dim sb As New StringBuilder
sb.Append("(|")
For Each groupSid As Byte() In
de.Properties("tokenGroups")
sb.AppendFormat("(objectSid={0})",
ConvertToOctetString(groupSid))
Next
sb.Append(")")

Dim ds As DirectorySearcher
ds = New DirectorySearcher(searchRoot, sb.ToString(),
New String() {"cn", "distinguishedName"}, SearchScope.Subtree)

Dim src As SearchResultCollection
src = ds.FindAll

HttpContext.Current.Response.Write("IsNothing? " &
IsNothing(src).TrueString & "<br>")
HttpContext.Current.Response.Flush()

If Not IsNothing(src) Then
'slGroups = New SortedList
For intGroupIndex As Integer = 0 To src.Count - 1

slGroups.Add(src(intGroupIndex).Properties("cn")(0 ).ToString(),
src(intGroupIndex).Properties("cn")(0).ToString() & "|;|" &
src(intGroupIndex).Properties("distinguishedName") (0).ToString())
Next
End If
End If
End If
Catch ex As Exception
Throw
End Try

Return slGroups
End Function
Thanks!

Chad

Nov 21 '05 #3
Thanks, I updated the code and added in a DirectoryEntry and put in the
credentials and it now works great! Appreciate the help.

Chad

"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:u8**************@TK2MSFTNGP15.phx.gbl...
Like I said, this sounds like a security problem then. Your credentials
are probably not "hopping" to AD correctly and your are being
authenticated as anonymous remotely. You can check this with the class I
posted here that can show your remote auth status:

http://groups-beta.google.com/group/...e=source&hl=en

Note that also, your code below seems to create a DirectoryEntry object to
use as the search root for the DirectorySearcher and then does not use it
on the DirectorySearcher. This is mysterious.

The first thing I would suggest you do for troubleshooting purposes is
create a DirectoryEntry using the 4 parameter constructor that takes a
username, password and authentication types (use
AuthenticationTypes.Secure). Hard code the same credentials you are
logging in with and see if that works.

Joe K.

"Chad Beckner" <cb******@iupui.edu> wrote in message
news:uo**************@TK2MSFTNGP15.phx.gbl...
Update on this: I have been able to take the following code and run it
in a VB app just fine. However, in ASP.NET (using VB.NET), I still can't
get the token groups! HELP! :) The output is:

ADS\cbeckner
User found!
LDAP://CN=cbeckner,OU=Accounts,DC=xxx,DC=xx,DC=xxx
CN=cbeckner
0 Groups Found

CODE:

Dim slUserGroups As New SortedList
Dim Chad() As String
slUserGroups = GetUser_ADS_Groups("cbeckner")
For Each strUsername As String In slUserGroups.Values
Chad = strUsername.Split("|;|".ToCharArray)
Response.Write(Trim(Chad(0)) & "<br>")
Next

Public Shared Function GetUser_ADS_Groups(ByVal strUsername As String) As
SortedList
Dim objRootDSE As New DirectoryEntry("LDAP://RootDSE")
Dim searchRoot As DirectoryEntry = New DirectoryEntry("LDAP://" &
objRootDSE.Properties("defaultNamingContext")(0).T oString(), Nothing,
Nothing, AuthenticationTypes.Secure)
Dim slGroups As New SortedList

Try
Dim dsUser As DirectorySearcher = New
DirectorySearcher(String.Format("(&(objectCategory =person)(sAMAccountName={0}))",
strUsername))
Dim srcUser As SearchResultCollection = dsUser.FindAll()
If IsNothing(srcUser) Then
HttpContext.Current.Response.Write("User not found!<br>")
Else
HttpContext.Current.Response.Write("User found!<br>")
Dim de As DirectoryEntry = srcUser(0).GetDirectoryEntry
HttpContext.Current.Response.Write(de.Path & "<br>")
Dim props() As String = {"tokenGroups"}
de.RefreshCache(props)

HttpContext.Current.Response.Write(de.Name() & "<br>")
HttpContext.Current.Response.Flush()
HttpContext.Current.Response.Write(de.Properties(" tokenGroups").Count.ToString()
& " Groups Found<br>")
HttpContext.Current.Response.Flush()

If de.Properties("tokenGroups").Count > 0 Then
<---------------- THIS IS WHERE IT "STOPS" ------------------------
Dim sb As New StringBuilder
sb.Append("(|")
For Each groupSid As Byte() In
de.Properties("tokenGroups")
sb.AppendFormat("(objectSid={0})",
ConvertToOctetString(groupSid))
Next
sb.Append(")")

Dim ds As DirectorySearcher
ds = New DirectorySearcher(searchRoot, sb.ToString(),
New String() {"cn", "distinguishedName"}, SearchScope.Subtree)

Dim src As SearchResultCollection
src = ds.FindAll

HttpContext.Current.Response.Write("IsNothing? " &
IsNothing(src).TrueString & "<br>")
HttpContext.Current.Response.Flush()

If Not IsNothing(src) Then
'slGroups = New SortedList
For intGroupIndex As Integer = 0 To src.Count - 1

slGroups.Add(src(intGroupIndex).Properties("cn")(0 ).ToString(),
src(intGroupIndex).Properties("cn")(0).ToString() & "|;|" &
src(intGroupIndex).Properties("distinguishedName") (0).ToString())
Next
End If
End If
End If
Catch ex As Exception
Throw
End Try

Return slGroups
End Function
Thanks!

Chad


Nov 21 '05 #4
Ok, so that means it was definitely a security problem. The question is
then whether you want to leave it that way or try to solve the problem with
a default credentials bind. The default credentials approach is generally
considered "better" because you aren't hardcoding credentials in your code,
but it can also be harder to make work (as you have seen!) and is much
easier to have problems with due to environmental changes (e.g. the security
context you are using changes out from under you due to some changes made on
the server).

Best of luck with whichever approach you take.

Joe K.

"Chad Beckner" <cb******@iupui.edu> wrote in message
news:O7**************@TK2MSFTNGP10.phx.gbl...
Thanks, I updated the code and added in a DirectoryEntry and put in the
credentials and it now works great! Appreciate the help.

Chad

"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:u8**************@TK2MSFTNGP15.phx.gbl...
Like I said, this sounds like a security problem then. Your credentials
are probably not "hopping" to AD correctly and your are being
authenticated as anonymous remotely. You can check this with the class I
posted here that can show your remote auth status:

http://groups-beta.google.com/group/...e=source&hl=en

Note that also, your code below seems to create a DirectoryEntry object
to use as the search root for the DirectorySearcher and then does not use
it on the DirectorySearcher. This is mysterious.

The first thing I would suggest you do for troubleshooting purposes is
create a DirectoryEntry using the 4 parameter constructor that takes a
username, password and authentication types (use
AuthenticationTypes.Secure). Hard code the same credentials you are
logging in with and see if that works.

Joe K.

"Chad Beckner" <cb******@iupui.edu> wrote in message
news:uo**************@TK2MSFTNGP15.phx.gbl...
Update on this: I have been able to take the following code and run it
in a VB app just fine. However, in ASP.NET (using VB.NET), I still
can't get the token groups! HELP! :) The output is:

ADS\cbeckner
User found!
LDAP://CN=cbeckner,OU=Accounts,DC=xxx,DC=xx,DC=xxx
CN=cbeckner
0 Groups Found

CODE:

Dim slUserGroups As New SortedList
Dim Chad() As String
slUserGroups = GetUser_ADS_Groups("cbeckner")
For Each strUsername As String In slUserGroups.Values
Chad = strUsername.Split("|;|".ToCharArray)
Response.Write(Trim(Chad(0)) & "<br>")
Next

Public Shared Function GetUser_ADS_Groups(ByVal strUsername As String)
As SortedList
Dim objRootDSE As New DirectoryEntry("LDAP://RootDSE")
Dim searchRoot As DirectoryEntry = New DirectoryEntry("LDAP://" &
objRootDSE.Properties("defaultNamingContext")(0).T oString(), Nothing,
Nothing, AuthenticationTypes.Secure)
Dim slGroups As New SortedList

Try
Dim dsUser As DirectorySearcher = New
DirectorySearcher(String.Format("(&(objectCategory =person)(sAMAccountName={0}))",
strUsername))
Dim srcUser As SearchResultCollection = dsUser.FindAll()
If IsNothing(srcUser) Then
HttpContext.Current.Response.Write("User not found!<br>")
Else
HttpContext.Current.Response.Write("User found!<br>")
Dim de As DirectoryEntry = srcUser(0).GetDirectoryEntry
HttpContext.Current.Response.Write(de.Path & "<br>")
Dim props() As String = {"tokenGroups"}
de.RefreshCache(props)

HttpContext.Current.Response.Write(de.Name() & "<br>")
HttpContext.Current.Response.Flush()
HttpContext.Current.Response.Write(de.Properties(" tokenGroups").Count.ToString()
& " Groups Found<br>")
HttpContext.Current.Response.Flush()

If de.Properties("tokenGroups").Count > 0 Then
<---------------- THIS IS WHERE IT "STOPS" ------------------------
Dim sb As New StringBuilder
sb.Append("(|")
For Each groupSid As Byte() In
de.Properties("tokenGroups")
sb.AppendFormat("(objectSid={0})",
ConvertToOctetString(groupSid))
Next
sb.Append(")")

Dim ds As DirectorySearcher
ds = New DirectorySearcher(searchRoot, sb.ToString(),
New String() {"cn", "distinguishedName"}, SearchScope.Subtree)

Dim src As SearchResultCollection
src = ds.FindAll

HttpContext.Current.Response.Write("IsNothing? " &
IsNothing(src).TrueString & "<br>")
HttpContext.Current.Response.Flush()

If Not IsNothing(src) Then
'slGroups = New SortedList
For intGroupIndex As Integer = 0 To src.Count - 1

slGroups.Add(src(intGroupIndex).Properties("cn")(0 ).ToString(),
src(intGroupIndex).Properties("cn")(0).ToString() & "|;|" &
src(intGroupIndex).Properties("distinguishedName") (0).ToString())
Next
End If
End If
End If
Catch ex As Exception
Throw
End Try

Return slGroups
End Function
Thanks!

Chad



Nov 21 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: gene.ellis | last post by:
Good morning, I am sure this will be a no-brainer for a lot of you. Put quite simply, I am looking for a way do a search within a string for all of my HTML tags. Once it finds those HTML tags, I...
1
by: simo sentissi | last post by:
Hello I have a vb.net app from where I send emails using the smtp .net class. I was developping it under my user rights (admin), but when I run it as a normal user it faces an error of the sort...
9
by: Julia Briggs | last post by:
How do I construct a <iframe> or equivalent for FireFox/NS browsers, inside a screen centered <div> tag? Can it be done?
4
by: Mark Hanley | last post by:
I have found similar problems to mine on this and other newsgroups but I still haven't been able to solve my problem... I have two tables 'Pupil' and 'SEN' which are related on a field called...
5
by: Chad Beckner | last post by:
First, sorry for crossposting, not sure exactly where to place this question... I can not seem to find a way to get a users (or my) tokenGroups from ADS using VB.NET. I have seen several...
5
by: Rocky | last post by:
Hi, I have a webform, with 2 textboxs and a submit button. In the text box1, i enter a username and in textbox2 I enter the computer name. Both the username and computer name is in active...
1
by: Peter Bons | last post by:
Hi, I have a question, I know that I can determine whether an user belongs to a certain AD group. But what if I want to check for a serie of users? I could use the DirectoryServices classes...
6
agroover
by: agroover | last post by:
I know the following code is probably way off, but I really need some help with this. I keep trying different things, but nothing seems to work. I'm just getting really frustrated. Below is what I...
5
by: Icarus - iD_Ten_T helper | last post by:
First of all, my apologies if this should be in a php newsgroup and not here, but I thought this the best place to start. I want to parse the text from a <textareaform element but when I pass...
4
by: Mrozu | last post by:
Hi, i've got an inherited usercontrol with added DataGridView. I plant my control on form and I want to hide datagridview when user click on that form. I've tried to use LostFocus and...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.