How can I determine if a user, in say Access, is a member of an Active Directory Security Group?
I'd rather not build a whole authentication system into my little Access DB.
Thanks
Answers:
Found this online
Function IsMember(strDomain As String, strGroup _
As String, strMember As String) As Boolean
Dim grp As Object
Dim strPath As String
strPath = 'WinNT://' & strDomain & '/'
Set grp = GetObject(strPath & strGroup & ',group')
IsMember = grp.IsMember(strPath & strMember)
End Function
Now, I only need the account name of the current user. Too bad Application.CurrentUser doesn't give me their Domain Account name.
Answers:
Allain found this online
Function IsMember(strDomain As String, strGroup _
As String, strMember As String) As Boolean
Dim grp As Object
Dim strPath As String
strPath = 'WinNT://' & strDomain & '/'
Set grp = GetObject(strPath & strGroup & ',group')
IsMember = grp.IsMember(strPath & strMember)
End Function
You can get the Windows account info by way of the USERDOMAIN and USERNAME environment vars:
Function GetCurrentUser() As String
GetCurrentUser = Environ('USERNAME')
End Function
Function GetCurrentDomain() As String
GetCurrentDomain = Environ('USERDOMAIN')
End Function
Putting it all together:
If IsMember(GetCurrentDomain, 'AD Group', GetCurrentUser) Then
DoStuff()
End If
Answers:
I'm late to the game with this, but the code you need is below. It gets user names and domain names for you.
Note that I'm not using objGroup.Ismember - that's actually the correct method to use - I'm enumerating the list of groups that the user is in, because it's much easier to debug and there's no appreciable performance penalty.
...And I lifted the code from an earlier project, in which I needed to check membership of a 'Read Reports' group, an 'Edit Data' Group, and an 'Edit System Data' group, so that I could choose which controls to enable and which forms to open read-only. Enumerating groups once was faster than three separate checks.
Public Function UserIsInGroup(GroupName As String, _
Optional Username As String, _
Optional Domain As String) As Boolean
'On Error Resume Next
' Returns TRUE if the user is in the named NT Group.
' If user name is omitted, current logged-in user's login name is assumed.
' If domain is omitted, current logged-in user's domain is assumed.
' User name can be submitted in the form 'myDomain/MyName'
' (this will run slightly faster)
' Does not raise errors for unknown user.
'
' Sample Usage: UserIsInGroup( 'Domain Users')
Dim strUsername As String
Dim objGroup As Object
Dim objUser As Object
Dim objNetwork As Object
UserIsInGroup = False
If Username = '' Then
Set objNetwork = CreateObject('WScript.Network')
strUsername = objNetwork.UserDomain & '/' & objNetwork.Username
Else
strUsername = Username
End If
strUsername = Replace(strUsername, '', '/')
If InStr(strUsername, '/') Then
' No action: Domain has already been supplied in the user name
Else
If Domain = '' Then
Set objNetwork = CreateObject('WScript.Network')
Domain = objNetwork.UserDomain
End If
strUsername = Domain & '/' & strUsername
End If
Set objUser = GetObject('WinNT://' & strUsername & ',user')
If objUser Is Nothing Then
' Insert error-handler here if you want to report an unknown user name
Else
For Each objGroup In objUser.Groups
'Debug.Print objGroup.Name
If GroupName = objGroup.Name Then
UserIsInGroup = True
Exit For
End If
Next objGroup
End If
Set objNetwork = Nothing
Set objGroup = Nothing
Set objUser = Nothing
End Function
Hopefully this late submission is of use to other developers: when I looked this up for the first time, back in 2003, it was like nobody had ever used AD groups in Excel or MS-Access.
No comments:
Post a Comment