Loading ...
Sorry, an error occurred while loading the content.

Querying Users within a group on AD

Expand Messages
  • and_arch
    Hi all, I am trying to query for specific user within a group and am getting an error Error Type: Provider (0x80040E37) Table does not exist. using the code as
    Message 1 of 6 , Aug 2 10:38 AM
    • 0 Attachment
      Hi all,
      I am trying to query for specific user within a group and am getting
      an error

      Error Type:
      Provider (0x80040E37)
      Table does not exist.

      using the code as below. What am I doing wrong and clue on how to
      resolve the issue.

      <%@ Language="VBScript" %>
      <%Option Explicit%>
      <HTML>
      <HEAD>
      <TITLE>Listing of Domain Users</TITLE>
      </HEAD>
      <%
      Dim oRootDSE, oCon, oCmd, oRecordSet
      Dim sDomainADsPath, sUser, sPassword, sGroup, sProperties
      Dim aDescription, aMember, iCount, sText, sText1, sText2, sText3,
      sText4

      'To get the logged in user

      sUser = Request.ServerVariables("LOGON_USER")

      sUser = mid(sUser,8,6)
      'Response.Write ("sUser is= "& sUser)
      ' or 
      'Response.Write Request.ServerVariables("AUTH_USER") 

      Set oRootDSE = GetObject("LDAP://RootDSE")
      sDomainADsPath = "LDAP://" & oRootDSE.Get
      ("defaultNamingContext")

      'Response.Write (sDomainADsPath)
      'Response.End ()
      Set oRootDSE = Nothing

      Set oCon = Server.CreateObject("ADODB.Connection")

      sUser = "extensityoper"
      sPassword = "T&Eapp1"

      oCon.Provider = "ADsDSOObject"

      '***************************************************************
      'sUser and sPassword should be set to user from AD group
      'that rights to query an AD group this can be done either by
      'hardcoding the variables here or making sure the user on the box
      'is the one that has these rights
      '****************************************************************

      oCon.Open "ADProvider", sUser, sPassword

      Set oCmd = Server.CreateObject("ADODB.Command")
      Set oCmd.ActiveConnection = oCon

      sProperties = "Name,ADsPath,description,Member"

      '***************************************************************
      'sGroup variable can be set to search in a single AD group or
      'multiple AD groups. To narrow down your search and speed up the
      'return of the results, replace the "*" with a character string
      'indicating a match
      '****************************************************************
      sGroup = "mygroup"

      oCmd.CommandText = "<LDAP://DC=mydomain.com>;(&(objectCategory=Group)
      (name="& sGroup &"));sAMAccountName,adspath;subtree')"

      oCmd.Properties("Page Size") = 100

      Set oRecordSet = oCmd.Execute

      '*****************************************************************


      Response.Write("<table border='1'>")
      Response.Write
      ("<tr><th>Name</th><th>ADsPath</th><th>Description</th><th>Members</th
      ></tr>")
      Response.Write("<font size=-2>")
      While Not oRecordSet.EOF
      Response.Write("<tr><td>" & oRecordSet.Fields("name")
      & "</td>")
      Response.Write("<td>" & oRecordSet.Fields("ADsPath")
      & "</td>")
      aDescription = oRecordSet.Fields("description")
      Response.Write("<td> ")
      If Not IsNull(aDescription) Then Response.Write aDescription
      (0)
      Response.Write("</td>")
      aMember = oRecordSet.Fields("member")
      Response.Write("<td><select size = '5'> ")
      If Not IsNull(aMember) Then
      For icount = 0 to UBound(aMember)
      Response.Write("<option>" & aMember(iCount))
      Next
      End If
      Response.Write("</td></tr>")
      oRecordSet.MoveNext
      Wend
      Response.Write("</font>")
      Response.Write("</table>")

      oRecordSet.Close
      oCon.Close

      Set oRecordSet = Nothing
      Set oCon = Nothing
      %>
      </BODY>
      </HTML>

      Thnaks
      Andy
    • Marc Scheuner
      Hi Andy, I m not very familiar with either VB or searching using ADO, but this one caught my eye... ... If you already HAVE the default naming context in
      Message 2 of 6 , Aug 2 9:57 PM
      • 0 Attachment
        Hi Andy,

        I'm not very familiar with either VB or searching using ADO, but this
        one caught my eye...

        > Set oRootDSE = GetObject("LDAP://RootDSE")
        > sDomainADsPath = "LDAP://" & oRootDSE.Get("defaultNamingContext")

        > oCmd.CommandText = "<LDAP://DC=mydomain.com>;(&(objectCategory=Group)
        > (name="& sGroup &"));sAMAccountName,adspath;subtree')"

        If you already HAVE the default naming context in "sDomainADsPath",
        then why don't you USE it in your command text??

        The "DC=mydomain.com" is not going to work - in LDAP, you would have
        to split that up, most likely into "dc=mydomain,dc=com" - check what
        your default naming context says! That's the string you need to use!

        Marc
      • Anand Acharya
        Marc, I agree that is a mistake but on correcting the same I still cannot get the code to work. Also what you said about the sDomainADsPath variable is true.
        Message 3 of 6 , Aug 3 11:37 AM
        • 0 Attachment
          Marc,
          I agree that is a mistake but on correcting the same I
          still cannot get the code to work. Also what you said
          about the "sDomainADsPath" variable is true. I had it
          in there to support users from multiple domains but
          wanted to get it working with one domain first. I am
          still at a loss. Wonder if this has something to do
          with the IIS admin user that is querying the AD

          Andy

          --- Marc Scheuner <mscheuner@...> wrote:

          > Hi Andy,
          >
          > I'm not very familiar with either VB or searching
          > using ADO, but this
          > one caught my eye...
          >
          > > Set oRootDSE = GetObject("LDAP://RootDSE")
          > > sDomainADsPath = "LDAP://" &
          > oRootDSE.Get("defaultNamingContext")
          >
          > > oCmd.CommandText =
          > "<LDAP://DC=mydomain.com>;(&(objectCategory=Group)
          > > (name="& sGroup
          > &"));sAMAccountName,adspath;subtree')"
          >
          > If you already HAVE the default naming context in
          > "sDomainADsPath",
          > then why don't you USE it in your command text??
          >
          > The "DC=mydomain.com" is not going to work - in
          > LDAP, you would have
          > to split that up, most likely into
          > "dc=mydomain,dc=com" - check what
          > your default naming context says! That's the string
          > you need to use!
          >
          > Marc
          >
          >




          __________________________________
          Do you Yahoo!?
          Yahoo! Mail - 50x more storage than other providers!
          http://promotions.yahoo.com/new_mail
        • Marc Scheuner
          ... What s the error exactly ? Where does it happen ? ... That might be, yes - a lot of ASP/ASP.NET problems arise from credentials and permissioning. Since
          Message 4 of 6 , Aug 3 9:51 PM
          • 0 Attachment
            > I agree that is a mistake but on correcting the same I
            > still cannot get the code to work.

            What's the error exactly ? Where does it happen ?

            > Wonder if this has something to do
            > with the IIS admin user that is querying the AD

            That might be, yes - a lot of ASP/ASP.NET problems arise from
            credentials and permissioning. Since I'm not a web developer at all,
            I can't really help you here, but someone else might - Joe Kaplan or
            Carlos Magalhaes come to mind (hi guys!) ;-)

            Marc
          • Carlos Magalhaes
            Hey there, (HEY MARC) -- Right so we have some credential delegation problems here do we? 1. What ver of IIS are you running 2. Does your domain /forest have
            Message 5 of 6 , Aug 4 2:57 AM
            • 0 Attachment
              Hey there,

              (HEY MARC) -- Right so we have some credential delegation problems here
              do we?

              1. What ver of IIS are you running
              2. Does your domain /forest have Kerberos authentication protocol as an
              option?

              What type of domain are you running?

              Can we see the full code again AND the EXACT error and where it happened
              like Marc said :)

              Thanks a lot let us know

              Carlos

              -----Original Message-----
              From: Marc Scheuner [mailto:mscheuner@...]
              Sent: Wednesday, August 04, 2004 6:52 AM
              To: ADSIANDDirectoryServices@yahoogroups.com
              Subject: [ADSI-DirSrv] Re: Querying Users within a group on AD

              > I agree that is a mistake but on correcting the same I still cannot
              > get the code to work.

              What's the error exactly ? Where does it happen ?

              > Wonder if this has something to do
              > with the IIS admin user that is querying the AD

              That might be, yes - a lot of ASP/ASP.NET problems arise from
              credentials and permissioning. Since I'm not a web developer at all, I
              can't really help you here, but someone else might - Joe Kaplan or
              Carlos Magalhaes come to mind (hi guys!) ;-)

              Marc




              ------------------------ Yahoo! Groups Sponsor --------------------~-->
              Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
              Now with Pop-Up Blocker. Get it for free!
              http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/saFolB/TM
              --------------------------------------------------------------------~->


              Yahoo! Groups Links
            • Eric Fleischman
              For something like this I m actually more interested in knowing the context under which the page is running (so for IIS6, context of the app pool) and the
              Message 6 of 6 , Aug 4 6:37 AM
              • 0 Attachment
                For something like this I'm actually more interested in knowing the context under which the page is running (so for IIS6, context of the app pool) and the ACL's on the object you are trying to touch. And of course the exact error code.

                ~Eric


                ________________________________

                From: Carlos Magalhaes [mailto:carlosm@...]
                Sent: Wed 8/4/2004 4:57 AM
                To: ADSIANDDirectoryServices@yahoogroups.com
                Subject: RE: [ADSI-DirSrv] Re: Querying Users within a group on AD



                Hey there,

                (HEY MARC) -- Right so we have some credential delegation problems here
                do we?

                1. What ver of IIS are you running
                2. Does your domain /forest have Kerberos authentication protocol as an
                option?

                What type of domain are you running?

                Can we see the full code again AND the EXACT error and where it happened
                like Marc said :)

                Thanks a lot let us know

                Carlos

                -----Original Message-----
                From: Marc Scheuner [mailto:mscheuner@...]
                Sent: Wednesday, August 04, 2004 6:52 AM
                To: ADSIANDDirectoryServices@yahoogroups.com
                Subject: [ADSI-DirSrv] Re: Querying Users within a group on AD

                > I agree that is a mistake but on correcting the same I still cannot
                > get the code to work.

                What's the error exactly ? Where does it happen ?

                > Wonder if this has something to do
                > with the IIS admin user that is querying the AD

                That might be, yes - a lot of ASP/ASP.NET problems arise from
                credentials and permissioning. Since I'm not a web developer at all, I
                can't really help you here, but someone else might - Joe Kaplan or
                Carlos Magalhaes come to mind (hi guys!) ;-)

                Marc






                Yahoo! Groups Links









                Yahoo! Groups Links
              Your message has been successfully submitted and would be delivered to recipients shortly.