adsi

How To Read Active Directory Group Membership From PHP/IIS using COM?

I have the following code: $bind = new COM("LDAP://CN=GroupName,OU=Groups,OU=Division,DC=company,DC=local"); When I execute it from a command-prompt, it runs fine. When it runs under IIS/PHP/ISAPI, it barfs. Fatal error: Uncaught exception 'com_exception' with message 'Failed to create COM object `LDAP://CN=...[cut]...,DC=local': An...

ADSI will not connect to IIS from XP Workstation

I'm successfully using VBScript within WScript to remotely read and write IIS configurations from the server. When I attempt to run these same scripts from my desk box they fail, though. Example: Dim vdir Set vdir = GetObject("IIS://servername/w3svc/226/root") Error = "Invalid syntax" The code works perfectly when run from one IIS se...

How can I obtain the OU of the logged in user in C#?

I'm looking for a method to obtain the current logged in user's full Active Direcory LDAP path. e.g. LDAP://CN=john.smith,OU=UK,OU=Sales,DC=Company,DC=local ...

What is a good .Net library for Windows User Administration?

We have a company intranet with staff management functions. I would like to begin automating setup of new staff members, e.g. creating Windows accounts for them, creating their home folders, setting up shares, and the like. When a staff member leaves the company I would like to automatically remove their user. I have been battling to fi...

Best way to quickly determine whether a user account is a member of an AD group?

I currently have some code that pulls down a list of users in a group and then iterates through that group to determine if a given account exists, but it seems like there ought to be a more concise (and perhaps faster) way to accomplish this. This code (VB.NET) attempts to use the member property of the group object, but it is returning...

How can I determine if an AD group contains a given DirectoryEntry from another (trusted) domain?

I am trying to beef up my code that determines whether a user is a member of a given AD group. It essentially works except when the member of the group happens to be from another (trusted) domain because it is stored as a foreignsecurityprincipal. Given that I have a valid DirectoryEntry object for both the Group I want to test, and the...

Create local user with PowerShell (Windows Vista)

I've installed PowerShell recently and one of the first things I started looking for was how to create a new user. After looking for some time I still haven't found this. I have a little experience in bash on linux and find it very effective. Creating users there is trivial. Is there an easy\built-in way to create a local user with Power...

Query AD from sql server 2005

I am attempting to query AD via ldap from within SQL Server 2005 but get the following error: Msg 7321, Level 16, State 2, Line 1 An error occurred while preparing the query "SELECT NAME,MAIL FROM "LDAP:///CN=foo,CN=Users,DC=bar,DC=com"" for execution against OLE DB provider "ADsDSOObject" for linked server "ADSI". This is after execut...

User.Identity.Name

I've seen this question posted similarly in the past, I was hoping someone can point me in the right direction, the User.Identity.Name class returns the domain login. Which class exposes the actual name? For user "John Doe" who logs into the web application supplying my_domain\jdoe User.Identity.Name - Returns : *my_domain\jdoe* Sy...

In active directory, what is mailNickname used for?

In active directory, should mailNickname always equal samaccountname? Or, should it always be equal to the mail property (minus the "@domain")? My reason for asking is that we have recently changed everyone's primary email address to the first.last form and we set the mail property to the same. But, do we also need to modify the mailNi...

SQL ADSI Active Directory Create New Accounts

I have an ADSI connection in my SQL Server (2005) and I'm able to query it using openquery. Is there any way to create new accounts (and/or) edit existing ones? Also, I'd like to have to use openquery to get to the data, but it looks like it's the only solution. Here's a sample query that I'm using: SELECT samaccountname, depar...

ADSI / IIS management and ASP.NET impersonation

I'm in the process of writing a small web app that would allow me to manage several IIS installations on different servers on our network. We have no domain controller. I have written a small impersonation controller that uses the win32 api and its LogonUser method. I then use System.DirectoryServices and the IIS ADSI provider to create...

ChangePassword on a user object does not lock account if not successful

I have an ASP.Net application (on Win2K) that is using Windows authentication and impersonation. We are using the following code to change password: Dim objDE As DirectoryEntry '... objDE.Invoke("ChangePassword", txtOldPassword, txtNewPassword) This code works great, except it does not lock the account if there were multiple unsucces...

Programatically removing etag suffix (change number) from the metabase IIS6

IIS 6.0 generates eTag values in the format of "hash:changenumber". The changenumber goes up every time IIS resets, so your eTag is only valid for the lifetime of your IIS process. Restart, number goes up, hash:changenumber != hash:changenumber+1. The fix for this is to hard-code the changenumber, which is possible using the Metabase E...

Setting "Log on as a service" and "Allow logon locally" with ADSI

I am trying to create a powershell script to automate user creation which is working great using ADSI. However I need to set the following properties and I am not sure how (or if ADSI can even do this): Log on as a service Allow logon locally Any ideas how to do this? ...

Finding a user's manager record in Active Directory

Using Active Directory, am trying to find the SamAccountName and email of the user’s manager. I find the logged on user in the AD by search where sAMAccountName = Domain\Account. I then retrieve the manager property, which looks like this, for example: "CN=Doe\, Jane E.,OU=Employees,OU=Users,OU=Detroit,OU=United States,DC=na,DC=gmc,DC...

Well-supported Java ADSI wrapper library?

Does anyone know of a good wrapper for the Windows ADSI libraries for Java? (I'm trying to avoid writing my own in JNA - and I'd like to use something standard.) ...

ADSI query to return an object's parent

Does anyone know what property I can query for in an ADSI query that would return the object's parent OU? I know I can bind to the AD object and then use object.Parent to return it's parent OU, but if I ask for "parent" in a ADSI query it returns back as a invalid query I would rather not do bind unless absolutely necessary. (i.e. "SEL...

Available fields for ADSI Linked in SQL Server

We currently have a View that queries active directory info. I was wondering if there was a good reference as to what fields (field names) are available in AD for me to query against. I don't have access to Active Directory so I can't go playing around in there to maybe figure it out myself. Any help would be appreciated. ...

Adding group to group using the PowerShell ADSI provider

I tried the following after creating the new group: $adminGroup = [ADSI]"WinNT://./Administrators" $group =[ADSI]"WinNT://./Test1" #$adminGroup.Add($group) - This does not work Any idea what is missing? ...