NEWBIE: Pulling basic AD data

[KWilliams]

I'm completely new to Active Directory (AD), so please
bare with me. What I'm wanting to do is pretty simple.

I have an intranet site for our organization, and I
currently pull the network user's login with this method:
Request.ServerVariables("LOGON_USER")

It works great, but I need to also pull the user's First
Name, Last Name, and Email Address from AD by comparing
the "LOGON_USER" to the login in AD. Is there a simple
way to do this on an ASP front-end that uses JS schema?
I'd prefer JScript method, but I'd also welcome an ASP
version that uses VBScript schema. Thanks for any & all
help, and I hope to hear from someone soon.

KWilliams

 

[Matjaz Ladava [MVP]]

you can use JScript or VBScript as they both need to interact wit the same
provider to talk to AD. This provider is called ADSI (Active Directory
Services Interface).
There is tons of information and samples on ADSI on msdn.microsoft.com. Of
course searching on Google using ADSI and JScript will yield a lot of
results.

--
Regards

Matjaz Ladava
MVP Windows Server - Directory Services
(e-mail address removed), (e-mail address removed)

 

[KWilliams]

Thanks Matjaz,

I'll check your referenced resources out. Hopefully I'll
find a simple solution from one of them. I greatly
appreciate your quick response. Thanks.

KWilliams

 

[Matjaz Ladava [MVP]]

If you find yourself in dark let me know an I'll try to assist you as much
as I can ;-)


--
Regards

Matjaz Ladava
MVP Windows Server - Directory Services
(e-mail address removed), (e-mail address removed)

 

[KWilliams]

Hello again Matjaz,

Well I've definitely been on a journey. Your suggestions
really helped me to look in the right direction. I found
this great article at
http://www.isocra.com/articles/article.php?
id=adsi_from_java that gives a JScript example of pulling
AD data by using ADSI.

I customized the code for my own use, and had some
success with it. It pulls the "Class" (Line 26)
and "Name" (Line 27) in great. But the rest of the
attributes don't come up (i.e. Full Name, Description,
etc.) I asked my NA about if the attributes within our
version of AD use different names than the ones in the
example, and he didn't know.

So I'm including my customized code below, and hopefully
you can see what I may be doing wrong. Thanks for any
help.

KWilliams

CUSTOMIZED CODE:

<%@ language = JScript %>
<h1>User information</h1>
<script runat=server language="vbscript"
src="/ScriptLibrary/dotrim.vbs"></script>
<%
//Pull Server Variable Login
var Login = Request.ServerVariables("LOGON_USER").Item;
//Capture everyting from position 9
var NewLogin = Login.substring(9,50);
//Trim trailing space
var FinalLogin = DoTrim(NewLogin,2)
//Asign login to session var
//test
//Response.Write(FinalLogin);

//Pulls in domain name and username (i.e.
SERVERNAME\USERNAME)
var Domain = Request.ServerVariables("REMOTE_USER");
Response.Write(Domain);
%>
<%
var user=GetObject("WinNT://" + Domain);
if (user != null) {
%>

<table>
<tr><td colspan="2"><strong>ORIGINAL
ATTRIBUTES:</strong></td></tr>
<tr><td>Class:</td><td><%=user.Class%></td></tr> //<--
LINE 26
<tr><td>Name:</td><td><%=user.Name%></td></tr> //<--LINE
27

</td></tr>

<tr><td>Last Login:</td><td><%=user.LastLogin%></td></tr>
<tr><td>Password Expiration date:</td><td><%

</td></tr>

</td></tr>

<tr><td colspan="2"><strong>NEW
ATTRIBUTES:</strong></td></tr>

</td></tr>

<tr><td valign="top">Groups:</td><td>
<%
for (var e = new Enumerator(user.Groups()); ! e.atEnd
(); e.moveNext())
{
var oGroup = e.item();
Response.write(oGroup.Name+"<br>\n");
}
%></td></tr>
</table>
<%
} else {
Response.write("User is null");
}
%>
</body>

 

[Matjaz Ladava [MVP]]

From the code I can see, that you are using WinNT provider. I would suguest
you to use LDAP provider as it is more powerfull. WinNT provider is for
backward compatibility with NT systems and does not exposes all user
attributes.
To get LDAP distinguished name from username use NameTranslate object
(http://www.rlmueller.net/NameTranslateFAQ.htm#What is NameTranslate)

 

[KWilliams]

Hi Matjaz,

After doing some testing, I realized the same thing. I
then found a solution that uses LDAP from an ASP 3.0
book, and it appears to work partially. But when it gets
to Line , it stalls. If I remove the repeat, it runs fine
but doesn't pull up any records. I've also tried limiting
the Record count to under 10, but it still locks up. I've
included the code below. If you see anything that I'm
obviously doing incorrectly, it would be greatly
appreciated to hear your advice. Thanks Matjaz.

KWilliams

LDAP CODE:

<%@ LANGUAGE="VBSCRIPT" %>
<html>
<head>
<title>ADSI Search Page</title>
</head>
<body>
<h1>ADSI Search Page</h1>
This page uses ADSI to search a directory
<p><strong>Search Request:</strong><br>
<%
On Error Resume Next

Dim strSearchBase
strSearchBase = "LDAP://dc=SERVER,dc=NAME"
Dim strFilter
strFilter = "(objectCategory=USERNAME)"
Dim strAttribs
strAttribs = "sAMAccountName,ADsPath"
Dim strScope
strScope = "subtree"

Response.Write "Search Base: " & strSearchBase & "<br>"
Response.Write "Filter: " & strFilter & "<br>"
Response.Write "Properties Requested: " & strAttribs
& "<br>"
Response.Write "Scope: " & strScope & "<br>"

Dim strCommandText '<<--Line 27
'strCommandText = "<" & strSearchBase & ">;name;" &
strScope
strCommandText = "<" & strSearchBase & ">;name" _
& strFilter & ";" & strAttribs & ";" & strScope
Response.Write "<strong>Command Text: </strong><br>"
Response.Write Server.HTMLEncode(strCommandText) & "<p>"

Dim objConnection
Set objConnection = Server.CreateObject
("ADODB.Connection")
Dim objCommand
Set objCommand = Server.CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = strCommandText

Dim objRecordset
Set objRecordset = objCommand.Execute(strCommandText)

Response.Write "<table border=4><tr>"
If (Not objRecordset.EOF) Then
For Each objField in objRecordset.Fields
Response.Write "<td>"
Response.Write objField.Name
Response.Write "</td>"
Next
End If
Response.Write "</tr>"

'While Not objRecordset.EOF AND Count <= 10
Response.Write "<tr>"
For Each oField in objRecordset.Fields
Response.Write "<td>"
Response.Write objField.Value
Response.Write "</td>"
Next
Response.Write "</tr>"
' objRecordset.MoveNext
'Wend
Response.Write "</tr></table>"
%>
</body>

 

[KWilliams]

Matjaz,

I also tried the code from that referenced article, and
received the strangest error message:

error '80090332'
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).

Here's the code that I tried from that page:

<%@ LANGUAGE="VBSCRIPT" %>
<%
' Constants for the NameTranslate object.

Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify the NetBIOS name of the domain and the NT name
of the user.
strNTName = "MYDOMAIN\USERNAME"

' Use the NameTranslate object to convert the NT user
name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")

' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the NT format of the
object name.
objTrans.Set ADS_NAME_TYPE_NT4, strNTName

' Use the Get method to retrieve the RPC 1779
Distinguished Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Bind to the user object in Active Directory with the
LDAP provider.
Set objUser = GetObject("LDAP://" & strUserDN)
%>

Boy, I'm getting very lost in this process. I feel like
I'm just pulling at straws. I hope that I find a solution
soon, as my brain is about fried now. If you could give
me your opinion on whether or not you think that I'm
heading in the right direction, that would be great.
Thanks for all of your help...you've been great.

KWilliams

 

[KWilliams]

Hi Matjaz,

I received another way of going about this setup from my
boss, and it involves SQL SELECT for command text. A
Microsoft article named "Microsoft OLE DB Provider for
Microsoft Active Directory Service" at
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/ado270/htm/mdrefadsprovspec.asp

It listed an example of a SELECT STATEMENT that pulls AD
data, so I customized that example to attempt the same
thing from my ASP page. But I received this syntax error:

Microsoft OLE DB Provider for SQL Server error '80040e14'

Line 1: Incorrect syntax near 'LDAP://DC=dgco,DC=net'.

/BulletinBoard/bgscripts/testc.asp, line 15

I'm thinking that there's something small that I'm
forgetting with my syntax, so any advice from you would
be greatly appreciated. I've included the code below, and
Line 15 is noted. Thanks Matjaz.

KWilliams

<%@LANGUAGE="JAVASCRIPT"%>
<!--#include virtual="/Connections/strConn_Bulletin.asp" -
->
<%
//THIS IS A TEST. IT'S ONLY A TEST...
var Username = Session("Username");
Response.Write(Username);
%>
<%
var Command1 = Server.CreateObject("ADODB.Command");
Command1.ActiveConnection = MM_strConn_Bulletin_STRING;
Command1.CommandText = "SELECT name
FROM 'LDAP://DC=SERVER,DC=NAME' WHERE objectClass = '" +
Username + "'";//<--LINE 15
Command1.CommandType = 1;
Command1.CommandTimeout = 0;
Command1.Prepared = true;
Command1.Execute();
Response.Write(Command1.CommandText)//Use to test if
needed
Command1.Close;
%>