admin管理员组

文章数量:1323330

I have at my disposal Javascript and Classic ASP. Using these two how can I check to see if a user is a member of a particular active directory group? I know VBSCRIPT has memberof function but I can only use javascript. Any help is appreciated

I have at my disposal Javascript and Classic ASP. Using these two how can I check to see if a user is a member of a particular active directory group? I know VBSCRIPT has memberof function but I can only use javascript. Any help is appreciated

Share edited Nov 23, 2011 at 21:53 Joel Coehoorn 416k114 gold badges578 silver badges813 bronze badges asked Jan 17, 2011 at 19:05 Roy RideauxRoy Rideaux 331 gold badge1 silver badge3 bronze badges 2
  • Are you talking about JavaScript running in the browser or server-side JScript embedded in the ASP? – Quentin Commented Jan 17, 2011 at 19:07
  • server-side Jscript. So far i've got a ADODB connection with the ADsDSOObject provider. I was trying to search using maybe a sql mand or something to that effect. a function that returns true or false if the member matches is what im trying to get – Roy Rideaux Commented Jan 19, 2011 at 4:13
Add a ment  | 

4 Answers 4

Reset to default 2

You'll need to ensure that your web server is set to use Windows Authentication. Then you can use Request.ServerVariables("LOGON_USER") to get the current user's domain\username.

You'll then query Active Directory using ADSI to get group membership.

Here's a link to msdn's ADSI pages. http://msdn.microsoft./en-us/library/aa772170%28v=vs.85%29.aspx

This page has some sample scripts (in vbscript)

As far as I know there is no possibility to access activeDirectory by using Javascript. Javascript runs within the browser - and may not access anything out of this sandbox.

In case I misunderstood your question und you ment server-side checking - use ASP functions to check for.

You might also try using Javascript to instantialte a WScript.Network object

var WshNetwork = new ActiveXObject("WScript.Network");

From there, you can get

var netWorkUserName = WshNetwork.UserName;
var netWorkDomain = WshNetwork.UserDomain;

A word of warning: I'm pretty sure this is IE only and requires security changes in IE.

You'll need AJAX and a connection to the AD using ADODB.Connection with the "ADsDSOObject" provider.

EDIT: I saw your ment above. Here's a start:

ldapCommand.CommandText = "select sn from '" & _
    "LDAP://example./DC=example,DC=" & _
    "' WHERE samAccountName=" & "'" & username & "'"

Set ldapRecordSet = ldapCommand.Execute 

ldapCommand is an ADODB.Command, and if Execute throws an error, then the user is not in the domain.

本文标签: