Need to retrieve all groups a user belongs to...
Gesperrt
-
Freitag, 4. Mai 2012 11:51
Hi,
I need to find all the groups a particular user is a member of. I'm using C++, not Powershell, if this is the wrong forum I apologize.
From what I've found on the web I need to retrieve the memberOf property, but I keep getting an error that the property doesn't exist. Any help would be appreciated. Here's the code:
HRESULT hrObj = E_FAIL;
HRESULT hr = E_FAIL;
ADS_SEARCHPREF_INFO SearchPrefs;
// COL for iterations
ADS_SEARCH_COLUMN col;
// Handle used for searching
ADS_SEARCH_HANDLE hSearch;
// Search entire subtree from root.
SearchPrefs.dwSearchPref = ADS_SEARCHPREF_SEARCH_SCOPE;
SearchPrefs.vValue.dwType = ADSTYPE_INTEGER;
SearchPrefs.vValue.Integer = ADS_SCOPE_SUBTREE;
// Set the search preference.
DWORD dwNumPrefs = 1;
hr = pSearchBase->SetSearchPreference(&SearchPrefs, dwNumPrefs);
if (FAILED(hr))
{
return hr;
}
// Create search filter.
LPWSTR pszFormat = L"(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))";
int len = wcslen(pszFormat) + wcslen(szFindUser) + 1;
LPWSTR pszSearchFilter = new WCHAR[len];
if(NULL == pszSearchFilter)
{
return E_OUTOFMEMORY;
}
swprintf_s(pszSearchFilter, len, pszFormat, szFindUser);
// Set attributes to return.
LPWSTR pszAttribute[NUM_ATTRIBUTES] = {L"ADsPath"};
// Execute the search.
hr = pSearchBase->ExecuteSearch(pszSearchFilter,
pszAttribute,
NUM_ATTRIBUTES,
&hSearch);
if (SUCCEEDED(hr))
{
// Call IDirectorySearch::GetNextRow() to retrieve the next row of data.
while(pSearchBase->GetNextRow(hSearch) != S_ADS_NOMORE_ROWS)
{
// Loop through the array of passed column names and
// print the data for each column.
for (DWORD x = 0; x < NUM_ATTRIBUTES; x++)
{
// Get the data for this column.
hr = pSearchBase->GetColumn(hSearch, pszAttribute[x], &col);
if (SUCCEEDED(hr))
{
// Print the data for the column and free the column.
// Be aware that the requested attribute is type CaseIgnoreString.
if (ADSTYPE_CASE_IGNORE_STRING == col.dwADsType)
{
IADs *pADS;
hr = ADsOpenObject( col.pADsValues->CaseIgnoreString,
L"Administrator",
L"passW0rd",
ADS_SECURE_AUTHENTICATION,
IID_IADs,
(void**)&pADS);
VARIANT var;
VariantInit(&var);
if (SUCCEEDED(hr))
{
hr = pADS->GetEx(L"memberOf", &var); <-- FAILS!!!
wprintf(L"Found User.\n",szFindUser);
wprintf(L"%s: %s\r\n",pszAttribute[x],col.pADsValues->CaseIgnoreString);
hrObj = S_OK;
}
}
pSearchBase->FreeColumn( &col );
}
else
{
hr = E_FAIL;
}
}
}
// Close the search handle to cleanup.
pSearchBase->CloseSearchHandle(hSearch);
}
delete pszSearchFilter;
if (FAILED(hrObj))
{
hr = hrObj;
}
Alle Antworten
-
Freitag, 4. Mai 2012 14:02
You should ask on a C++ forum.
http://social.msdn.microsoft.com/Forums/en-US/category/vsvnext,visualstudio,vsarch,vsdbg,vstest,vstfs,vsdata,vsappdev,visualbasic,visualcsharp,visualc,visualfsharp,windowsapps lists all the Visual Studio forums...
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer
My Blog: http://unlockpowershell.wordpress.com
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})- Als Antwort markiert Bill_StewartMicrosoft Community Contributor, Moderator Freitag, 4. Mai 2012 14:19
- Tag als Antwort aufgehoben funkycold Freitag, 4. Mai 2012 18:52
- Als Antwort markiert Bill_StewartMicrosoft Community Contributor, Moderator Freitag, 4. Mai 2012 21:32
- Tag als Antwort aufgehoben funkycold Montag, 7. Mai 2012 11:24
- Als Antwort vorgeschlagen Karl Mitschke Montag, 7. Mai 2012 13:33
- Als Antwort markiert Bill_StewartMicrosoft Community Contributor, Moderator Montag, 7. Mai 2012 14:00
-
Freitag, 4. Mai 2012 14:29
These guys do LDAP in C++. Most use C# today as C++ is not generlly needed for AD queries.
http://stackoverflow.com/questions/4220862/c-ldap-query-to-locate-memberof
¯\_(ツ)_/¯
-
Freitag, 4. Mai 2012 14:32Thanks for the replies, I will post in the other forums.
-
Freitag, 4. Mai 2012 14:47
Yeah, I've got a great C# application that does LDAP queries...
Specifically for groups a user is a member of - both Security and Distribution
I guess I could have mentioned that earlier ;)
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer
My Blog: http://unlockpowershell.wordpress.com
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"}) -
Montag, 7. Mai 2012 11:25Stop marking this question as Answered. Telling me to go to another forum is not an answer.
-
Montag, 7. Mai 2012 13:33
It actually IS the answer for this forum.
When others search for "retrieve groups C++" and come here, they need to know that the proper place is a C++ forum, and hanging out here is not going to get them any help.
The answer for the Scripting Guys forum is "You should ask on a C++ forum."
Sorry about that, but it really IS the answer.
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer
My Blog: http://unlockpowershell.wordpress.com
My Book: Windows PowerShell 2.0 Bible
My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"}) -
Montag, 7. Mai 2012 13:38Moderator
Also, you acknowledge in your original question that you might be asking in the wrong forum. We frankly should not be answering C++ questions, as they are best addressed elsewhere. Thank you for your understanding.
Richard Mueller - MVP Directory Services
-
Montag, 7. Mai 2012 14:00Moderator
Stop marking this question as Answered. Telling me to go to another forum is not an answer.
Hi,
Since you asked in the wrong forum in the first place, an answer that says "you're asking in the wrong place" is the appropriate answer.
Bill
.png)
.png)
