Looking to verify users via Active Directory

[graymk]

I’m creating a database that will act as a contact list. I plan on using the
Active Directory username as a unique identifier. I need to be able to let
individuals change their own information (only) unless they are apart of a
specific user group, in which they will have rights to edit all information.

Eventually, all of this will be written to/from a SharePoint 2003 list, but
this is besides the point of this question. I mention it just in case it may
play some role in the code.

I need to be able to do this using Access 2003 VBA. They will be accessing
the Active Directory but not entering a username/password because they are
already logged in.

Is there any way to do the above? And if so, please show me how.

 

[Albert D. Kallal]

Are you using the same name as the user network logged on name?
(I belive in most cases, you are).

If you are, then you can use the follwing code to get the user name:

You can get the current network logon name with:

http://www.mvps.org/access/api/api0008.htm

And, the current computer name with:

http://www.mvps.org/access/api/api0009.htm

And, if using ms-access security, then currentuser() will return the
ms-access logon.

I often log all 3 of the above values in some applications.

 

[graymk]

Thank you. This was very helpful. Never used this before so I don't know how
to mark your answre as helpful. I'll mark it as answreing my question when
I'm done with the whole thing =)

Not using MS Access Security.

2 Questions left remaining

1. How do I verify a user is in a particular Group. I'll have an Admin
console form that will allow Admins to change the group if ever necessary.

2. How do I search the Active directory? Specifically, if I give the name
John J. Doe or any part of it, how do I have All possible names returned to
me?

Now that I know where to look, I may be able to find this myself. If I do,
I'll come back and leave a closing post. Thanks again for your help.

========
I went to school for this stuff (by stuff I mean programming in general) 10
years ago, then joined the Navy. Haven't used it much since. This is the
first semi-serious project I've worked on and I'm running into problems my
coursework didn't even cover. =(

 

[Albert D. Kallal]

1. How do I verify a user is in a particular Group. I'll have an Admin
console form that will allow Admins to change the group if ever necessary.

The sample code I gave you will not help you at all.

I was only suggesting that you can get the current users *WINDOWS* logon
network name in code. Often some companies use a naming or logon scheme for
windows that parallels their active directory setup.

2. How do I search the Active directory? Specifically, if I give the name
John J. Doe or any part of it, how do I have All possible names returned
to
me?

Word, Excel, power-point, or access Are not really designed with an active
directory interface in mind.

So, this type of ability is certainly not built into a desktop program like
power-point, or access.

You have to use some type of interface that lets you connect to active
directory.

I believe you can actually use an ADO connection to test membership in
groups.
(I've never used, or done this before, so I can't help you lot in this
case).

However, yahoo search does come up with some coding examples that does speak
of this process via ADO:

http://codeidol.com/active-directory/actdir3/Using-ADO-for-Searching/The-First-Search/

Here is a sample that what use lets you test group membership

http://codeidol.com/active-directory/actdir3/Users-and-Groups/Evaluating-Group-Membership/

I think you'll have to go out and find some code examples. AD seems to be a
whole system of its own.

any VB6, or VBS script examples should be very easily to convert to the VBA
code. Their syntax and programming concepts When going from VB6 or the VBS
scripts to the VBA are really similar.

In addition you'll have to come up with some type of table or coding scheme
to say what form/report belongs to what membership. Let's assume that you
can successfully and easily query the active directory system, you still
have to find a way of saying that this particular sales report cannot be
viewed unless you're a member of the sales membership group -- the only
practical way you're going to do that is to write code to prevent the
form/report from opening (And further you'll need some efficient or
reasonable way to a store what report's belongs to what particular group.
You have to store that information somewhere, and code it after you figure a
way to query the ad system).

 

[Albert D. Kallal]

here is the msdn reference:

http://msdn2.microsoft.com/en-us/library/aa384689.aspx