Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (3)

Resolved AD groups for a user

  1. How-to
0
Votes
Undo
  1. Ed Van Haren
    Ed Van Haren
  2. PowerBuilder
  3. Monday, 29 January 2024 21:50 PM UTC

Is there any suggested method to get a list of AD groups a user is part of (or to see if a user is in a certain AD group)? We did find a DLL (NetUserGetGroups on NetApi32.dll) but can't seem to get the call to work. Does anyone have a sample?

Or is there a better way to go about it these days?

Thanks in advance for any suggestions.

We are using the GA release of PB 2022

Error trying to get latest version with OrcaScript
Azure Key Vault secret
Responses (3)
Ed Van Haren
Ed Van Haren Accepted Answer Pending Moderation
  1. Tuesday, 30 January 2024 15:29 PM UTC
  2. PowerBuilder
  3. # 1

Hi John,

Thanks for your response. I didn't realize David asked the same question until after I posted mine.

All we want to do is verify AD access before they can run the application.

So user 'A' belongs to AD group 'App A access'

When we start the client app, the 1st thing we want to verify is that user 'A' is in AD group 'App A access'. If they do, they can run the app, if not, they get kicked out.

I was just looking for some mechanism to see which AD groups a user has access. The alternative, is to look at the members of a group and see if the user belongs to it.

Any ideas would be appreciated. I believe in the worse case, I can call a CMD file from the PB code and run a command like:

            net user ev51606 /domain

If I pipe the results to a text file, I can look for the ID within the results. But I was hoping for a better way via a DLL call or some other process.

Thanks,

Ed

Comment
There are no comments made yet.
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 30 January 2024 00:35 AM UTC
  2. PowerBuilder
  3. # 2

Hi Ed

   My STD Framework has all the AD interaction capabilities built in. Here is a presentation that I gave at a PB conference that explains how it works...

https://sourceforge.net/projects/stdfndclass/files/Presentations/Active%20Directory

HTH: the framework is free & open source so please adapt any code that helps you in this quest.

Regards... Chris

Comment
There are no comments made yet.
John Fauss
John Fauss Accepted Answer Pending Moderation
  1. Tuesday, 30 January 2024 00:18 AM UTC
  2. PowerBuilder
  3. # 3

Hi, Ed - 

It appears that you and David are doubling up on this question (which really isn't necessary, by the way), so I will repeat this response in the other thread.

I've never called this WinAPI function before, but in looking at the Windows documentation, it looks like it can be called with null arguments, and this affects how the function is called from PB. Therefore, I have a couple of questions:

1. Are you wanting to run this function on the local server (where the app is running) or on a remote (non-local) server?

2. Are you wanting only the names of the groups (the GROUP_USER_INFO_0 structure) or the names and attribute flags (the GROUP_USER_INFO_1 structure)?

I'm willing to try and figure out how to get the information into a PB app once I hear back from you, but please know that I have a limited amount of free time at home in the evening in which to tackle this, as my employer understandably does not want to pay me for working on other people's problems. Once I hear back from either/both of you, I'll see what I can come up with.

Best regards, John

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.