View Single Post
  #1 (permalink)  
Old August 24th, 2007, 09:27 PM
thiazi thiazi is offline
Registered User
Join Date: Aug 2007
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Add existing AD user to AD group via ADSI?

Hi all,

I'm a bit new with manipulating system functions using ADSI; however, I've found it's extremely powerful and I believe I can use it to simplify a lot of manual processes.

I have a domain where I do not have admin rights to the servers or AD, but do have access to add/remove users to several AD groups which I wish to manage via the web (if I can). I've found a few scripts on the Internet that add an existing user to an AD group, but I get a general access denied error message.

I recall working on a project in the past where I simply queried AD for user information, but in order to do so I had to authenticate (in the script) with my domain username and password. Then, I could pull AD detials for each user (fullname, office, etc.)

So - taking that into account, can I authenticate using my username and password on the domain, and then add users to the AD groups I have access to add/remove members from? I can of course add/remove members using the Windows GUI, but using web-based forms I can simplify a lot of other processes.

Some existing code I pieced together:


strServerName = ""
strUsername = ""

set connAD = Server.CreateObject("ADODB.Connection")
connAD.Provider = "ADsDSOObject"
connAD.Properties("User ID") = ""
connAD.Properties("Password") = ""
connAD.Properties("Encrypt Password") = True

Set oDomain = GetObject("")
Set oGroup = oDomain.GetObject("Group", strGroup)
oGroup.Add ("WinNT://domain/" & strUsername)
However, that is not working, giving a general access denied error message. Thank you for taking a look at this, in advance!

Reply With Quote