Hi all,
I'm a bit new with manipulating system functions using ADSI; however, I've found it's extremely powerful and I believe I can use it to simplify a lot of manual processes.
I have a domain where I do not have admin rights to the servers or AD, but do have access to add/remove users to several AD groups which I wish to manage via the web (if I can). I've found a few scripts on the Internet that add an existing user to an AD group, but I get a general access denied error message.
I recall working on a project in the past where I simply queried AD for user information, but in order to do so I had to authenticate (in the script) with my domain username and password. Then, I could pull AD detials for each user (fullname, office, etc.)
So - taking that into account, can I authenticate using my username and password on the domain, and then add users to the AD groups I have access to add/remove members from? I can of course add/remove members using the Windows GUI, but using web-based forms I can simplify a lot of other processes.
Some existing code I pieced together:
Code:
<%
strServerName = ""
strUsername = ""
set connAD = Server.CreateObject("ADODB.Connection")
connAD.Provider = "ADsDSOObject"
connAD.Properties("User ID") = ""
connAD.Properties("Password") = ""
connAD.Properties("Encrypt Password") = True
strGroup=""
Set oDomain = GetObject("")
Set oGroup = oDomain.GetObject("Group", strGroup)
oGroup.Add ("WinNT://domain/" & strUsername)
%>
However, that is not working, giving a general access denied error message. Thank you for taking a look at this, in advance!