Transact SQL Other Articles Software Reviews
Browsing Windows NT groups with ASP and ADSI
The ASP code described in this article will allow you to find a list of Windows NT groups in a specific domain or on a specific computer, then view a list of users and groups within that group.
How it works
The ASP code uses Microsofts Active Directory Service Interfaces (ADSI). ADSI is a directory system that makes it straightforward to administer and obtain information from a variety of data stores on the system (e.g. Exchange Server, Internet Information Server, and Windows NT itself). ADSI can run on Windows 95, 98, NT 4.0 and Windows 2000. Due to the lack of security features in Windows 95 and 98 it is advisable to not run ADSI services on these operating systems. The examples described here have been tested with Windows NT 4.0.
ADSI is particularly useful under Windows 2000, as it allows access to the Windows 2000 Active Directory. The Active Directory is one of the cornerstones of Windows 2000, so it is worth getting to grips with. If you want to learn ADSI, there are a number of tutorials listed at the bottom of this article.
In order to get the examples to work, you will need to install ADSI. The current version (2.5) is a free download from Microsofts website (see links at the bottom of this article).
There are four parts to the example page, which should be saved as UserGroupBrowser.asp.
The first part of the page should be added to above the opening <HTML> tag:
Note that the 8th line of this code should be changed to replace MYDOMAIN with the name of your Windows NT Domain (or your machine name).
The second piece of code should be placed in the <BODY> part of the ASP document. It contains calls to the functions that display the groups within a domain and also the users within a specific group:
<P>Exploring the Domain <%=sDomainName%></P>
Finally, there are two VBScript functions: ListGroups and ListUsers. The code for these is shown below:
The first function (ListGroups) will generate the HTML required for a select list containing a list of all the groups within a specified Windows domain (or an individual computer). It achieves this by first binding the Domain object to the Active Directory object for the specified Windows domain or individual machine. It then enumerates the list of members within the domain, and if the member is found to be a group it adds an OPTION tag to the select list.
The second function (ListUsers) will display a list of users and groups within a specific group [under Windows NT it is possible to make groups members of other groups, such as adding Power Users to the Administrators group].
The ListUsers function will display a number of attributes of users it finds; specifically their full name, description, and whether or not their account is disabled. Further attributes can be obtained using ADSI - a full list is shown in Microsofts ADSI documentation (link at the bottom of this article).
Note that On Error Resume Next should be used when using Active Directory, because the ASP document will stop being processed if a certain attribute cannot be found.
If you dont want to cut and paste the code into an ASP document, the complete code may be downloaded in a ZIP file: