Search: Go
 Transact SQL
 Other Articles
 Software Reviews

 Canon EOS 300D Samples
 Akihabara Maids!
 More Galleries...

 2009: China
 2008: Tokyo
 2007: Tokyo
 2006: Hong Kong
 2005: New York City

 Search Engine Optimisation
 Build an ASP Search Engine
 My Tropical Fishtank
 SQL Month Name
 SQL Get Date Today
 SQL Year Month
 Other New Stuff...

 Regular Expressions
 Index Server & ASP
 JavaScript Ad Rotator

Home > Articles

Browsing Windows NT groups with ASP and ADSI

The ASP code described in this article will allow you to find a list of Windows NT groups in a specific domain or on a specific computer, then view a list of users and groups within that group.

How it works

The ASP code uses Microsoft’s Active Directory Service Interfaces (ADSI). ADSI is a directory system that makes it straightforward to administer and obtain information from a variety of data stores on the system (e.g. Exchange Server, Internet Information Server, and Windows NT itself). ADSI can run on Windows 95, 98, NT 4.0 and Windows 2000. Due to the lack of security features in Windows 95 and 98 it is advisable to not run ADSI services on these operating systems. The examples described here have been tested with Windows NT 4.0.

ADSI is particularly useful under Windows 2000, as it allows access to the Windows 2000 Active Directory. The Active Directory is one of the cornerstones of Windows 2000, so it is worth getting to grips with. If you want to learn ADSI, there are a number of tutorials listed at the bottom of this article.

In order to get the examples to work, you will need to install ADSI. The current version (2.5) is a free download from Microsoft’s website (see links at the bottom of this article).

The code

There are four parts to the example page, which should be saved as UserGroupBrowser.asp.

The first part of the page should be added to above the opening <HTML> tag:

Dim sCurrentGroup
Dim sDomainName
sCurrentGroup = Request.QueryString("Group")
sDomainName = Request.QueryString("Domain")

'Change the following line so that sDomainName is your machine name or domain name
If sDomainName = "" Then sDomainName = "MYDOMAIN"

Note that the 8th line of this code should be changed to replace MYDOMAIN with the name of your Windows NT Domain (or your machine name).

The second piece of code should be placed in the <BODY> part of the ASP document. It contains calls to the functions that display the groups within a domain and also the users within a specific group:

<P>Exploring the Domain <%=sDomainName%></P>
<form name="frmGroupSelector" action="UserGroupBrowser.asp" method="GET">
<input type="hidden" name="Domain" value="<%=sDomainName%>">
<%=ListGroups(sDomainName, sCurrentGroup, "submitFrm()")%>

If sCurrentGroup <> "" Then
Response.Write ListUsers(sDomainName, sCurrentGroup)
End if

The third piece of code is a small piece of JavaScript containing a function to submit the Group select list if a group has been selected:

<script language="JavaScript"><!--
function submitFrm() {

if (document.frmGroupSelector.Group.options[document.frmGroupSelector.Group.selectedIndex].value != '') {




Finally, there are two VBScript functions: ListGroups and ListUsers. The code for these is shown below:

'function to create a select list containing a list of groups within a computer
'or domain. Function must be supplied with three arguments:
'sDomainName: The domain name or computer name
'sSelectedGroup: The name of the group that should have the selected attribute
'sOnChangeScript: The name of the JavaScript function that should be executed
' when the onChange event is triggered for this select list

Function ListGroups(sDomainName, sSelectedGroup, sOnChangeScript)

Dim sSelectListHTML
Dim sGroupName

sSelectListHTML = "<select name=""Group"" id=""Group"" "
sSelectListHTML = sSelectListHTML & "onChange=""" & sOnChangeScript & """>" & vbCRLF
sSelectListHTML = sSelectListHTML & "<option value="""">---------------"
sSelectListHTML = sSelectListHTML & "Select a group"
sSelectListHTML = sSelectListHTML & "---------------</option>" & vbCRLF

Set Domain = GetObject("WinNT://" & sDomainName)

For Each Member in Domain
If Member.Class = "Group" Then
sGroupName = null
sGroupName = Member.Name

If sGroupName = sSelectedGroup Then

sSelectListHTML = sSelectListHTML & "<option selected value=""" & sGroupName & """>"
sSelectListHTML = sSelectListHTML & sGroupName & "</option>" & vbCRLF


sSelectListHTML = sSelectListHTML & "<option value="""
sSelectListHTML = sSelectListHTML & sGroupName & """>" & sGroupName & "</option>" & vbCRLF

End If

End if

sSelectListHTML = sSelectListHTML + "</select>" & vbCRLF

ListGroups = sSelectListHTML

End Function

'function to list the users and groups within a specific user group.
'Function must be supplied with two arguments:
'sDomainName: The domain name or computer name
'sGroupName: The name of the user group

Function ListUsers(sDomainName, sGroupName)

Dim sUserList
Dim sMyParent

Set Group = GetObject("WinNT://" & sDomainName & "/" & sGroupName)

For Each Member in Group.Members

On Error Resume Next

sMyParent = Member.Parent
sMyParent = Right(sMyParent, Len(sMyParent) - InStrRev(sMyParent, "/"))

If Member.Class = "User" Then

sUserList = sUserList & "<b>" & Member.Name & "</b><br>"
sUserList = sUserList & " Full Name: " & Member.FullName & "<br>"
sUserList = sUserList & " Description: " & Member.Description & "<br>"
sUserList = sUserList & " Account Disabled: " & Member.AccountDisabled & "<br>"
sUserList = sUserList & "<p>"

ElseIf Member.Class = "Group" Then

sUserList = sUserList & "<b><a href=""UserGroupBrowser.asp?"
sUserList = sUserList & "Group=" & Server.URLEncode(Member.Name)
sUserList = sUserList & "&Domain=" & Server.URLEncode(sMyParent)
sUserList = sUserList & """>" & Member.Name & "</a></b>< br>"
sUserList = sUserList & " Description: " & Member.Description & "<br>"
sUserList = sUserList & "<p>"

End If


If sUserList = "" Then
sUserList = "
<p>This group does not contain any users</p>"
End If

ListUsers = sUserList

End Function

The first function (ListGroups) will generate the HTML required for a select list containing a list of all the groups within a specified Windows domain (or an individual computer). It achieves this by first binding the Domain object to the Active Directory object for the specified Windows domain or individual machine. It then enumerates the list of members within the domain, and if the member is found to be a group it adds an OPTION tag to the select list.

The second function (ListUsers) will display a list of users and groups within a specific group [under Windows NT it is possible to make groups members of other groups, such as adding Power Users to the Administrators group].

The ListUsers function will display a number of attributes of users it finds; specifically their full name, description, and whether or not their account is disabled. Further attributes can be obtained using ADSI - a full list is shown in Microsoft’s ADSI documentation (link at the bottom of this article).

Note that On Error Resume Next should be used when using Active Directory, because the ASP document will stop being processed if a certain attribute cannot be found.

If you don’t want to cut and paste the code into an ASP document, the complete code may be downloaded in a ZIP file:

Further reading

  Site Map | Privacy Policy

All content is 1995 - 2012