locked
user created does not show up in query of Domain users group RRS feed

  • Question

  • User-340489618 posted

     I am creating a user with the below code. When I run my query of who is member of domain users, the user create with code does not show up.

    I did a little testing: if I open the AD mmc and change the user primary group to something else and back to domain users then the user will show up in the group query.

    So I thought it may have been the primaryGroupID so I had the create user code change it to another group and back, this did not work either. I feel like I am missing a value that needs to be set.

     

     

    Code to create user:
    Dim objParent As New DirectoryEntry("LDAP://cn=users,DC=domain,DC=com", "administrator@domain.com", "Password", AuthenticationTypes.Secure)
            Dim objChild As DirectoryEntry = objParent.Children.Add("cn=" & TxtBxfirst.Text & " " & TxtBxlast.Text, "user")
            objChild.Properties("sAMAccountName").Add(txtbxuser.Text)
            objChild.Properties("userPrincipalName").Add(txtbxuser.Text & "@" & DrpDwnLstdom.Text)
            objChild.Properties("givenName").Add(TxtBxfirst.Text)
            objChild.Properties("sn").Add(TxtBxlast.Text)
            objChild.Properties("displayName").Add(TxtBxfirst.Text & " " & TxtBxlast.Text)
            objChild.Properties("manager").Add("cn=" & DrpDwnLstmngr.Text & ",cn=users,DC=domain,DC=com")
            objChild.Properties("title").Add(TxtBxtitle.Text)
            objChild.Properties("department").Add(TxtBxdept.Text)
            objChild.Properties("description").Add(TxtBxdesc.Text)
            objChild.Properties("telephoneNumber").Add(TxtBxtele.Text)
            'objChild.Properties("userPrincipalName").Add(txtbxuser.Text & "@" & DrpDwnLstdom.Text)
            objChild.CommitChanges()
            objChild.NativeObject.AccountDisabled = False
            objChild.Properties("homeMDB").Add("CN=Mailbox Store ,CN=First Storage Group,CN=InformationStore,CN=exchange,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com")
            objChild.Properties("homeMTA").Add("CN=Microsoft MTA,CN=TESTEX01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com")
            objChild.Properties("legacyExchangeDN").Add("/o=First Organization/ou=First Administrative Group/cn=Recipients/cn=" & txtbxuser.Text)
            objChild.Properties("mailNickname").Add(txtbxuser.Text)
            objChild.Properties("msExchHomeServerName").Add("/o=First Organization/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=TESTEX01")
            objChild.Properties("msExchUserAccountControl").Add(0)
             objChild.Properties("proxyAddresses").Add("SMTP:" & txtbxemail.Text & DrpDwnLstemail.Text)
            objChild.CommitChanges()

    Tuesday, October 3, 2006 11:33 AM

All replies

  • User-340489618 posted

    the results on the query for memberof only shows users in that groups that do not have it set as the primary group.

     I will post my query code below if that may help someone help me.

     

     

    Group query code:

        sub on_Click(sender as object,e as EventArgs)
        Const ADS_SCOPE_ONELEVEL = 1
        Const ADS_CHASE_REFERRALS_EXTERNAL = &H40
       
            Dim oRootDSE, oCon, oCmd, oRecordSet
            Dim sDomainADsPath, sUser, sGroup, sProperties
            Dim aDescription, aMember, iCount, sFullUser
           
       
        oRootDSE = GetObject("LDAP://RootDSE")
            sDomainADsPath = "LDAP://" & oRootDSE.Get("defaultNamingContext")
        oRootDSE = Nothing
       
        oCon = Server.CreateObject("ADODB.Connection")
        oRecordSet = Server.CreateObject("ADODB.Recordset")
       
        sFullUser = Request.ServerVariables("LOGON_USER")
        sUser = Split(sFullUser, "\", -1)
       
       
        oCon.Provider = "ADsDSOObject"
       
        oCon.Open("ADProvider")
       
        oCmd = Server.CreateObject("ADODB.Command")
        oCmd.ActiveConnection = oCon
       

            sProperties = "name,ADsPath,description,member,primaryGroupToken "
       
        sGroup = "*"
       
        oCmd.Properties("Page Size") = 999
        oCmd.Properties("Timeout") = 30     ' Seconds
        oCmd.Properties("searchscope") = ADS_SCOPE_ONELEVEL
        oCmd.Properties("Chase referrals") = ADS_CHASE_REFERRALS_EXTERNAL
        oCmd.Properties("Cache Results") = False     ' Do not cache the result set
       
           
            oCmd.CommandText = "<" & sDomainADsPath & ">;(&(objectClass=group)(cn=" & TextBox1.Text & "));" & sProperties & ";subtree"

            oCmd.Properties("Page Size") = 10000
           
            oRecordSet = oCmd.Execute
            Response.Write("<strong> Global Groups for the domain: " & Replace(Mid(sDomainADsPath, 11), ",DC=", ".") & "</strong>")
            Response.Write("<table border='1'>")
            Response.Write("<tr><th>Name</th><th>ADsPath</th><th>Description</th><th>Members</th></tr>")
            Response.Write("<font size=4>")
            While Not oRecordSet.EOF
                Response.Write("<tr><td>")
                Response.Write(oRecordSet.Fields("name").Value)
                Response.Write("</td>")
       
                Response.Write("<td>")
                Response.Write(oRecordSet.Fields("ADsPath").Value)
                Response.Write("</td>")
                           
                                 
                Response.Write("<td>")
                aDescription = (oRecordSet.Fields("description").Value)
                If Not IsDBNull(aDescription) Then Response.Write(aDescription(0))
                Response.Write("</td>")
       
                Response.Write("<td>")
                aMember = oRecordSet.Fields("member").value

                If Not IsDBNull(aMember) Then
                    For iCount = 0 To UBound(aMember)
                        Response.Write("<option>" & aMember(iCount))
                    Next
                End If
                Response.Write("</td>")
               
                Response.Write("</tr>")
                oRecordSet.MoveNext()

            End While
    Response.Write("</font>")
    Response.Write("</table>")

    oRecordSet.Close
    oCon.Close

    oRecordSet = Nothing
            oCon = Nothing
           
        End Sub
     

     

    Wednesday, October 4, 2006 11:00 AM
  • User-340489618 posted

    Ok I understand now. I need to be using  token groups.

     

    Just need to find VB sample since i had problems converting C samples 

    Wednesday, October 4, 2006 12:41 PM
  • User-340489618 posted

    ok I starting to understand the whole retrive sids. and the below code works when inputing user. How, if possiple call a group and retrieve the all user in the group. not seeing any example like this getting tokengroups

     Code:

    Dim user As DirectoryEntry = New DirectoryEntry("LDAP://CN=someuser,CN=Users,DC=domain,DC=com", "Administrator", "Password", AuthenticationTypes.Secure)
            Dim sidBytes() As Byte = CType(user.Properties("objectSid").Value, Byte())
            Dim usr
            usr = user.ToString
            Dim irc As System.Security.Principal.IdentityReferenceCollection = ExpandTokenGroups(user).Translate(GetType(System.Security.Principal.NTAccount))
            For Each account As System.Security.Principal.NTAccount In irc
                Response.Write(account)
            Next

    End Sub 

    Private Function ExpandTokenGroups(ByVal user As DirectoryEntry) As System.Security.Principal.IdentityReferenceCollection
            user.RefreshCache(New String() {"tokenGroups"})
            Dim irc As New System.Security.Principal.IdentityReferenceCollection()
            For Each sidBytes As Byte() In user.Properties("tokenGroups")
                irc.Add(New System.Security.Principal.SecurityIdentifier(sidBytes, 0))
            Next
            Return irc
        End Function

    Wednesday, October 4, 2006 3:48 PM