Validate towards Active Directory

[AndreasB]

Hi all!I am about to create a ASP webpage where people are about to request for UserAccounts in a Active Directory Domain. I would like to performe a lookup if the UserAccount already exists in the AD.Does anyone know how I could performe this with ASP?Thankful to any kind of help or reference.Best regards,Andreas

[pulpfiction]

This might help a little..http://www.serverwatch.com/tutorials/article.php/1476961

[justsomeguy]

Microsoft uses Active Directory to implement LDAP. In other words, Active Directory is Microsoft's version of LDAP. I use this function to authenticate a user against an LDAP store:

Function authenticate_ldap_user(username, password, domainName, containerName)  On Error Resume Next  If Not containerName = "" Then	containerName = containerName & ","  End If  If username = "" Or password = "" Then	Err.Number = &H81000000  Else	Set ldapObject = GetObject("LDAP:")	Set authObject = ldapObject.OpenDSObject("LDAP://" & domainName, "CN=" & username & "," & containerName & domainName, password, 1) '1 at end for secure auth.	'success is determined below by the error number (if any)	Set ldapObject = Nothing	Set authObject = Nothing  End If  If Err.Number <> 0 Then	authenticate_ldap_user = False  Else	authenticate_ldap_user = True  End IfEnd Function

The domain name and container name you will need to fill in, and you may need to read up on LDAP if you aren't sure how it works. For example, if I wanted to check with the domain controller called ldap.testdomain.com and check in the container "Users" for someone called "Admin", it would look like this:ldapObject.OpenDSObject("LDAP://dc=ldap,dc=testdomain,dc=com", "cn=Admin,cn=Users,dc=ldap,dc=testdomain,dc=com", password, 1)

[AndreasB]

I thank you so much guys for your replies!I will check them out and see what I can do with them.justsomeguy, as I read the code you have pasted, it is used to verify if the username exist by also providing a password. Almost as a "login" scenario if I understand it?What I am after, is to be able to search the whole Active Directory after a specific UserID (UserAccount) or perhaps search for a e-mail address. And depending on a hit or not, a response will be taken based on that feedback.Thanks again!--Andreas

[justsomeguy]

You might try sending a random password and then checking the error code. I use this function to check the error code:

Function handle_auth_error()  Select Case Err.Number	'username/password blank:	Case &H81000000	  response.redirect("default.asp?message="&server.urlencode("Username and password must not be blank"))	'system errors:	Case &H8007052E	  response.redirect("default.asp?message="&server.urlencode("Invalid user name or password"))	Case &H8007202B	  response.redirect("default.asp?message="&server.urlencode("The specified domain could not be contacted for authentication"))	'ADSI errors:	Case &H80005000	  response.redirect("default.asp?message="&server.urlencode("Invalid ADSI pathname was passed"))	Case &H80005001	  response.redirect("default.asp?message="&server.urlencode("Unknown ADSI Domain Object was requested"))	Case &H80005002	  response.redirect("default.asp?message="&server.urlencode("Unknown ADSI User Object was requested"))	Case &H80005003	  response.redirect("default.asp?message="&server.urlencode("Unknown ADSI Computer Object was requested"))	Case &H80005004	  response.redirect("default.asp?message="&server.urlencode("Unknown ADSI Object was requested"))	Case &H80005008	  response.redirect("default.asp?message="&server.urlencode("Bad Parameter - one or more input parameters are invalid"))	Case &H80005009	  response.redirect("default.asp?message="&server.urlencode("ADSI Object Unbound - the specified ADSI object is not bound to a remote resource"))	Case &H8000500E	  response.redirect("default.asp?message="&server.urlencode("Object Already Exists"))	Case &H8000500F	  response.redirect("default.asp?message="&server.urlencode("An attempted action violated the directory service schema rules"))	Case Else	  response.redirect("default.asp?message="&server.urlencode("Unexpected error"))  End SelectEnd Function

The 80005002 code might be able to tell you if a user does or does not exist.

[AndreasB]

Hi again!I thank you so much for your reply!I must admit though, that I am not sure on HOW to actually add the connection towards the Active Directory?Thank you so much in advance!Sincerely, Andreas

[justsomeguy]

You pass the AD domain name and the AD container name to the first function I posted, those tell the LDAP object where to connect.