> That would work except that I need the memberOf attributes to return.
>
> I think I got it covered - I will just provide a user and password to bind
> to the sub domain inside the script. Since thie is an internal script and
> the user ID would only have limited rights (to browse) this should be OK.
>
> Thanks for the response.
>
> "Richard Mueller [MVP]" wrote:
>
>> Try using the GC: provider in place of LDAP:. The Global Catalog
>> maintains a
>> subset of attributes for all objects in the forest, including
>> distinguishedName (but not memberOf).
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab -
http://www.rlmueller.net>> --
>>
>> "DStan" <DStan[ at ]discussions.microsoft.com> wrote in message
>> news:6E26ECBB-0A3C-4BAA-AD07-C812098D88F6[ at ]microsoft.com...
>> > Hello,
>> >
>> > My issue is one that I have not experienced previous to now, but also I
>> > cannot remember if I have ever tried this before or not so...
>> >
>> > Anyway, here is the dilemna. I am creating a script to output the
>> > group
>> > membership of a user. This is the easy part and the script is
>> > functional
>> > for
>> > that (for the most part). The issue arises because I have to write the
>> > script to choose either the domain I am logged into or the child domain
>> > for
>> > the domain I am logged into.
>> >
>> > When using the query
>> > "SELECT distinguishedName FROM 'LDAP://dc=three,dc=two,dc=one,dc=com'
>> > WHERE
>> > objectCategory='user' AND sAMAccountName = '" & UserID.Value & "'"
>> > (which
>> > is
>> > the domain I am logged into) the script functions 100% and returns the
>> > groups
>> > for the user that I specified via sAMAccountName.
>> >
>> > When using the query
>> > "SELECT distinguishedName FROM
>> > 'LDAP://dc=four,dc=three,dc=two,dc=one,dc=com' WHERE
>> > objectCategory='user'
>> > AND sAMAccountName = '" & UserID.Value & "'" there are no results
>> > returned.
>> > Even using RDP into a machine on that domain and running that query no
>> > results are returned, though running it for the parent domain the
>> > results
>> > are
>> > returned fine.
>> >
>> > Here is the actual code (with the domains changed). Save this to an
>> > .hta
>> > file for it to run properly. Either I am doing something wrong or
>> > there
>> > is
>> > something preventing me from searching the child domain - whatever it
>> > is
>> > it
>> > is frustrating and I would appreciate any help or suggestions where to
>> > begin
>> > looking.
>> >
>> > Thanks in advance
>> >
>> > *****************************************************
>> > <head>
>> > <title>ADGroupsByUser</title>
>> > <HTA:APPLICATION
>> > APPLICATIONNAME="HTA Test"
>> > SCROLL="yes"
>> > SINGLEINSTANCE="yes"
>> > WINDOWSTATE="normal"
>> >>
>> > </head>
>> >
>> > <body STYLE="font:14 pt arial; color:white;
>> > filter:progid:DXImageTransform.Microsoft.Gradient
>> > (GradientType=1, StartColorStr='#000000', EndColorStr='#0000FF')">
>> >
>> > <script language="VBScript">
>> > '-----------------------------------------------------------------------------------------
>> > '-- [ at ]Name: ADGroupsByUser.hta --
>> > '-- [ at ]Author: Dewyatt Stanfield --
>> > '-- [ at ]Date: 07/11/2007 --
>> > '-- [ at ]Purpose: HTA application to list all groups a user belongs to in
>> > AD --
>> > '-- [ at ]Version: 1.0 Allows binding to AD (usint.rci.com) to find groups
>> > user
>> > is member of --
>> > '-- 1.1 (Future) Will allow binding to corp.us.int.rci.com --
>> > '-- [ at ]Department: Technical Services --
>> > '-----------------------------------------------_-----------------------------------------
>> > Sub Window_onLoad
>> > LoadDomainPick
>> > End Sub
>> >
>> > Sub LoadDomainPick
>> > strHTML = "<select size=1 name=DomainChooser onChange=ShowTextBox>"
>> > strHTML = strHTML & "<option value=0></option>"
>> > strHTML = strHTML & "<option value=1>us.int.rci.com</option>"
>> > strHTML = strHTML & "<option value=2>corp.us.int.rci.com (NOT
>> > FUNCTIONAL)</option>"
>> > strHTML = strHTML & "</select>"
>> > DropDownArea1.InnerHTML = strHTML
>> > End Sub
>> >
>> > Sub ShowTextBox
>> > If DomainChooser.Value <> 0 Then
>> > If DomainChooser.Value = 1 Then
>> > strHTML = strHTML & " User ID: "
>> > strHTML = strHTML & " <input type=text name=UserID size=10>"
>> > strHTML = strHTML & " <input type=button value=Submit name=Submit
>> > onClick=USGroups>"
>> > DropDownArea2.InnerHTML = strHTML
>> > End If
>> > If DomainChooser.Value = 2 Then
>> > strHTML = strHTML & " User ID: "
>> > strHTML = strHTML & " <input type=text name=UserID size=10>"
>> > strHTML = strHTML & " <input type=button value=Submit name=Submit
>> > onClick=CorpGroups>"
>> > DropDownArea2.InnerHTML = strHTML
>> > End If
>> > Else
>> > msgBox "Choose a domain"
>> > End If
>> > End Sub
>> >
>> > Sub USGroups
>> > 'Start
>> > Const ADS_SCOPE_SUBTREE = 2
>> > On Error Resume Next
>> >
>> > Set objConnection = CreateObject("ADODB.Connection")
>> > Set objCommand = CreateObject("ADODB.Command")
>> > objConnection.Provider = "ADsDSOObject"
>> > objConnection.Open "Active Directory Provider"
>> > Set objCommand.ActiveConnection = objConnection
>> >
>> > objCommand.Properties("Page Size") = 1000
>> > objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>> >
>> > objCommand.CommandText = _
>> > "SELECT distinguishedName FROM 'LDAP://dc=three,dc=two,dc=one,dc=com'
>> > WHERE objectCategory='user' " & _
>> > "AND sAMAccountName = '" & UserID.Value & "'"
>> > Set objRecordSet = objCommand.Execute
>> >
>> > objRecordSet.MoveFirst
>> > Do Until objRecordSet.EOF
>> > strDN = objRecordSet.Fields("distinguishedName").Value
>> > objRecordSet.MoveNext
>> > Loop
>> >
>> > Set objUser = GetObject("LDAP://" & strDN)
>> > 'msgBox objUser.Name
>> > TextArea.InnerHTML = objUser.Name
>> >
>> > For Each strGroup in objUser.memberOf
>> > Set objGroup = GetObject("LDAP://" & strGroup)
>> > DataHTML = DataHTML & objGroup.distinguishedName & "<br>"
>> > Next
>> >
>> > DataArea.InnerHTML = DataHTML
>> >
>> > Set objRecordset = Nothing
>> > Set objCommand = Nothing
>> > Set objConnection = Nothing
>> > 'End
>> > End Sub
>> >
>> > Sub CorpGroups
>> > 'Start
>> > Const ADS_SCOPE_SUBTREE = 2
>> > On Error Resume Next
>> >
>> > Set objConnection = CreateObject("ADODB.Connection")
>> > Set objCommand = CreateObject("ADODB.Command")
>> > objConnection.Provider = "ADsDSOObject"
>> > objConnection.Open "Active Directory Provider"
>> > Set objCommand.ActiveConnection = objConnection
>> >
>> > objCommand.Properties("Page Size") = 1000
>> > objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>> >
>> > objCommand.CommandText = _
>> > "SELECT distinguishedName FROM
>> > 'LDAP://dc=four,dc=three,dc=two,dc=one,dc=com' WHERE
>> > objectCategory='user'
>> > "
>> > & _
>> > "AND sAMAccountName = '" & UserID.Value & "'"
>> > Set objRecordSet = objCommand.Execute
>> >
>> > objRecordSet.MoveFirst
>> > Do Until objRecordSet.EOF
>> > strDN = objRecordSet.Fields("distinguishedName").Value
>> > objRecordSet.MoveNext
>> > Loop
>> >
>> > Set objUser = GetObject("LDAP://" & strDN)
>> > 'msgBox objUser.Name
>> > TextArea.InnerHTML = objUser.Name
>> >
>> > For Each strGroup in objUser.memberOf
>> > Set objGroup = GetObject("LDAP://" & strGroup)
>> > DataHTML = DataHTML & objGroup.distinguishedName & "<br>"
>> > Next
>> >
>> > DataArea.InnerHTML = DataHTML
>> >
>> > Set objRecordset = Nothing
>> > Set objCommand = Nothing
>> > Set objConnection = Nothing
>> > 'End
>> > End Sub
>> >
>> > Sub ExitHTA
>> > self.close()
>> > End Sub
>> > </script>
>> >
>> > <body>
>> > <input type="button" value="Exit" name="Exit_HTA" onClick="ExitHTA">
>> > <br><hr>
>> > <span id = "DropDownArea1"></span>
>> > <span id = "DropDownArea2"></span>
>> > <br><hr>
>> > <span id = "TextArea"></span>
>> > <hr>
>> > <span id = "DataArea"></span>
>> > </body>
>> > ********************************************************
>>
>>
>>