 |
|
|
Really like your sample - nice work!
Just thought it's worth pointing out that after an iads ExecuteSearch() call, a corresponding CloseSearchHandle() call needs to be made to free up the (COM) allocated resources.
For a short-lived UI app, it's not so much of an issue, but for anyone doing any long-lived processes, this needs doing.
The easiest way to achieve this is to add a CNFCActiveDirBrowser::CloseSearch() (or similar name) to the CNFCActiveDirBrowser class that wraps the m_pContainerToSearch->CloseSearchHandle() call.
After a CNFCActiveDirBrowser::Search() is finished with (and before the destructor), this function should be called by consumers of the class and then all is well with COM memory.
Thanks for a great article!
|
|
|
|
|
|
|
Hello Memory Mgt,
I've changed the code to automaticaly free the search handle, without need of change the current calling procedure, (on next searchs or in the destructor),
Very thanks for your note!! 
Regards
Rey
|
|
|
|
|
|
|
Hi, Liked your sample very much! It offers a lot to learn for a naive AD learner!
Thanks and keep up the good work!
"The best helping hand is at the end of your own arm"
|
|
|
|
|
|
|
Very thanks for the feedback!
Regards,
Rey
|
|
|
|
|
|
|
how to show users in a group?
For example:
--- show all users in "domain users" group.
|
|
|
|
|
|
|
Just make a loop over the items in the col response from ads,
for (DWORD v = 0; v < col.dwNumValues; v++)...
I've update the sample code to include all items:
Now in the GetColValue you get all values separated with ; , now its easy to add to a string array in the variant res,
ADS_SEARCH_COLUMN col;
HRESULT hr = m_pContainerToSearch->GetColumn( m_hSearch, colname, &col );
if ( SUCCEEDED(hr) )
{
// Crack the data type....
CString s;
for (DWORD v = 0; v < col.dwNumValues; v++) {
if (v > 0) s += ";";
if ((col.dwADsType == ADSTYPE_CASE_IGNORE_STRING)||(col.dwADsType == ADSTYPE_DN_STRING)) {
s += col.pADsValues->CaseIgnoreString;
} else if (col.dwADsType == ADSTYPE_INTEGER) {
s += CString((LPSTR)_bstr_t((long)col.pADsValues->Integer));
} else if (col.dwADsType == ADSTYPE_UTC_TIME) {
COleDateTime t(col.pADsValues->UTCTime);
s += _bstr_t(t.Format("UTC:%Y-%m-%d %H:%M:%s"));
} else if (col.dwADsType == ADSTYPE_OCTET_STRING) {
LPGUID pObjectGUID = (GUID*)(col.pADsValues->OctetString.lpValue);
//OLE str to fit a GUID
LPOLESTR szDSGUID = new WCHAR [39];
//Convert GUID to string.
::StringFromGUID2(*pObjectGUID, szDSGUID, 39);
s += (LPSTR)_bstr_t(szDSGUID);
delete szDSGUID;
}
col.pADsValues++;
}
result = s;
for (v = 0; v < col.dwNumValues; v++)
col.pADsValues--;
m_pContainerToSearch->FreeColumn( &col );
}
Regards
Rey
-- modified at 8:00 Friday 25th August, 2006
|
|
|
|
|
|
|
compile error(c2593) at ===>
s += _bstr_t(t.Format("UTC:%Y-%m-%d %H:%M:%s"));
and what the function to do ?
_variant_t CNFCActiveDirBrowser::ColValue(_bstr_t colname)
|
|
|
|
|
|
|
Check if you are compiling unicode,
compile error(c2593) at ===>
s += _bstr_t(t.Format("UTC:%Y-%m-%d %H:%M:%s"));
Just download the latest version,
|
|
|
|
|
|
|
still that problem : how to show users in a group?
thanks
|
|
|
|
|
|
|
hi, in the member column of a group populate, you will find all members of the group, separated by ; , if not, download the latest version,
You will modify the ColValue to do your task,
|
|
|
|
|
|
|
I query groups by "(&(objectCategory=group))".
But the "member" column of "Domain users" group is blank.
how to do with?
|
|
|
|
|
|
|
I don't see why, it work correcty in all me os,
you must debug on your machine,
|
|
|
|
|
|
|
my os : windows 2003 + sp1 + ad
|
|
|
|
|
|
|
Dear Friend,
Please, I don't going to install this enviroment to test it for you sorry, now its working on 98, xp, 2003 sp1,
Just put F9 on the ColValue() function and see wath is happening by yourself, or download the latest version, as you can seen in the screenshot all the members of a group are retrived without problem.
|
|
|
|
|
|
|
Yes!
For these groups under "builtin", there are members shown.
But for group under "Users", there is nothing shown.
Is there any differnece between two kind of groups?
thanks for your kindly reponse.
|
|
|
|
|
|
|
This is because the group doesn't have any member,
Just go to the group and add two users and will appear now on the browser,
Regards,
Rey
|
|
|
|
|
|
|
thanks!
Seems all other groups work well except "Domain users".
There are members in "Domain users" exactly, but only ONE user shown -- "CN=Guest, DC=..".
IS there some thing special to the group -- "Domain users"?
thanks
-- modified at 9:50 Monday 28th August, 2006
|
|
|
|
|
|
|
You can't get an accurate picture of the users of a group by using the 'members' attribute in AD. This is because of a design limitation in AD that Microsoft decided on a long time ago; for space reasons I won't go into the details why Microsoft did it that way.
The issue you will find, and its most apparent with the Domain Users group, is that you can't get any members of a group that have the group set as their "primary" group. Since the Domain Users group by default is the primary group for all users, the Domain Users group members attribute will be mostly empty. You can test this by assigning a user to a different group as their primary group and you will then see them magically appear in the 'members' attribute for the Domain Users group and be removed from the 'members' attribute for their new primary group.
To get a true group membership listing, you have to do a search of the entire directory looking for user's whose primary group is set to the group in question. Or, if you don't use the primary group, just understand why its happening.
Kevin Stanush
SystemTools Software Inc.
|
|
|
|
|
|
|
Thank you very much for the info, I will try to include the full procedure in the sample,
|
|
|
|
|
|
|
>>To get a true group membership listing, you have to do a search of the entire directory looking for user's whose primary group is set to the group in question.
But that is not what i want. Because usually I don't change the user's default primary group, when add user to a group.
For example : "user1" is add to a group "group1", and not set primary group to "group1" (The primary group is still "Domain users"). Then the "user1" shuold be appeared in "group1", when query users in "group1".
If I "do a search of the entire directory looking for user's whose primary group", then the qury result is not correct.
Another quesstion: What is the difference between "group" and "primary group"?
Is there any influence on user, when change a user's "primary group"?
regards
-- modified at 4:59 Tuesday 29th August, 2006
|
|
|
|
|
|
|
I've modified the code to show exactly the same as microsoft do on "domain users propierties" of mmc,
I think that if you create group1 and add user1, but not change primary group on user, the user will be member of group1 and domain users, and will be show as is,
Regards,
Rey
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin