Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: IIS6 .NET SOAP
I have a web service application that accepts soap calls to add/remove members to local groups on servers. The application works if called from a windows client but the application fails when called from a unix client. I am using impersonation on the .net with a service account that has full admin rights on the end clients we are trying to modify.
 
From the unix client it dies on the objLocalGroup = GetObject(WinNT:// line
 
I am assuming it is some sort of .net setting for authentication. If anyone has any ideas where i should look or better ideas how to write the function it would be appreciated.
 
I have a custom application pool running as the service account. The website application is configured to use the application pool id.
 
      <WebMethod()> _
    Function RemoveFromGroup(ByVal target_group As String,
                        ByVal domain As String,
                        ByVal account As String,
                        ByVal system As String) As Object
        '############################# 
        'Function RemoveFromGroup 
        'Variables 
        'system Target server  
        'domain of Group / User being added 
        'account (Name of Group or User) 
        'target_group group we are modifying membership
        'Returns 
        'STATUS|domain:account|TIMESTAMP as a single string
        Dim AlreadyExists As Integer
        Dim action = "RemoveFromGroup"
        'Create an group object referencing the group on the target server
        objLocalGroup = GetObject("WinNT://" & system & "/" & target_group & ",group")
        If Err.Number = 0 Then
            'Check to see if the account already exists in the local Admin group 
            For Each Group In objLocalGroup.Members
                If InStr(UCase(Group.ADSPath), UCase(domain & "/" & account)) <> 0 Then
                    AlreadyExists = True
                End If
            Next
            'Add the specified account to the local target group if it doesn't already exist 
            If AlreadyExists = True Then
                objLocalGroup.Remove("WinNT://" & domain & "/" & account)
                If Err.Number = 0 Then
                    RemoveAccountFromLocalGroup = 0
                Else
                    RemoveAccountFromLocalGroup = 1
                    Err.Clear()
                End If
            Else
                RemoveAccountFromLocalGroup = 2
            End If
        Else
            RemoveAccountFromLocalGroup = 3
            retmsg = "FAILED-cannot connect to server|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
            Err.Clear()
        End If
        If RemoveAccountFromLocalGroup = 0 Then
            retmsg = "SUCCESS|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
        ElseIf RemoveAccountFromLocalGroup = 1 Then
            retmsg = "FAILED|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
        ElseIf RemoveAccountFromLocalGroup = 2 Then
            retmsg = "SUCCESS-NA|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
        End If
        'clear variables to prevent memory leaks
        strDomainUser = Nothing
        objDomainUser = Nothing
        objLocalGroup = Nothing
        AlreadyExists = Nothing
        RemoveAccountFromLocalGroup = Nothing
        action = Nothing
        Return retmsg
    End Function
Posted 24-Mar-11 6:11am
Edited 24-Mar-11 6:38am
(no name)223.8K
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.1411022.1 | Last Updated 24 Mar 2011
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100