I have a web service application that accepts soap calls to add/remove members to local groups on servers. The application works if called from a windows client but the application fails when called from a unix client. I am using impersonation on the .net with a service account that has full admin rights on the end clients we are trying to modify.
From the unix client it dies on the objLocalGroup = GetObject(WinNT:// line
I am assuming it is some sort of .net setting for authentication. If anyone has any ideas where i should look or better ideas how to write the function it would be appreciated.
I have a custom application pool running as the service account. The website application is configured to use the application pool id.
<WebMethod()> _
Function RemoveFromGroup(ByVal target_group As String,
ByVal domain As String,
ByVal account As String,
ByVal system As String) As Object
Dim AlreadyExists As Integer
Dim action = "RemoveFromGroup"
objLocalGroup = GetObject("WinNT://" & system & "/" & target_group & ",group")
If Err.Number = 0 Then
For Each Group In objLocalGroup.Members
If InStr(UCase(Group.ADSPath), UCase(domain & "/" & account)) <> 0 Then
AlreadyExists = True
End If
Next
If AlreadyExists = True Then
objLocalGroup.Remove("WinNT://" & domain & "/" & account)
If Err.Number = 0 Then
RemoveAccountFromLocalGroup = 0
Else
RemoveAccountFromLocalGroup = 1
Err.Clear()
End If
Else
RemoveAccountFromLocalGroup = 2
End If
Else
RemoveAccountFromLocalGroup = 3
retmsg = "FAILED-cannot connect to server|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
Err.Clear()
End If
If RemoveAccountFromLocalGroup = 0 Then
retmsg = "SUCCESS|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
ElseIf RemoveAccountFromLocalGroup = 1 Then
retmsg = "FAILED|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
ElseIf RemoveAccountFromLocalGroup = 2 Then
retmsg = "SUCCESS-NA|" & action & "|" & domain & ":" & account & "|" & Date.Now & "|group-" & target_group
End If
strDomainUser = Nothing
objDomainUser = Nothing
objLocalGroup = Nothing
AlreadyExists = Nothing
RemoveAccountFromLocalGroup = Nothing
action = Nothing
Return retmsg
End Function