- Windows NT Security Group Administration
- Using Groups to Manage File System Security
- Creating the NTGroupManagement Class Module
- Summary
Creating the NTGroupManagement Class Module
In this section, you continue the creation of the NTAdmin.DLL COM server application you started in Chapter 3.
Just as in all previous chapters, manipulation of the IADsGroup interface (and one method of the IADsUser interface) is handled by a class module within an ActiveX DLL.
Exercise 5.1 Creating NTAdmin.DLL: Group Management Functions
-
Open the NTAdmin ActiveX DLL Visual Basic project that was started in Chapter 3. You can also download the project from http://www.newriders.com/adsi.
-
If you are adding to the NTAdmin project, add a new class module to the project. If this is a new project, make sure to set a reference to Active DS Type Library.
-
Name the new module NTGroupManagement.
-
Enter the following code into the General Declarations section of the class module:
-
Compile the code as NTAdmin.DLL.
-
Save and close the NTAdmin project.
Public Function ManageGroup(ByVal TargetGroupDomain As String, ByVal TargetGroupName As String, ByVal TargetUserDomain As String, ByVal TargetUserName As String, ByVal Action As String) As Boolean Dim Group As IADsGroup Dim User As IADsUser Set User = GetObject("WinNT://" & TargetUserDomain & "/" & TargetUserName & ",user") Set Group = GetObject("WinNT://" & TargetGroupDomain & "/" & TargetGroupName & ",group") Select Case UCase(Action) Case "ADD" Group.Add (User.ADsPath) Case "REMOVE" Group.Remove (User.ADsPath) End Select Group.SetInfo If Err.Number = 0 Then ManageGroup = True Else ManageGroup = False End Function Public Function EnumerateGroupMembers(ByVal TargetGroupDomain As String, ByVal TargetGroupName As String) As Variant On Error Resume Next Dim Group As IADsGroup Dim NewElement() As Variant Dim i As Long Set Group = GetObject("WinNT://" & TargetGroupDomain & "/" & TargetGroupName & ",group") For Each Member In Group.Members i = UBound(NewElement) + 1 ReDim Preserve NewElement(i) NewElement(i) = Member.Name Next EnumerateGroupMembers = NewElement End Function Public Function VerifyGroupMembership(ByVal TargetGroupDomain As String, ByVal TargetGroupName As String, ByVal TargetUserDomain As String, ByVal TargetUserName As String) As Boolean Dim Group As IADsGroup Dim User As IADsUser Set User = GetObject("WinNT://" & TargetUserDomain & "/" & TargetUserName & ",user") Set Group = GetObject("WinNT://" & TargetGroupDomain & "/" & TargetGroupName & ",group") VerifyGroupMembership = Group.IsMember(User.ADsPath) End Function Public Function QueryGroupDescription(ByVal TargetGroupDomain As String, ByVal TargetGroupName As String) As String Dim Group As IADsGroup Set Group = GetObject("WinNT://" & TargetGroupDomain & "/" & TargetGroupName & ",group") QueryGroupDescription = Group.Description End Function Public Function SetGroupDescription(ByVal TargetGroupDomain As String, ByVal TargetGroupName As String, ByVal NewDescription As String) As Boolean Dim Group As IADsGroup Set Group = GetObject("WinNT://" & TargetGroupDomain & "/" & TargetGroupName & ",group") Group.Description = NewDescription Group.SetInfo If Err.Number = 0 Then SetGroupDescription = True Else SetGroupDescription = False End Function
Tip - You can download the Visual Basic 6.0 project or a pre-compiled version of NTAdmin.DLL from http://www.newriders.com/adsi
Using the Functions in NTGroupManagement
With the NTGroupManagement class module created, you can access this function from any programming language that supports OLE automation, including Visual Basic, VBScript, and JavaScript.
Tip - To instantiate the object, follow the appropriate syntax found in Chapter 3. Substitute the NTGroupManagement class name where necessary.
Use Table 5.2 to help you use the proper syntax for each of the methods of the NTGroupManagement interface.
Table 5.2 NTGroupManagement Method Syntax.
Action |
Syntax |
Add a member to a group |
Debug.Print ManageGroup("Group_Target_Domain", "Target_Group_Name", "Target_UserDomain", "Target_UserName", "Add") |
Remove a member from a group |
Debug.Print ManageGroup("Group_Target_Domain", "Target_Group_Name", "Target_UserDomain", "Target_UserName", "Remove") |
Enumerate all users in a group |
For Each Item In EnumerateGroupMembers("Group_Target_ Domain", "Target_Group_Name") Debug.Print Item Next |
Verify user membership in a given group |
Debug.Print VerifyGroupMembership("Group_Target_ Domain", "Target_Group_Name", "Target_UserDomain", "Target_UserName") |
Query the description for a given group |
Debug.Print QueryGroupDescription("Group_Target_ Domain", "Target_Group_Name") |
Set a new description for a given group |
Debug.Print SetGroupDescription("Group_Target_ Domain", "Target_Group_Name", "New_Group_Description") |