0

I have an application in Visual Basic(VB6) and I'm trying to authenticate users by Active Directory.

Is it possible to validate the user name and password?

I am using the following code to validate, but I do not know how to add password also to validate a user.

Public Function FindUserGroupInfo(LoginName As String, GroupName As String) As Boolean
' Searches for a user within a specified group in Active Directory.
' Returns TRUE if the user is found in the specified group.
' Returns FALSE if the user is not found in the group.

    ' LDAP Search Query Properties
    Dim conn As New ADODB.Connection    ' ADO Connection
    Dim rs As ADODB.Recordset           ' ADO Recordset
    Dim oRoot As IADs
    Dim oDomain As IADs
    Dim sBase As String
    Dim sFilter As String
    Dim sDomain As String
    Dim sAttribs As String
    Dim sDepth As String
    Dim sQuery As String
    Dim sAns As String

    ' Search Results
    Dim user As IADsUser
    Dim group As Variant
    Dim usergroup As String
    Dim userGroupFound As Boolean

    On Error GoTo ErrHandler:

    userGroupFound = False

    'Set root to LDAP/ADO.
    'LDAP://skb_ii.com/DC=skb_ii,DC=com
    Set oRoot = GetObject("LDAP://rootDSE")

    'Create the Default Domain for the LDAP Search Query
    sDomain = oRoot.Get("defaultNamingContext")
    Set oDomain = GetObject("LDAP://" & sDomain)
    sBase = "<" & oDomain.ADsPath & ">"

    ' Set the LDAP Search Query properties
    sFilter = "(&(objectCategory=person)(objectClass=user)(name=" & LoginName & "))"
    sAttribs = "adsPath"
    sDepth = "subTree"
    sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth

    ' Open the ADO connection and execute the LDAP Search query
    conn.Open "Data Source=Active Directory Provider;Provider=ADsDSOObject"
    Set rs = conn.Execute(sQuery)   ' Store the query results in recordset

    ' Display the user details
    If Not rs.EOF Then
        Set user = GetObject(rs("adsPath"))

        ' Display the groups memberships
        For Each group In user.Groups
            usergroup = group.Name

            If (InStr(usergroup, GroupName) > 0) Then
                FindUserGroupInfo = True
                Exit Function
            End If
        Next
    End If
    FindUserGroupInfo = userGroupFound
ErrHandler:

    On Error Resume Next
    If Not rs Is Nothing Then
        If rs.State <> 0 Then rs.Close
        Set rs = Nothing
    End If

    If Not conn Is Nothing Then
        If conn.State <> 0 Then conn.Close
        Set conn = Nothing
    End If

    Set oRoot = Nothing
    Set oDomain = Nothing
End Function
Panagiotis Kanavos
  • 120,703
  • 13
  • 188
  • 236
vml19
  • 3,816
  • 11
  • 45
  • 63
  • It is, the same way as with any other language. Either call the proper Win32 API function or make an AD query. You can even check Technet's Scriptomatic for ready made `vbs` scripts. Have you tried any of these things? – Panagiotis Kanavos Jun 09 '14 at 07:30
  • BTW, **why** are you trying to validate the user? The logged-on domain user has already been validated by AD, your app knows it and whatever your app tries to do uses that user's credentials. Are you trying to impersonate another domain user? – Panagiotis Kanavos Jun 09 '14 at 07:33
  • I am trying with another domain, not the same domain user. – vml19 Jun 09 '14 at 07:34
  • In which case you can establish trust between the domains, or set up federation. It's more secure (and easier) to let the OS handle security rather than move passwords over the wire (even if they are encrypted) – Panagiotis Kanavos Jun 09 '14 at 07:42
  • I am looking for a similar method as in here, http://stackoverflow.com/questions/290548/validate-a-username-and-password-against-active-directory?rq=1 – vml19 Jun 09 '14 at 07:48
  • You need to look into [`OpenDSObject`](http://msdn.microsoft.com/en-us/library/aa706065(v=vs.85).aspx) – Chris Haas Jun 09 '14 at 16:22

3 Answers3

2

You can't use an AD query to authenticate a user. This is done by executing an LDAP Bind on an existing AD connection - essentially you have to to create a connection with the end user's credentials. That's what the various .NET methods do internally.

You can use the same technique in COM/VB, by setting the end-user's credentials to the ADO connection before opening.

Incidentally, your current code attempts to execute a query using the current user's credentials. This will fail unless there is trust between the two domains and the remote domain recognizes the current user.

Panagiotis Kanavos
  • 120,703
  • 13
  • 188
  • 236
  • but this code works on the same domain, and validate users for their usernames. Can you able to modify my code as to fit for my code, I am very new to VB 6? – vml19 Jun 09 '14 at 09:09
1

Where is says "name=" & LoginName" in the query, you may want to try "sAMAccountName= & LoginName" instead. That worked for me. I found the information in some LDAP format information website.

Marty Carangelo
  • 11
  • 1
0

I found a solution for this. When you query the UserID in Active Directory using the code below, if the user is not found in Active Directory then the query will return a "Given Name" value of "". So all you have to do is validate whether or not the returned value is "".

Public Sub TestSub()
Dim strMyUser As String

strMyUser = "AB66851"

If Validation.GetName(strMyUser) <> "" Then
    MsgBox GetName(strMyUser)
Else
    MsgBox strMyUser & " Is not a valid Active Directory ID"
End If

End Sub



Function GetName(strMgrID As String) As String

Dim objRoot, strDomain, objConn, objComm, objRecordset
Dim sFilter, sAttribs, sDepth, sBase, sQuery

Set objRoot = GetObject("LDAP://RootDSE")
strDomain = objRoot.Get("DefaultNamingContext")
Set objConn = CreateObject("ADODB.Connection")
Set objComm = CreateObject("ADODB.Command")

'sFilter = "(&(objectClass=person)(sn=" & InputBox("Enter Last Name") & ")(givenName=" & InputBox("Enter First Name") & "))"
sFilter = "(&(objectClass=person)(sAMAccountName=" & strMgrID & "))"

sAttribs = "sn,givenname,sAMAccountName"
sDepth = "SubTree"
sBase = "<LDAP://" & strDomain & ">"
sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth

objConn.Open "Data Source=Active Directory Provider;Provider=ADsDSOObject"
Set objComm.ActiveConnection = objConn
objComm.Properties("Page Size") = 10000
objComm.CommandText = sQuery
Set objRecordset = objComm.Execute

If Not objRecordset.EOF Then
    GetName = objRecordset("givenName") & " " & objRecordset("sn")
End If
End Function
Travis
  • 1