Querying Active Directory distribution groups

-1

How can I make an automatic connection in ad and then through the search field search any given group of OR in AD.

The idea is to find a group and see who their members are.

    
asked by anonymous 12.03.2014 / 21:13

1 answer

0

The ADSI class, implemented here , does this.

Below is the translated code.

unit ADSI;

interface

uses
  SysUtils, Classes, ActiveX, Windows, ComCtrls, ExtCtrls, ActiveDs_TLB,
  adshlp, oleserver, Variants;

type
  TSenha = record
    Expirada: boolean;
    NuncaExpira: boolean;
    NaoMuda: boolean;
end;

type
  TADSIUserInfo = record
    UID: string;
    Usuario: string;
    Descricao: string;
    Senha: TPassword;
    Desabilitado: boolean;
    Travado: boolean;
    Grupos: string; //CSV
end;

type
  TADSI = class(TComponent)

  private
    FUsuario:  string;
    FSenha:  string;
    FUsuarioAtual: string;
    FDominioAtual: string;

    function ObterUsuarioAtual: string;
    function ObterDominioAtual: string;


  protected
    { Protected declarations }
  public
    constructor Create(AOwner: TComponent); override;
    destructor Destroy; override;

    property UsuarioAtual: string read FUsuarioAtual;
    property DominioAtual: string read FDominioAtual;

    function ObterUsuario(Dominio, Usuario: string; var ADSIUser: TADSIUserInfo): boolean;
    function Autenticar(Dominio, Usuario, Grupo: string): boolean;

  published
    property LoginUsuario: string read FUsuario write FUsuario ;
    property LoginSenha: string read FSenha write FSenha;
  end;

procedure Registrar;

implementation


function ContainsValComma(s1,s: string): boolean; 
var 
  sub,str: string; 
begin 
  Result:=false; 
  if (s='') or (s1='') then exit; 
  if SameText(s1,s) then begin 
    Result:=true; 
    exit; 
  end; 
  sub:=','+lowercase(trim(s1))+','; str:=','+lowercase(trim(s))+','; 
  Result:=(pos(sub, str)>0); 
end;

procedure Registrar;
begin
  RegisterComponents('ADSI', [TADSI]);
end;

constructor TADSI.Create(AOwner: TComponent);
begin
   inherited Create(AOwner);

   FUsuarioAtual := ObterUsuarioAtual;
   FDominioAtual := ObterDominioAtual;
   FUsuario := '';
   FSenha := '';
end;

destructor TADSI.Destroy;
begin

   inherited Destroy;
end;

function TADSI.ObterUsuarioAtual : string;
const
  cnMaxUserNameLen = 254;
var
  sUserName     : string;
  dwUserNameLen : DWord;
begin
  dwUserNameLen := cnMaxUserNameLen-1;
  SetLength(sUserName, cnMaxUserNameLen );
  GetUserName(PChar(sUserName), dwUserNameLen );
  SetLength(sUserName, dwUserNameLen);
  Result := sUserName;
end;

function TADSI.ObterDominioAtual: string;
const
  DNLEN = 255;
var
  sid               : PSID;
  sidSize           : DWORD;
  sidNameUse        : DWORD;
  domainNameSize    : DWORD; 
  domainName        : array[0..DNLEN] of char;

begin
  sidSize := 65536; 
  GetMem(sid, sidSize); 
  domainNameSize := DNLEN + 1;
  sidNameUse := SidTypeUser;
  try
     if LookupAccountName(nil, PChar(FCurrentUser), sid, sidSize,
        domainName, domainNameSize, sidNameUse) then
         Result:=StrPas(domainName);
  finally
    FreeMem(sid);
  end;
end;

function TADSI.Autenticar(Dominio, Usuario, Grupo: string): boolean;
var
  aUser: TADSIUserInfo;
begin
  Result:=false;
  if ObterUsuario(Dominio, Usuario,aUser) then begin
     if not aUser.Desabilitado and not aUser.Travado then begin
        if Group='' then
           Result:=true
        else
           Result:=ContainsValComma(Grupo, aUser.Grupos);
     end;
  end;
end;

function TADSI.ObterUsuario(Dominio, Usuario: string; var ADSIUser: TADSIUserInfo): boolean;
var
  usr   :    IAdsUser;
  flags :    integer;
  Enum  :    IEnumVariant;
  grps  :    IAdsMembers;
  grp   :    IAdsGroup;
  varGroup : OleVariant;
  Temp :     LongWord;
  dom1, uid1: string;

  //ui: TADSIUserInfo;

begin
  ADSIUser.UID:='';
  ADSIUser.Usuario:='';
  ADSIUser.Descricao:='';
  ADSIUser.Desabilitado:=true;
  ADSIUser.Travado:=true;
  ADSIUser.Grupos:='';
  Result:=false;

  if Usuario='' then
     uid1:=FUsuarioAtual
  else
     uid1:=Usuario;

  if Domain='' then
     dom1:=FDominioAtual
  else
     dom1:=Dominio;

  if uid1='' then exit;
  if dom1='' then exit;

  try
     if trim(FUsuario)<>'' then
        ADsOpenObject('WinNT://' + dom1 + '/' + uid1, FUsuario, FSenha, 1, IADsUser, usr)
     else
        ADsGetObject('WinNT://' + dom1 + '/' + uid1, IADsUser, usr);

     if usr=nil then exit;

     ADSIUser.UID:= Usuario;
     ADSIUser.Usuario := usr.FullName;
     ADSIUser.Descricao := usr.Description;
     flags := usr.Get('userFlags');
     ADSIUser.Senha.Expirada := usr.Get('PasswordExpired');
     ADSIUser.Senha.NaoMuda := (flags AND ADS_UF_PASSWD_CANT_CHANGE)<>0;
     ADSIUser.Senha.NuncaExpira := (flags and ADS_UF_DONT_EXPIRE_PASSWD)<>0;
     ADSIUser.Desabilitado := usr.AccountDisabled;
     ADSIUser.Travado := usr.IsAccountLocked;

     ADSIUser.Grupos:='';
     grps := usr.Groups;
     Enum := grps._NewEnum as IEnumVariant;
     if Enum <> nil then begin
       while (Enum.Next(1,varGroup, Temp) = S_OK) do begin
         grp := IDispatch(varGroup) as IAdsGroup;
         //sGroupType := GetGroupType(grp);
         if ADSIUser.Grupos<>'' then ADSIUser.Grupos:=ADSIUser.Grupos+',';
         ADSIUser.Grupos:=ADSIUser.Grupos+grp.Name;
         VariantClear(varGroup);
       end;
     end;
     usr:=nil;
     Result:=true;
  except
     on e: exception do begin
        Result:=false;
        exit;
     end;
  end;
end;

end.
    
12.03.2014 / 21:49