|
| 技术资料 > ASP技术 > 系统相关 : 用ASP/ADSI显示NT系统中的用户和组列表 |
用ASP/ADSI显示NT系统中的用户和组列表
March 25,2004 |
Introduction
The ASP code described in this article will allow you to find a list of Windows NT groups in a specific
domain or on a specific computer, then view a list of users and groups within that group.
How it works
The ASP code uses Microsoft抯 Active Directory Service Interfaces (ADSI). ADSI is a directory system that
makes it straightforward to administer and obtain information from a variety of data stores on the system
(e.g. Exchange Server, Internet Information Server, and Windows NT itself). ADSI can run on Windows 95,
98, NT 4.0 and Windows 2000. Due to the lack of security features in Windows 95 and 98 it is advisable to
not run ADSI services on these operating systems. The examples described here have been tested with
Windows NT 4.0.
ADSI is particularly useful under Windows 2000, as it allows access to the Windows 2000 Active Directory.
The Active Directory is one of the cornerstones of Windows 2000, so it is worth getting to grips with. If
you want to learn ADSI, there are a number of tutorials listed at the bottom of this article.
In order to get the examples to work, you will need to install ADSI. The current version (2.5) is a free
download from Microsoft抯 website (see links at the bottom of this article).
The code
There are four parts to the example page, which should be saved as UserGroupBrowser.asp.
The first part of the page should be added to above the opening <HTML> tag:
<%
Dim sCurrentGroup
Dim sDomainName
sCurrentGroup = Request.QueryString("Group")
sDomainName = Request.QueryString("Domain")
'Change the following line so that sDomainName is
'your machine name or domain name
If sDomainName = "" Then sDomainName = "MYDOMAIN"
%>
Note that the 8th line of this code should be changed to replace MYDOMAIN with the name of your Windows NT
Domain (or your machine's name).
The second piece of code should be placed in the <BODY> part of the ASP document. It contains calls to the
functions that display the groups within a domain and also the users within a specific group:
<P>Exploring the Domain <%=sDomainName%></P>
<form name="frmGroupSelector" action="UserGroupBrowser.asp" method="GET">
<input type="hidden" name="Domain" value="<%=sDomainName%>">
<%=ListGroups(sDomainName, sCurrentGroup, "submitFrm()")%>
</form>
<%
If sCurrentGroup <> "" Then
Response.Write ListUsers(sDomainName, sCurrentGroup)
End if
%>
The third piece of code is a small piece of JavaScript containing a function to submit the Group select
list if a group has been selected:
<script language="JavaScript"><!--
function submitFrm() {
if (document.frmGroupSelector.Group.options[document.frmGroupSelector.Group.selectedIndex].value !
= '')
{
document.frmGroupSelector.submit();
}
}
//--></script>
Finally, there are two ASP functions: ListGroups and ListUsers. The code for these is shown below:
<%
'function to create a select list containing a list of groups within a computer
'or domain. Function must be supplied with three arguments:
'sDomainName: The domain name or computer name
'sSelectedGroup: The name of the group that should have the selected attribute
'sOnChangeScript: The name of the JavaScript function that should be executed
' when the onChange event is triggered for this select list
Function ListGroups(sDomainName, sSelectedGroup, sOnChangeScript)
Dim sSelectListHTML
Dim sGroupName
sSelectListHTML = "<select name=""Group"" id=""Group"" "
sSelectListHTML = sSelectListHTML & "onChange=""" & sOnChangeScript & """>" & vbCRLF
sSelectListHTML = sSelectListHTML & "<option value="""">---------------"
sSelectListHTML = sSelectListHTML & "Select a group"
sSelectListHTML = sSelectListHTML & "---------------</option>" & vbCRLF
Set Domain = GetObject("WinNT://" & sDomainName)
For Each Member in Domain
If Member.Class = "Group" Then
sGroupName = null
sGroupName = Member.Name
If sGroupName = sSelectedGroup Then
sSelectListHTML = sSelectListHTML & "<option selected value=""" & sGroupName & """>"
sSelectListHTML = sSelectListHTML & sGroupName & "</option>" & vbCRLF
Else
sSelectListHTML = sSelectListHTML & "<option value="""
sSelectListHTML = sSelectListHTML & sGroupName & """>" & sGroupName & "</option>" & vbCRLF
End If
End if
Next
sSelectListHTML = sSelectListHTML + "</select>" & vbCRLF
ListGroups = sSelectListHTML
End Function
%>
<%
'function to list the users and groups within a specific user group.
'Function must be supplied with two arguments:
'sDomainName: The domain name or computer name
'sGroupName: The name of the user group
Function ListUsers(sDomainName, sGroupName)
Dim sUserList
Dim sMyParent
Set Group = GetObject("WinNT://" & sDomainName & "/" & sGroupName)
For Each Member in Group.Members
On Error Resume Next
sMyParent = Member.Parent
sMyParent = Right(sMyParent, Len(sMyParent) - InStrRev(sMyParent, "/"))
If Member.Class = "User" Then
sUserList = sUserList & "<b>" & Member.Name & "</b><br>"
sUserList = sUserList & " Full Name: " & Member.FullName & "<br>"
sUserList = sUserList & " Description: " & Member.Description & "<br>"
sUserList = sUserList & " Account Disabled: " & Member.AccountDisabled & "<br>"
sUserList = sUserList & "<p>"
ElseIf Member.Class = "Group" Then
sUserList = sUserList & "<b><a href=""UserGroupBrowser.asp?"
sUserList = sUserList & "Group=" & Server.URLEncode(Member.Name)
sUserList = sUserList & "&Domain=" & Server.URLEncode(sMyParent)
sUserList = sUserList & """>" & Member.Name & "</a></b>< br>"
sUserList = sUserList & " Description: " & Member.Description & "<br>"
sUserList = sUserList & "<p>"
End If
Next
If sUserList = "" Then
sUserList = "<p>This group does not contain any users</p>"
End If
ListUsers = sUserList
End Function
%>
The first function (ListGroups) will generate the HTML required for a select list containing a list of all
the groups within a specified Windows domain (or an individual computer). It achieves this by first
binding the Domain object to the Active Directory object for the specified Windows domain or individual
machine. It then enumerates the list of members within the domain, and if the member is found to be a
group it adds an OPTION tag to the select list.
The second function (ListUsers) will display a list of users and groups within a specific group [under
Windows NT it is possible to make groups members of other groups, such as adding Power Users to the
Administrators group].
The ListUsers function will display a number of attributes of users it finds; specifically their full
name, description, and whether or not their account is disabled. Further attributes can be obtained using
ADSI - a full list is shown in Microsoft抯 ADSI documentation (link at the bottom of this article).
Note that On Error Resume Next should be used when using Active Directory, because the ASP document will
stop being processed if a certain attribute cannot be found.
|
|
