Web Page Functionality Based on Group Membership in Active Directory

The following function (written in VBScript) queries the domain controller and iterates the group membership of a user looking for a match. The function assumes that integrated authentication is used in an internal web application.

Function DomainUserHasAccess(theDomainName, theGroupString)


'*** You provide the name of the active directory domain and a string of

'*** all groups that have access to an object. If the logged-in user

'*** belongs to any of the groups, the function returns TRUE. Otherwise

'*** it returns false.


DIM objGroup      'The name of each group in the group class

DIM objUser       'The alias of the user within each group

DIM strUser       'The authenticated user logged in

DIM objDomain     'Object for storing domain LDAP query

strUser = Request.ServerVariables("Auth_User")

strUser = UCASE(TRIM(Right(strUser, Len(strUser)-instr(1, strUser, "\"))))

Set objUser = GetObject("WinNT://" & theDomainName & "/" & strUser)

For Each objGroup In objUser.Groups

If InStr(1, theGroupString, objGroup.Name) > 0 Then

DomainUserHasAccess = TRUE

Exit Function

End If


DomainUserHasAccess = FALSE

End Function