Last post Feb 04, 2011 05:08 AM by LarsCB
Feb 01, 2011 09:37 AM|LarsCB|LINK
I have the following question:
I have created a website that posts "tasks" in a SQL database. These are taken action on by a service user via PowerShell. The website uses the authentication mode = windows and authorization for groups in AD.
One of the tasks is to add new computeraccounts in AD. Another is to move the computer account from one OU to another. I can successfully search for both OU's and machineaccounts with the DirectorySearcher, but I need to validate whether the user has rights
to implement the move before it should be done, or if the task should be visible at all.
For example, I will check against a given OU if the logged on user has permissions to delete the machine account, and against another OU to check if he has the rights to create a machine account.
Thank you in advance
Feb 01, 2011 02:25 PM|shabirhakim1|LINK
As you say that you that you have laready used DirstorySearcher Object for searching purpose,Again you can use same object to search for user and his assigned Group/Role
If i am not wrong ,we usually have authorization on basis of Roles.Right? So you can easily check it
I suggest you to read this complete tutorial becuse it is only for AD and C#
Feb 04, 2011 05:08 AM|LarsCB|LINK
Thanx for your reply shabirhakim1 :) It helped me in the right direction.
The solution for me was to check if the user is member of the group that has the needed rights to the spessific OU.
So i just check for the true/false value of user.IsInRole("domain\group").
It's maybe a shortcut instead of checking directly, but it works :)