Vista - Security Groups from VPN

I'm still having problems retrieving a user's security groups from a
VPN connection. I've established the connection by requiring the
username and password but no matter what I try I can't seem to get the
security groups for the user. Any help with this problem will be
greatly appreciated.

Set objDomain = GetObject("LDAP://domain.com/RootDSE")

strDomain = objDomain.Get("dnsHostName")

Set objUser = GetObject("WinNT://" & strDomain & "/" & userName)

This returns an error of the network path not found.

"jimmysjams" <jimmysjams@xxxxxx> wrote in message
news:498a6b3f-7ab9-428c-b83f-13896881b7f0@xxxxxxThat can't work. The dnsHostName will be in the form MyCompany.MyDomain.com.
The WinNT provider requires the NetBIOS name of the domain. I don't have a
vpn to test, but I would suggest one of the following:
========
Set objNetwork = CreateObject("Wscript.Network")
strDomain = objNetwork.Domain
strUser = objNetwork.UserName
Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser & "/,user")
--- or
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
=======
In your example, how do you know the value of "userName"?

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

On Feb 9, 10:20*am, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:I prompt the user for username and password and log into to the vpn
that way. The computers I have to get this script to work on are not
members of the domain.

In your first example code will retrieve the local username and
security group. I've tried the second but I'm not an active directory
expert. The error it returns is "No mapping between acount names and
security IDs was done."

"jimmysjams" <jimmysjams@xxxxxx> wrote in message
news:2d46b7eb-53b2-463a-85d9-d599b968c63c@xxxxxx
On Feb 9, 10:20 am, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:I prompt the user for username and password and log into to the vpn
that way. The computers I have to get this script to work on are not
members of the domain.

In your first example code will retrieve the local username and
security group. I've tried the second but I'm not an active directory
expert. The error it returns is "No mapping between acount names and
security IDs was done."

----------
That's the error you get from the ADSystemInfo object when you are not
authenticated to the domain. If the wshNetwork object does not work and
return the NetBIOS name of the domain, you will need to use the LDAP
provider. The RootDSE object does not reveal the NetBIOS name of the domain,
which is required for the WinNT provider. I would recommend the LDAP
provider anyway, as it is faster and reveals more attributes. The only
drawback is that it does not easily reveal membership in the "primary" group
of the user, but that should always be "Domain Users" anyway.

If you can bind to the RootDSE object, you can use the following to retrieve
the DN of the domain:

Set objRootDSE = GetObject("LDAP://domain.com/RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

The problem with my suggestion is that you have the NT name of the user (the
value of the sAMAccountName attribute, also called the "pre-Windows 2000
logon name"). You need the Distinguished Name (DN) of the user to use the
LDAP provider. The IADsNameTranslate interface can be used to convert the NT
name to the DN, but if you are not authenticated to the domain you may need
to use alternate credentials.

Maybe the best solution is to hard code the NetBIOS name of the domain.
Either that, or prompt the user for the name of the domain. Or, possibly
parse the dnsHostName for the part you believe is the NetBIOS name of the
domain. Note that this is not guarenteed to work, as the highest level
domain component of the dnsHostName can be completely different from the
NetBIOS name. This may work in many (but not all) cases. Or, maybe someone
else has a suggestion.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--