????? ??????? ?????? ADSI ?????? ?????? ??? ???????? ????????

???? ??? ?????? ????? ??????? ?????? ????? ????? ?????? Active Directory (ADSI) ?????? ?????? ????? ???????? ???????? ????????.

??? ??? ????? ???????? ???????? ??? ???? ?????? ?? "Active Directory"

????? ?? ???? ???? ?????? (??? ???????? ???????? ??????) ?? "Active Directory" ??? ???? (SID) ???? ???????? ???. ????? SID ?????? ?? ???????? ??? ?? ???? ?? ???? "SID ??????" ????? ?? ????? "????" ?? ??? ???????. ??????? ?? ??? ???????? ??? SID ?? ???? ???? ?????? (RID) ? ?????? RID ??? ???? ??? ??????.

??? ????? ???????? ???????? ???????? (?? RID ???????? ?? ???? ????????) ??? ??? PrimaryGroupID ????? ????????. ???????? ???????? ???????? ??? ?????? ?????? ?? ??? ?????? ??? ???????? ????? ??? ???????? ??? ?? ???? ?????? ???????? ???. ??? ????? ??? ?????? ???????? ?? "Active Directory" ??? ???? PrimaryGroupToken ? ???? ???? ?????? RID ??? ???????? ??? ??????.

?????? ????? ?? ?? Windows NT ? ???????? ?????? ?????? ?????? ?????? (LDAP) ????????? ?????? ???????? ???????? ???????? ?????? ????? ???? ????? PrimaryGroupID ??? RID ?????? ???? ???????? ?????. ??? ?? ??? ???????? ????? ?? ?????? ?? ???? ????? ???????? PrimaryGroupID RID ????????.

????? ?????? ???? Windows NT ?? ADSI ? ??? ????? ?????? ?? ?????? IADsUser::Groups ???????? ???????? ????????.

?? ???? LDAP ?? ???????? ???????? ??? ???????? ?? ?????? IADsUser::Groups ?????? ??? ??? ??? ????? ?????? (DN) ???????? ?? ????? MemberOf ?? ???? ???????? ?? ??????. ???????? RID ?? PrimaryGroupID ?? ??? ???? ??? ??????? ??? ???????? ???????? ???????? ??? ???? ???????? LDAP.

????? ?? ???? ???? ????? ??? ???????? ???????? ???????? ???? ????? ?? ?????? ???????? ?????? ???. ??? ????? ??????? ??? ???? ??????? ?????? ????? ?? ?? ???? ???????? ??????? ?? ??? ?? ???? ????? ?????? ?????? ?? ???? ? ??? ???:

• ?? ????? ?????? ???????? ???????? ?? ??? Windows NT ????? PrimaryGroupToken ??? ???? Windows NT ???? ???? ????? ???? ???????? RID ???????? ???????? ?????? ?????? ????? ADSI.
• ??? PrimaryGroupToken ???? ???????? ???? LDAP ??? ??????. ??? ????? ??? ?????? ??? ???? ???????? ?? ??????. ?? ???????? ??? ? ????? ????? ??? ??? ?????? ?? ??????? ????? IADs::GetInfoEx. ??? ?? ?????? ????? ?????? LDAP ???????? ??? ???? ????? ?? "Active Directory". ????? ?? ????? ????? ???????? ???? LDAP ??????? ???????? ??? ??? PrimaryGroupToken ????? ????? PrimaryGroupID ??? ???? ???????? ????? ?? ???????? ???????? ???? ???? ?????. ??? ????? ????? ???? ?? ADSI ???? ??? ????? ???? COM ????? ???????? ??? ????? ???????? ????????.

??? ?????? ???????? ???????? ????????

???? ??? ????? ?????? ???????? ?????? ??? ???????? ???????? ????????:

• ????? SID ????? ??? ???? ?????? ?? "Active Directory" ?? ???? RID ?????? ???????? SID ? RID ???????? ????? ??? ??? PrimaryGroupID ??? ???? ????????.
  
  ??? ?? ??????? ??????? ?? ??????? Microsoft ?? ????? ??? ??????? ??? ???????? Q297951 (??????? ?? ????? "????" ?? ??? ???????). ???? ??????? ????? ?? ??? ??????? ?? ?????? SID ????? ????? ??? ?? ????? ??????? ??? ???? ADsSID ????? ???? ?????? ???????? ?? ???? ?????? ?? ????? SDDL ????? ??. ???? ADsSID ??? ????????? ?? ??? ??? ADsSecurity.dll ???? ??? ?? ??? ????? ??? ??????? ??? ?????? ??? ?? ???? ????? ????????? ???????? ?????.
• ??????? ??????? LDAP ????? ?? ???? ??????? ?? ???? ?????? ????? PrimaryGroupToken ?????? ???.
  
  ??? ??????? ?? LDAP ????. ??? ???? ???? ????? ???????? ??????? ?????? ??? ???? ???? ??? ??? ????? ?????? ?? ?????? ?? ?????? ??? ??? ???????? ??? ?????; ? ???? ??? ????? ??? PrimaryGroupToken ??? ?????? ??? traversed ?????? ????? ? ??? ????? ????? ??????. ???? ?? ???? ??? ??????? ???? ??? ????? ????? ??? ??? ???? ??? ???? ?? ????????? ?? ??????. ????? ??? ????? ????? ????????? ADO ????? LDAP abound ?? ????? ?? ??? ??????? ?? ??? ???????.
• ????????? ?? ??????? ???????? ?? ?? ???? ????? ?? ?????.
  
  ??? ???? ?????? ?? ????? ????? ?????? ?????? ???????? ???????? ????????. ?????? ????? ???? ??????? ???????:
  1. ??? ???? ???????? ?? ???? Windows NT.
     
     ???? ???? ?????? Windows NT ?????? ?????? ?? ???????? ????? ?? ????? ???????? ???????? ????????. ?????? ??? ????? PrimaryGroupID ????? ???????? ?????? ?? ???? ???? ????????? ?????? ?? ??? ??????????.
  2. ????? ?????? IADsUser::Groups.
  3. ??????? ??????? SamAccountName ?? ADsPath ??? ?????? ?? ??? ???????? ??? ?? ????? ????? ??????? ????? LDAP ????? ?? ???? ????????? ?? ??????? SamAccountName ???????? ?? ??? ???????? ????? ????? ????? PrimaryGroupToken ? DistinguishedName.
  4. ????? ??? ADSI ADO ??? ?? ????? ???? ?????? ????? ?????? ?? ?????? PrimaryGroupToken ?? ???? ????? PrimaryGroupID ??????? ?????? ?? ????? ????.
  5. ?? ???? ?????? ??? ????? ????? ???? ????? ?????? ???? ???????? ??????? ?????? ???? ????????.
  6. ??? ?? ???? ??? ????? ?????? ????? ??????? ???? ????? ?????.
  ????? ??? ??????? ????? ?????. ???? ???????? ????????? ?????? ADSI ???? ?? ????? ?????? ??????. ???????? ??? ???? ????? ??????? ????????? ???? ?? ???? ???????? ???????? ???.
  
  ?? ???? ???? ???? ???????: ????? ??? ????? ?????? IADsUser::Groups ???? ?? ?????? ????? IADs ??? ????? ?? ????????. ??? ???? ???????? ????? ??????? ??? ???? ???????? ??????? ???? ???? ????, ????? ??????? ??? ???? ??? ???. ???? ???????? ???????? ??????? ??? ????? ????? ???????? ??????:

  dim oUsr 
  dim oGrp 
  
  '
  ' ToDo: Change the following variables to specific values for your domain.
  ' 
  DomainName = "myDomain"
  UserLoginName = "myUserLoginName"
  
  '
  ' Bind to the user object with the Windows NT provider.
  ' 
  set oUsr = GetObject("WinNT://" & DomainName & "/" & UserLoginName & ",user") 
  set grp = oUsr.Groups 
  GrpID = oUsr.PrimaryGroupID 
  GrpName = "" 
  
  '
  ' Building Query Filter for the search for all the groups that the user is a member of.
  '
  QueryFilter = "(|"
  for each Item in Grp 
     NT4Name = replace(Item.ADsPath,"WinNT://","") 
     tempArray = split(nt4Name,"/") 
     NT4Name = tempArray(1)
     QueryFilter = QueryFilter & "(samAccountName=" & NT4Name & ")"
  next
  QueryFilter = QueryFilter & ")"
  
  '
  ' Building LDAP dialect Query String.
  '
  QueryString = "<LDAP://" & DomainName & ">;" & QueryFilter & ";PrimaryGroupToken,distinguishedName;subtree"
  
  '
  ' Performing Query against the Active Directory for all the groups that 
  ' the user belongs to and retrieving the RID of the group object off
  ' the PrimaryGroupToken attribute on the user.
  '
  Dim oConnection, oCommand, oRecordset
  Set oConnection = CreateObject("ADODB.Connection")
  Set oCommand = CreateObject("ADODB.Command")
  
  oConnection.Provider = "ADsDSOObject"
  oConnection.Open "Active Directory Provider"
  
  Set oCommand.ActiveConnection = oConnection
  oCommand.CommandText = QueryString
  oCommand.Properties("Page Size") = 900
  
  Set oRecordset = oCommand.Execute
  
  '
  ' Looping through all the records in the search result to determine whether
  ' any of these group's PrimaryGroupToken attribute value match the 
  ' PrimaryGroupID attribute value stored on the user object.
  '
  While ((NOT oRecordset.EOF) and (Not bGroupFound))
    if (GrpID = oRecordset.Fields("PrimaryGroupToken").value) then
      GrpName = oRecordset.Fields("DistinguishedName").Value
      bGroupFound = True 
    End If
    oRecordset.moveNext
  Wend
  
  Set oRecordset = Nothing
  Set oCommand = Nothing
  Set oConnection = Nothing
  
  '
  ' Displaying Results of the search.
  ' 
  if( bGroupFound ) then 
     WScript.Echo "Primary Group for " & oUsr.AdsPath 
     WScript.Echo "Is: " & GrpName 
  else 
     WScript.Echo "Primary Group Not Found" 
  end if
  					

????? ?? ?????????? ???? ??? ??? ??????? ?????? ?????? ?? "????? ??????? ?? Microsoft: