Permission Denied Resolution? [Answered]RSS

1 reply

Last post Jun 17, 2012 10:15 PM by steve schofield

  • Permission Denied Resolution?

    Jun 15, 2012 11:33 AM|LinksTune|LINK

     Hello everyone,

         yesterday I wrote a script that adds users to an AD group if they are not currently in it, but it requires a person have admin rights to run properly without encountering "permission denied" errors. Is there a way that I could reconfigure the script to run with just base level access or provide a ProcessID/Password with sufficient privileges?

     

    here's the relevant code: 


    <%

     If staff = "No" or staff="" Then
        personFor = AuthUser.Name
        personBy = AuthUser.Name
    Else
        personFor = Request("UserSel")
        personBy =  AuthUser.Name
    End if

    result = getDN(personFor)

    'Main
            If isMember("MOI-USERS-GS") Then  
                    response.write("Is member")        
                    
                    outputToCSV personFor, personBy, "Already been requested"
                            
            Else
                    response.write("Is not a member")
                    
                    Set objGroup = GetObject("LDAP://CN=MOI-USERS-GS,OU=Applications,OU=Groups,DC=corporate,DC=company,DC=com")
                    Set objUser = GetObject("LDAP://" & result)
                    objGroup.add(objUser.ADspath)
                    
                    outputToCSV personFor, personBy, "User Added"
                                        
            End If
            
    'Is member
            Function IsMember(groupName)
                If IsEmpty(groupListD) then
                    Set groupListD = CreateObject("Scripting.Dictionary")
                    groupListD.CompareMode = 1
                    
                    dim result
                    
    'Be sure proper UID is passed as result...
                    
                    If staff = "No" or staff="" Then
                        result = AuthUser.UID
                    Else
                        result = left(subjuser, 6)
                    End if
                                    
                    ADpath = "Corporate" & "/" & result
                    Set userPath = GetObject("WinNT://" & ADpath & ",user")
                    For Each listGroup in userPath.Groups
                        groupListD.Add listGroup.Name, "-"
                    Next
                End if
                IsMember = CBool(groupListD.Exists(groupName))
            End Function

    %>


    Permissions classic asp server 2003

  • Re: Permission Denied Resolution?

    Jun 17, 2012 10:15 PM|steve schofield|LINK

    make sure the user account trying to add users has been delegated permissions to Add users.  They user doesn't need to be an admin in AD.

    Steve Schofield
    Windows Server MVP - IIS
    http://iislogs.com/steveschofield
    http://www.IISLogs.com
    Log archival solution
    Install, Configure, Forget