vba - 脱机检查 Active Directory 组成员身份

编程问答 2022-05-16

问题描述

在 vba 中是否可以离线检查 Active Directory 组成员身份?

我已经管理了在线和离线用户凭据检查(用户名、密码)。

在线 = 到公司域网络(LAN 或 Wifi)的第 3 层连接
离线 = 没有物理网络连接 - 没有 LAN,没有 Wifi

Public Declare Function logonUser Lib "advapi32" Alias "logonUserA" _
(ByVal lpszUsername As String,ByVal lpszDomain As String,ByVal lpszPassword As String,_
 ByVal dwlogonType As Long,ByVal dwlogonProvider As Long,phToken As Long) As Long

Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Public Const logoN32_PROVIDER_DEFAULT As Long = 0&
Public Const logoN32_logoN_INteraCTIVE As Integer = 2&

Public Function ADUserLogin(ByVal strUsername As String,ByVal strPassword As String,_
                            ByVal strDomain As String) As Boolean

    On Error GoTo ADUserLogin_Error
    Dim tokenHandle As Long
 
    ADUserLogin = logonUser(strUsername,strDomain,strPassword,logoN32_logoN_INteraCTIVE,_
                            logoN32_PROVIDER_DEFAULT,tokenHandle)
    CloseHandle tokenHandle
    
    On Error GoTo 0
    Exit Function

ADUserLogin_Error:

    MsgBox "Error " & Err.Number & " (" & Err.description & ") in procedure ADUserLogin,line " & Erl & "."
End Function

但是它对 Active Directory 组成员身份有何作用?

亲切的问候罗尼

解决方法

我已经解决了如下。当用户在线登录时,我检查他属于哪个组并保存它,包括上次登录的日期和时间。现在,用户有 14 天的时间离线登录数据库。

如果在此期间再次连接到域,我只需再次检查组成员身份并做出相应的反应。

如果有人知道更好的方法,我总是乐于提供建议。 :-)

Public Function IsMember(ByVal strUsername As String,ByVal strPassword As String,ByVal strGroup As String,Optional ByVal strDomain As String) As Boolean
10        On Error GoTo IsMember_Error

20        If Not Len(strDomain) <> 0 Or IsNull(strDomain) Then
30            strDomain = CreateObject("WScript.Network").UserDomain
40        End If

50        Set objIADS = GetObject("WinNT:").OpenDSObject("WinNT://" & strDomain,strUsername,strPassword,ADS_SECURE_AUTHENTICATION)
60        Set objIADSUser = objIADS.GetObject("user",strUsername)

70        For Each Member In objIADSUser.Groups
80            If Member.Class = "Group" Then
90                If Member.Name = strGroup Then
100                   IsMember = True
110                   SaveUserMembership strUsername,strGroup,strDomain,Date,Time
120                   Exit For
130               End If
140           End If
150       Next

160       On Error GoTo 0
170       Exit Function

IsMember_Error:

180       MsgBox "Error " & Err.Number & " (" & Err.description & ") in procedure IsMember,line " & Erl & "."
End Function
active-directorygroup-membershipms-accessvba