We need AD functionality for our forum but it will be a showstopper if we can't assign internal users to be moderators... (and not using separate logons to do this is the whole reason why we want AD integration)  If this works then we'll definitely be stumping up cash for the ad-free version.

 

thanks

Barry

 

thanks

Barry

Just to help clarify, this is the member control panel menu I get when I logon as the administrator with windows authentication turned off:   Member Control Panel Menu

http://www.petro-sim.com/forum/register.asp?FPN=0&PF=23&M=A - Edit Profile Make changes to your profile and forum preferences http://www.petro-sim.com/forum/register.asp?FPN=1&PF=23&M=A - Registration Details Make changes to your login password and/or email address http://www.petro-sim.com/forum/register.asp?FPN=2&PF=23&M=A - Profile Information Make changes to personal information you have given http://www.petro-sim.com/forum/register.asp?FPN=3&PF=23&M=A - Forum Preferences Make changes to your forum preferences http://www.petro-sim.com/forum/register.asp?PF=23&M=A#admin - Admin and Moderator functions Admin and Moderator functions to delete, suspend, change user group etc. of member http://www.petro-sim.com/forum/help.asp - Forum Help Forum Help files and FAQ's to help you with any difficulties you may have when using the forum

Member Control Panel Menu

http://www.petro-sim.com/forum/register.asp?FPN=0 - Edit Profile Make changes to your profile and forum preferences http://www.petro-sim.com/forum/register.asp?FPN=1 - Registration Details Make changes to your login password and/or email address http://www.petro-sim.com/forum/register.asp?FPN=2 - Profile Information Make changes to personal information you have given http://www.petro-sim.com/forum/register.asp?FPN=3 - Forum Preferences Make changes to your forum preferences http://www.petro-sim.com/forum/help.asp - Forum Help Forum Help files and FAQ's to help you with any difficulties you may have when using the forum

 

Any ideas on how to go about getting a windows user setup as an administrator under these circumstances?  I can try a fresh install if you think that will help...

 

thanks

Barry

 

(apologies if I'm being thick about this and missing something obvious!)

 

thanks

Barry

I think I should try a fresh install of the forums and then turn on authentication and see if anything is different (not that I've really made any changes to anything yet)

 

thanks

Barry

 

Did a complete reinstall as follows:

copied the "forum" folder to the web server

In IIS admin set the "directory Security" for that folder to Integrated Authemtication only

Setup a new DB and ran the initial setup as per instructions

Logged on to the system - this happen as an AD user.

changed the last bit in the address from "/default.asp" to "/admin.asp"

logged in using the default administrator account and password

Went to "membership admin", clicked on the AD user account that had been automatically created (as "newbie" ) and then clicked on "Edit this members forum settings"

No option is available for "Admin and Moderator" functions - I'm pretty sure that when I click on the username and it pops up the new window for editing it's authenticating me as the AD user who is a "newbie" not the admin account

 

I then did a bit more fiddling - I went into the Database and changed the group membership for the AD account to "1" effectively making that account an admin account - I then logged on as the default administrator account (using /admin.asp) and checked that the AD user was an administrator.

The I logged on as the user by just opening a new browser and I then had the link to the Admin function in the top options, but when I click on it it asks for a password (the username cannot be changed) and it's not the password from AD so there's no way to go any further...

 

Is this something that can definitely be done?  To have an AD user be an administrator for the forums?

 

thanks

Barry

 

I can however confirm that for some reason when you logon as an administrator (using the default account and NOT and AD account) with windows authentication enabled that when you get to the admin pages (The forum control panel - admin_menu.asp) that the blnAdmin field is False, ie the account is not being properly recognised as an admin account ...

 

I'm going to keep looking but maybe this will give you a clue as to something minor to adjust...

 

Barry

 

The first I would imagine is quite easy to fix (easy for me to say!) - when someone logs in using windows authentication I don't believe that a cookie is being generated or used, so when getuserdata is called it does not return correct information such as the group to which the user belongs...  hence you even though an AD account may be a moderator you don't get moderator permissions when logged in.

 

The second has already been mentioned and is where after logging into the control panel as an admin user (non AD) when you try to edit a members profile it re-does an automatic logon and you end up viewing the members profile as the AD account you are using - which effectively will prevent any admin functions.

 

Barry

 

Here's what I've done to populate my forum groups based on my Active Directory groups:

 

in functions_windows_authentication.asp i changed the code that says:

 

  'We need to get the start user group ID from the database
  'Initalise the strSQL variable with an SQL statement to query the database
                'strSQL = "SELECT " & strDbTable & "Group.Group_ID " & _
                '"FROM " & strDbTable & "Group" & strDBNoLock & " " & _
                '"WHERE " & strDbTable & "Group.Starting_group = " & strDBTrue & ";"

 

 

to

 

 

 

  dim ADS_SCOPE_SUBTREE
  dim objConnection
  dim objCommand
  dim objRecordSet
  dim distName
  dim arrMemberOf
  dim theGroup
  dim objUser
  dim theGroupList
  dim intPrimaryGroupID
     
  ADS_SCOPE_SUBTREE = 2

  Set objConnection = CreateObject("ADODB.Connection")
  Set objCommand = CreateObject("ADODB.Command")
       
  objConnection.Provider = "ADsDSOObject"
  objConnection.Open "Active Directory Provider"
       
  Set objCommand.ActiveConnection = objConnection
  objCommand.CommandText = "Select distinguishedName, primaryGroupToken from 'LDAP://DC=my,DC=domain'  where sAMAccountName=' " & strUserName & "'"
  objCommand.Properties("Page Size") = 100
  objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
  Set objRecordSet = objCommand.Execute
  If objRecordSet.RecordCount > 0 Then
   objRecordSet.MoveFirst
       
   distName = vbNullString
   distName = objRecordSet.Fields("distinguishedName").Value           
  else
   'user not found in AD
  End If

  
  if distName <> vbnullstring then
   'lookup all groups but primary
   Set objUser = GetObject("LDAP://" & distname)  
   arrMemberOf = objUser.GetEx("memberOf")
   intPrimaryGroupID = objUser.Get("primaryGroupID")

   For Each theGroup in arrMemberOf
    theGroupList = theGroupList & lcase(theGroup) & ","
   Next

   'look up primary group
   objCommand.CommandText = "< - ;(objectCategory=Group);distinguishedName,primaryGroupToken;subtree - ;(objectCategory=Group);distinguishedName,primaryGroupToken;subtree">LDAP://DC=my,DC=domain>;(objectCategory=Group);distinguishedName,primaryGroupToken;subtree "
   Set objRecordSet = objCommand.Execute
   objRecordSet.MoveFirst       
   Do Until objRecordset.EOF
    If objRecordset.Fields("primaryGroupToken") = intPrimaryGroupID Then
    theGroupList = theGroupList & lcase(objRecordSet.Fields("distinguishedName").Value) & ","
    End If
    objRecordset.MoveNext
   Loop

 

   'look for specific groups:
   'enterprise admins = db admins
   '_faculty = moderators
   'everyone else = newbies
   if instr(theGroupList,"enterprise admins,") <> 0 then
    'admin
    'We need to get the start user group ID from the database
    'Initalise the strSQL variable with an SQL statement to query the database
                  strSQL = "SELECT " & strDbTable & "Group.Group_ID " & _
                  "FROM " & strDbTable & "Group" & strDBNoLock & " " & _
                  "WHERE " & strDbTable & "Group.Name = 'Admin Group';" 
   elseif instr(theGroupList,"_faculty,") <> 0 then
    'moderators
    'We need to get the start user group ID from the database
    'Initalise the strSQL variable with an SQL statement to query the database
                  strSQL = "SELECT " & strDbTable & "Group.Group_ID " & _
                  "FROM " & strDbTable & "Group" & strDBNoLock & " " & _
                  "WHERE " & strDbTable & "Group.Name = 'Moderator Group';"
   else
    'newbies
    'We need to get the start user group ID from the database
    'Initalise the strSQL variable with an SQL statement to query the database
                  strSQL = "SELECT " & strDbTable & "Group.Group_ID " & _
                  "FROM " & strDbTable & "Group" & strDBNoLock & " " & _
                  "WHERE " & strDbTable & "Group.Starting_group = " & strDBTrue & ";"
   end if
  else
   'newbies
   'We need to get the start user group ID from the database
   'Initalise the strSQL variable with an SQL statement to query the database
                 strSQL = "SELECT " & strDbTable & "Group.Group_ID " & _
                 "FROM " & strDbTable & "Group" & strDBNoLock & " " & _
                 "WHERE " & strDbTable & "Group.Starting_group = " & strDBTrue & ";"
  end if