I need to get a list of groups a special user is member of.
Normally I can do that using NetUserGetGroups, here's the code:
function GetLDapUserGroups(UserName, DomainName : string) : TStringList;
var bufptr : Pointer;
ServerName : String;
EntriesRead : DWord;
TotalEntries : DWord;
buf : Pbyte;
PGlobalGroupInfo : PGroupInfo0;
i : integer;
// get servername
// if problems occur maybe set param2 to nil
bufptr := nil;
NetGetAnyDCName(nil, PWideChar(DomainName), bufptr);
ServerName := PWideChar(bufptr);
Delete(ServerName, 1, 2); // remove starting '\\' from server Name
if NetUserGetGroups( PWideChar(ServerName), PWideChar(UserName), 0, buf, MAX_PREFERRED_LENGTH,
@EntriesRead, @TotalEntries)=NERR_SUCCESS then
PGlobalGroupInfo := PGroupInfo0(buf);
// Store group names in list
for i:=0 to EntriesRead - 1 do
but this does not work, if my program is running on a PC that is not part of the AD-domain.
Obviously it's possible, I tried using LDAP Administrator (by Softerra), and there it works.
- JclWin32.NetUserGetGroups - Nope. (I can understand this does not work, I can't pass the users password here. Works fine from PC that is on domain)
- JwaLmAccess.NetUserGetLocalGroups - Nope. Also no possiblity to pass password
- NetApi.GetNetUserGroups - same story here
- CreateOleObject('ADODB.Command')... - Nope
I just managed to check the password from non-domain-PC (see Check username/password in Active Directory from PC that is NOT part of domain ), so I tried executing the commands when signed on, but this also failed.
Looking around in the Jedi sources, I came across the function "JwaWinLDAP.ldap_search_sW". For me that smells promising as I could pass the LDap-token from the sign-on. However, I didn't find any code samples on how to search a users groups. Is this function the way I should continue to look at?
Can anyone push me in the right direction please? :)