Recursive LDAP function to get nested groups (roles) and users

Here is a simple recursive function that I wrote which will give you nested groups and members for any given Active Directory group. Try it….it works! U can bind it to a tree later on to show it on the screen. I have also included an output of how it looks when bound to an iewc Treeview.


Dim AdsPath as string
Dim XMLRoles as string

AdsPath = GetAdsPathOfGroupThroughADO(“Domain Admins”)
XMLRoles = GetRoleMembers(Adspath)


Public Function GetAdsPathOfGroupThroughADO(ByVal Group As String) As String
On Error Resume Next
Set rs = CreateObject(“ADODB.RecordSet”)
rs.Open “;(sAMAccountName=” & Group & “);adspath”, “provider=ADsDSOObject”

If Not rs.EOF Then
s = rs(0).Value
End If

GetAdsPathOfGroupThroughADO = s
End Function
Public Function GetRoleMembers(ByVal RoleAdsPath As String) As String
Dim eu As Object
Dim XML As String

Set eu = CreateObject(“ess.user”)
Set Group = GetObject(RoleAdsPath)
XML = “”

For Each member In Group.Members
If member.Class = “Group” Then
XML = XML & vbCrLf & GetRoleMembers(member.ADsPath)
ElseIf member.Class = “foreignSecurityPrincipal” Then
On Error Resume Next
Set u = GetObject(“LDAP://=” & eu.SidStringToHexString( & “>”)
If Err.Number = 0 Then
XML = XML & vbCrLf & “”
End If
End If

XML = XML & vbCrLf & “”
GetRoleMembers = XML
End Function


eg. TreeView1.TreeNodeSrc = “XML returned by GetRoleMembers()….”
TreeView1.TreeNodeXsltSrc = Server.MapPath(“Treetransform.xslt”)


