Jan 042011

Quick snippet on how to query an AD user with Javascript.

Firstly, get the user object with:

var objUser = GetObject("LDAP://cn=username,ou=users,dc=example,dc=com");

With this object, you can query any attributes of the user.

var disabled = objUser.AccountDisabled; // True when the account is disabled
var firstname = objUser.givenname; // Returns the users first name.

A List of attributes can be found here.

Some of the more difficult attributes to query are “memberof” which displays the group memberships, and “lockouttime” which is how long they have been locked out for.

When querying memberof, it will return a VB Array, which Javascript won’t recognise unless you retrieve it with:

var memberof = VBArray(objUser.GetEx("memberof")).toArray();

With lockouttime the number is a 64-bit number, which requires a Highpart and Lowpart to access the whole number.
This code will get the lock out time:

var lockouttime = objUser.lockouttime;
var locktimems = Math.abs(lockouttime.HighPart) * Math.pow(2,32) + Math.abs(lockouttime.LowPart); //locktimems now has the time that the account is locked out until in milliseconds.

More garbage from me later !