ADSI_IsMemberOfGroup()

While working with Active Directory in IIS/ASP on another web project, we hit upon the problem that the ADSI function IsMember() won't tell you if a user is a member by virtue of indirect group membership. (Where user X is a member of group A and group A is a member of group B... IsMember() will say that X is not a member of B and there's no switch to make it traverse nested groups).

So I hacked up a function called ADSI_IsMemberOfGroup() which, given a NT4-style domain name (e.g. "DOMAINNAME"), the NT4-style username (e.g. "THOMAS") and the name of the group (e.g. "Network Administrators"), will make an attempt to determine if THOMAS is a member of Network Administrators either directly or through nested group membership. It then returns TRUE if it found membership, or FALSE if no membership or an error occured.

Now, the code is rather rough, it uses recursion but doesn't check for runaway conditions (however, the IIS script time-out will kill the page eventually). Also, it's unable to properly search AD for the domain so it makes the assumption that there is only one domain in the directory. If someone can find code to finish out support of multi-domain situations where a SAM name can appear multiple times I'd appreciate it.

See the source: ADSI_IsMemberOfGroup() (VBScript for IIS v5.x)