Well, I learned something new today. I never knew what tokenGroups did. However, I get the same error as yours.
I tried a regular account and a domain admin account. No difference. I also tried "tokenGroupsNoGCAcceptable" and "tokenGroupsGlobalAndUniversal" and got similar errors. Each of these attributes are active in AD. This sucks because I would really like to research this attribute. Thanks, Mike -----Original Message----- From: Jeff Becker [mailto:[email protected]] Sent: Friday, February 27, 2009 9:22 AM To: cf-talk Subject: Re: CFLDAP and tokengroups Michael, Thanks for your thoughts. The big task at hand is to get all a user's groups and most importantly recursively go up the chain. So for example, user jbecker is apart of AD GROUP "San Fran", that group is apart of "California Users", and that group is apart of "All Corporate Users". --- so when I ask for jbecker, I'd want all three groups returned. I'm not sure if #1 or #2 would allow for the recursive gathing part. (Well it doesn't but it requires A TON of calls back and forth to AD) My Active Directory folks say that AD already gathers this recursive stuff via the tokengroups attribute and it would be a matter of dissecting that attribute. Does that help where I'm coming from?? Thanks for the RETURNASBINARY. I'll give that a look! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319906 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
