|
|
|
|
Active Directory Services Interfaces (ADSI) is a set of open interfaces that abstract the capabilities of directory services from different network providers to present a single view for accessing and managing network resources. Administrators and developers can use ADSI services to enumerate and manage resources in a directory service, no matter which network environment contains the resource. This can be an LDAP-based, NDS-based, or NTDS-based directory. It does not matter so long as a service provider is available for that directory service.
Windows 2000 contains providers for:
- WinNT – access to Windows NT 3.51 and Windows NT4;
- LDAP – LDAP directories including Windows 2000 Active Directory, Site Server 3.0, Microsoft Exchange and third party LDAP servers;
- NDS – Novell NDS.
Benefits of accessing directories with ADSI:
- Open Architecture – Any directory provider can implement an ADSI interface;
- Directory Service Independent – Applications are not bound to a vendor's proprietary directory service since it is using an API;
- Security – ADSI supports authentication.
ADSI objects are COM objects, which represent objects in an underlying directory service. Objects can be container objects (like Folders) or Leaf objects (like Files). Each object has a unique ADSI path – a provider name followed by an object path. ADSI provides an abstract schema which describes the type of objects and attributes supported by each provider. Objects are read into cache when GetInfo or GetObject are called. Changes reside in cached memory on the client until a SetInfo is issued. SetInfo writes data back to the underlying directory store.
Getting and Using ADSI Providers
The standard Active Directory Service Interfaces objects, or providers, are found within multiple namespaces—typically directory services for various network operating systems. Providers enable communication between the server or client. ADSI 2.5 includes providers for:
- Windows NT. ADSI supports the Windows NT® Server 4.0 directory.
- Lightweight Directory Access Protocol (LDAP). The LDAP provider works with any LDAP version 2 or version 3 directory. This provider also works for the Windows2000 Active Directory.
- Novell NetWare Directory Services (NDS).
- NetWare 3 bindery (NWCOMPAT).
Using Serverless Binding to retrive informarion.
The preferred method for connecting to an object is to use serverless binding; this means that the server is not explicitly provided; the default domain controller is the source of the LDAP requests. If the requested operations cannot be serviced in the local domain, a referral to the correct server is generated when possible, and the closest server is given.
A serverless path is of the form LDAP://object. To bind to the domain DNS object which is the root container of the domain naming context: |
Non-windows 2000 clients
ADSI serverless binding is not avalable on Windows NT4 or Windows 98, so on these platforms you must always supply the name of an LDAP server for the connections: |
Note: The RootDse is a special LDAP object that exists on all LDAP v3 servers. With it you can write scripts that are independent of the domain or enterprise on whih they are run:
Using the Global Catalog
A global catalog (GC) server is a domain controller that contains a partial read-only replica of every object in every naming context. The replica is used to quickly search the enterprise for an object. The GC contains all objects from all naming contexts, but it is partial in that it contains only attributes designated for replication to the GC. The GC is accessed using port 3268 or by the GC provider as alias. In ADSI any reference to the GC is mapped to the LDAP provider on port 3268. Some of the common uses for searching the GC are:
- Finding user's address book information
- Looking up members of a universal group
- Mapping the User Principal Name to a specific User Account.
Now lets start with real fun...
Creating Directory Service Objects
Creating Active Directory objects involves four basic steps:
- Connect to the Active Directory container that will store the new object.
- Create the object.
- Set the object's mandatory attributes, if necessary.
- Commit the new object to Active Directory.
Example : Create user accounts |
 Click here to copy the following block |
Private Sub Form_Load()
Dim domain
domain = Environ$("COMPUTERNAME")
For i = 1 To 5
AddUser "usr" & i, domain, "This is ADSI test user" & i, "pass" & i
Next
End Sub
Sub AddUser(strUser, strDomain, strDesc, strPassword)
Dim Computer
Dim User
Set Computer = GetObject("WinNT://" & strDomain)
Set User = Computer.Create("User", strUser)
User.fullname = strFullname
User.Description = strDesc
Call User.SetPassword(strPassword)
User.setinfo
Set User = Nothing
Set Computer = Nothing
End Sub |
| Example : Enum user accounts |
| Click here to copy the following block |
Private Sub Form_Load()
Dim domain
domain = Environ$("COMPUTERNAME")
EnumUser domain
End Sub
Sub EnumUser(strDomain)
Dim Computer
Dim User
Set Computer = GetObject("WinNT://" & strDomain)
Computer.Filter = Array("User")
For Each User In Computer
With User
Debug.Print ("Name :" & .Name)
Debug.Print ("Fullname :" & .Fullname)
Debug.Print ("Description :" & .Description)
Debug.Print ("----------------------------")
End With
Next
Set User = Nothing
Set Computer = Nothing
End Sub |
| Example : Modify user accounts info |
| Example : Delete user accounts |
|
|
|
|
|
|
Submitted By :
Nayan Patel
(Member Since : 5/26/2004 12:23:06 PM)
|
 |
|
|
Job Description :
He is the moderator of this site and currently working as an independent consultant. He works with VB.net/ASP.net, SQL Server and other MS technologies. He is MCSD.net, MCDBA and MCSE. In his free time he likes to watch funny movies and doing oil painting. |
|
View all (893) submissions by this author
(Birth Date : 7/14/1981 ) |
|
|