Are you a world traveler? ZoneTick is a cool utility that'll help you stay in touch over multiple time zones!
 
Binding to Directory Objects Using ADSI  
Nik Okuntseff  Windows 2000 Security Programming 

Binding to Directory Objects Using ADSI

This section describes how to bind to Active Directory objects using ADSI. Here I provide a few simple examples in Visual Basic. Notice that you can do it with C/C++ as well. The LDAP Security section in the Appendix has the App/AdsiBind sample that describes how to bind to objects using C/C++. Notice that the sample utilizes the port as well as security credentials. This means that you can execute ADSI calls in security context of another user if you know user name, domain, and password.

There are two types of LDAP servers that a Windows 2000 client application might be interested in. One is a current domain directory server. The second on is a global catalog. Notice that one server might actually be a domain directory server and a global catalog at the same time. Domain LDAP server is used for objects in this domain. Global catalog is used for objects in the entire domain forest, because it contains a definable subset of properties for all objects in the whole forest. For example, an organization might span several different contries and continents, but a global catalog homed somewhere in a domain tree and physically located somewhere int the middle of nowhere will still have a few properties for all objects in the forest assuming replication works properly.

Binding to a root DSE

Every LDAP server must have a root entry called the root DSE (or RootDSE) from where a general server specific information might be obtained. Here is how you can bind to this entry. 

Dim objRootDSE
Set objRootDSE = GetObject("LDAP://RootDSE")

Unfortunately, this does not work for global catalogs. If you want to bind to a GC you need to additionally specify either a server name (or IP address) or a domain name. Domain name may be full or relative. 

Set objRootDSE = GetObject("GC://frosty/RootDSE")
Set objRootDSE = GetObject("GC://myresearch.local/RootDSE")
Set objRootDSE = GetObject("GC://myresearch/RootDSE")

Notice that specifying server or domain name also works for domain directory servers. If something does not work try to check whether name resolution works properly....

This needs to be rewritten..

Let's get some attributes from the root DSE. You can attributes like defaultNamingContext, schemaNamingContext, and configurationNamingContext. Here is how: 

'Get some attributes from the root DSE
Dim str As String
str = "defaultNamingContext = " & objRootDSE.Get("defaultNamingContext") & vbCrLf
str = str & "schemaNamingContext = " & objRootDSE.Get("schemaNamingContext") & vbCrLf
str = str & "configurationNamingContext = " & objRootDSE.Get("configurationNamingContext") & vbCrLf
  
'Display the result
MsgBox str

Here is what this code displays for my test domain:


Three attributes obtained from the root DSE of my domain directory server.

Let me start from a simple example that enumerates computers in a domain. The example is located in the Ad/VbEnumComputer directory. Here is its source code. 

Private Sub Enum_Click()
  Dim strResult As String
  Dim strCN As String
  
  Dim strDomain As String
  strDomain = Domain.Text
  
  'Open root DSE do determine default naming context.
  Set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE")
  
  'Determine default naming context.
  Dim strDefaultContext As String
  strDefaultContext = objRootDSE.Get("defaultNamingContext")
  Set objRootDSE = Nothing
    
  'Bind to the Computers container on the domain controller.
  Dim strContainer As String
  strContainer = "LDAP://" & strDomain & "/CN=computers," & strDefaultContext
  'To bind to Domain Controllers container use the following:
  'strContainer = "LDAP://" & strDomain & "/OU=Domain Controllers," & strDefaultContext
   
  Set objContainer = GetObject(strContainer)
   
  'Scan all object names.
  strResult = "Computers found:" & vbCrLf & vbCrLf
  For Each obj In objContainer
    strCN = obj.Name
    strCN = Right(strCN, Len(strCN) - 3)
    strResult = strResult & strCN & vbCrLf
  Next
  
  'Display the result.
  MsgBox strResult
  
  'Clean up.
  Set objContainer = Nothing
End Sub

Let me explain what I am doing here.

If you know a distinguished name (DN) for an object you can bind to it with ADSI. Here is an example in Visual Basic:

The remainder of this section is currently under construction...
 

[ Contents | Home ]
Send comments and suggestions to niko@wrconsulting.com
Copyright © 2000 by Nik Okuntseff


Contact: info@wrconsulting.com