Manipulating Objects in the Active Directory
Manipulating Objects in the Active Directory
To create an object in the directory, you must first create an object of a specific class and then assign values to the mandatory attributes of the object before writing it to the directory. From this procedure, one can quickly conclude that the only thing
Armed with this knowledge, you can easily enumerate, create, and remove objects in the directory using generic code syntax, and change the attribute assignments as appropriate for each object created.
Displaying All
User
Class Objects in the Active Directory Using Visual Basic
To enumerate all user objects in a particular container in the Active Directory, use a variation of the following Visual Basic code:
Dim RootDSE As IADs
Dim UserContainer As IADsContainer
Dim User As IADs
Dim RelativePathFromDomainToUserContainer As String
RelativePathFromDomainToUserContainer = "ou=user accounts,"
Set RootDSE = GetObject("LDAP://RootDSE")
Set UserContainer = GetObject("LDAP://" & RelativePathFromDomainToUserContainer &
RootDSE.Get("DefaultNamingContext"))
UserContainer.Filter = Array("User")
For Each User In UserContainer
Debug.Print User.AdsPath
Next
Note
In the previous example you are using the IADsContainer
Filter
property to display objects
Displaying All
Group
Class Objects in the Active Directory Using Visual Basic
By changing the IADsContainer
Filter
property value assignment (and
An example of such a procedure is shown in the following Visual Basic code segment:
Dim RootDSE As IADs
Dim GroupContainer As IADsContainer
Dim Group As IADs
Dim RelativePathFromDomainToGroupContainer As String
RelativePathFromDomainToGroupContainer = "ou=Groups,ou=Chicago,"
Set RootDSE = GetObject("LDAP://RootDSE")
Set GroupContainer = GetObject("LDAP://" & RelativePathFromDomainToGroupContainer &
RootDSE.Get("defaultNamingContext"))
GroupContainer.Filter = Array("Group")
For Each Group In GroupContainer
Debug.Print Group.AdsPath
Next
Displaying All Computer Class Objects in the Active Directory Using Visual Basic
To display all computer accounts in a particular container, use the following Visual Basic code:
Dim RootDSE As IADs Dim ComputerAccountContainer As IADsContainer Dim ComputerAccount As IADs Dim RelativePathFromDomainToComputerContainer As String RelativePathFromDomainToComputerContainer = "ou=Workstations,ou=Computer Accounts,
| Top |
Creating Objects in the Active Directory
As in a traditional LDAP directory, to create objects in the Active Directory, you must know several pieces of information, including the following:
-
The desired location in the directory
-
The class of the object to be created
-
The appropriate values for the mandatory attributes for the selected class
To help determine which attributes are required for each object class, consider Table 12.1, which describes the most commonly created objects in the Active Directory:
Table 12.1. Mandatory attributes for common object classes used in the Active Directory
| Object Class | Mandatory Attribute(s) | Attribute Datatype(s) |
|---|---|---|
| computer | cn | String |
| sAMAccountName | String | |
| contact | cn | String |
| container | cn | String |
|
|
cn | String |
| groupType | Integer | |
| sAMAccountName | String | |
| locality | l | String |
| organizationalUnit | ou | String |
| printQueue | cn | String |
| shortServerName | String | |
| serverName | String | |
| printerName | String | |
| versionNumber | Integer | |
| uNCName | String | |
|
|
cn | String |
| sAMAccountName | String |
Creating Objects in the Active Directory Using Visual Basic
Use the following Visual Basic code as a guide to create any object in the Active Directory:
Dim RootDSE As IADs
Dim Container As IADsContainer
Dim RelativePathToObject As String
Dim ObjectClass As String
Dim ObjectName As String
Dim NewObject As IADs
Dim MandatoryProperty1_Name As String
Dim MandatoryProperty1_Value As String
'Define more mandatory properties as needed
RelativePathToObject = "ou=administrators,"
ObjectClass = "user"
ObjectRelativeName = "cn=TestAdmin"
MandatoryProperty1_Name = "sAMAccountName"
MandatoryProperty1_Value = "TestAdmin"
'If you dimensioned additional mandatory properties, assign them here
Set RootDSE = GetObject("LDAP://RootDSE")
Set Container = GetObject("LDAP://" & RelativePathToObject &
RootDSE.Get("defaultNamingContext"))
Set NewObject = Container.Create(ObjectClass, ObjectRelativeName)
NewObject.Put MandatoryProperty1_Name, MandatoryProperty1_Value
'Assign additional mandatory properties to the object here
NewObject.SetInfo
Note
To create groups, computer accounts, or user accounts in the Active Directory, follow the code found in Chapter 3, "Container Enumeration Methods and Programmatic Domain Account Policy Manipulation," used to create each respective object type (after the binding operation takes place and the sAMAccountName has been set).
To create these objects on Windows 2000 member servers or workstations, simply follow the code used for Windows NT
Displaying Object Classes and Associated Mandatory Attributes Using Visual Basic
To find the mandatory properties of a class for any existing object in the directory, use the following Visual Basic code:
Dim RootDSE As IADs
Dim ObjectName As IADs
Dim ObjectClass As IADs
Dim RelativePath As String
Dim Obj As IADs
Dim MandatoryProperty As Variant
RelativePath = "cn=System,"
Set RootDSE = GetObject("LDAP://RootDSE")
ADsPath = "LDAP://" & RelativePath & RootDSE.Get("DefaultNamingContext")
Set ObjectName = GetObject(ADsPath)
Debug.Print "Object Name: " & ObjectName.Name
Debug.Print "Object Class: " & ObjectName.Class
Set ObjectClass = GetObject(ObjectName.Schema)
For Each MandatoryProperty In ObjectClass.MandatoryProperties
Debug.Print vbTab & MandatoryProperty
Next
| Top |
Similar products
- Visual Basic 2005 Jumpstart 2005
Vb6 rewrite vs migrate vs reuse vs replace - DB2 for z. OS Version 8 DBA Certification Guide
Dba certification medicare - Mastering Microsoft Exchange Server 2007
Addresslistmembership powershell exchange online - Mobile Guide to BlackBerry
Place field anywhere in the screen in blackberry