Section C.3. Retrieving Objects

C.3. Retrieving Objects

Now t hat you know how to use ADsPaths to distinguish between different namespaces, we'll demonstrate how to establish a connection and authenticate to the server containing the directory service you want to access. Authenticating a connection isn't always necessary; some directories, such as Active Directory, allow anonymous read-only access to certain parts of the directory tree if you configure it that way. In general though, allowing anonymous access is not a good practice. It can make things much more difficult to troubleshoot if you discover that one of your domain controllers is being impacted by an overzealous client. When using ADSI, if authentication is not done explicitly, the credentials of the account the script is running under will be used. If the account running the script is not part of the Active Directory you want to query or in a trusted domain, you will not be able to do very much. That's why performing explicit authentication in ADSI scripts is generally the best way to go.

If you just want to bind using the current account's credentials to a directory server to get a reference to an object, use the GetObject function:

Dim strPath      'path to the directory server Dim objMyDomain  'root object of the directory strPath = "LDAP://dc=amer,dc=rallencorp,dc=com" Set objMyDomain = GetObject(strPath)

The code begins by declaring two variables with VBScript Dim statements. The first variable, strPath, is an ADsPath. The prefix str specifies that this ADsPath is a text string. The second variable, objMyDomain, is a reference to the object in the directory that the ADsPath represents. The prefix obj specifies that the variable is an object.

Next, we assign the strPath variable to the path of the directory server you want to bind to, in this case, LDAP://dc=amer,dc=rallencorp,dc=com. You need to enclose this path in quotation marks, because it's a text string.

Finally, we use VBScript's Set statement with the GetObject method to create a reference between the variable you declared and the existing object with which we want to interact. In this case, we're creating a reference between objMyDomain and the existing object that the ADsPath LDAP://dc=amer,dc=rallencorp,dc=com represents (i.e., the domain object of the amer.rallencorp.com domain). After we've established this reference, we can use other IADs-based interfaces to interact with that object.

with Alistair Lowe-Norris