Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
Active Directory is more than a repository for resources such as accounts, shared printers, and public folders. It is also a searchable database that allows users and administrators to quickly locate these resources. Because computer accounts are stored in Active Directory, you can take advantage of the Active Directory searching capabilities to locate any computer in your organization.
Active Directory supports the following two primary search types:
Select Name from 'LDAP://DC=fabrikam,DC=com' where objectClass = 'computer'
Select Name from 'LDAP://DC=fabrikam,DC=com' where objectClass='computer' and Department = 'Finance'
The filtered search capabilities of Active Directory allow you to write scripts that can run against a specified set of computers even if you do not know the names of those computers. For example, if the Human Resources department moves to a new building, you can retrieve a list of computers for which the value of the Department attribute is equal to Human Resources, and then change the value of the Location attribute. Likewise, you can search Active Directory for a list of all the domain controllers in the domain and then run a monitoring or inventory script against those computers.
When you conduct a search, a recordset is returned that includes each of the computers that meet the search criteria. For more information about working with recordsets, see "Creating Enterprise Scripts" in this book.
Following are some tips that can facilitate Active Directory searches. For more information about searching in Active Directory, see "ADSI Scripting Primer" in this book.
Large Active Directory domains can contain thousands of computers. Instead of searching through all of Active Directory to find the computers of interest, search only the container in which the computer accounts are likely to be stored (for example, in the Finance OU).
Some searches can returns thousands of objects. A return of the entire recordset in one operation can noticeably degrade the performance of the server, the client, and the network. If you expect your search to return a large number of objects, specify a search page size to allow the server to return information in more manageable chunks. For example, rather than return 50,000 records all at once, a search with a page size of 500 allows the computer to return just the first 500 records when the search is completed, and each subsequent set of 500 records only when requested.
When you conduct a search of Active Directory, your search request is queued and the server attempts to satisfy the request as soon as possible. If the server is extremely busy, the request can be delayed or the search can be slow. You can specify a time-out value to make the script wait a set amount of time (for example, 30 seconds) for a reply from the server, and then automatically terminates if no reply is received.
If you need only the common name for each computer, do not retrieve the entire set of attributes. Scripts returning fewer attributes run faster and minimize the amount of data that must be transmitted across the network.
Instead of returning a list of all the computers, return only the computers that meet specific criteria (for example, only the computers located in a particular building or only the computers with a particular version of the operating system installed).
Send us your feedback | « Previous | Next » |