Active Directory Scripting Overview

Previous page
Table of content
Next page

To automate administrative tasks for Windows Server 2003 systems specifically aimed at managing Active Directory objects such as users, groups, and computers, VBScripts must use commands and references associated with predefined programming object models. A programming object model defines the hierarchy of an object, such as a user object in Active Directory or the directory structure itself. An object model defines which properties or attributes of an object can be accessed and also how the object is accessed or changed.

For example, an Active Directory user object has a property called SamAccountName. The value of this property is used as the user's logon name, and the SamAccountName property is accessed through the property's Get or Put methods. Active Directory Services Interface (ADSI) provides the Get, GetEx, and GetInfo methods to connect or read data from Active Directory or an Active Directory object. To create or modify an object and its properties, a script would reference the Put, PutEx, or SetInfo method. Microsoft provides several object models that, in some cases, overlap in functionality, but they are usually tailored to provide an interface to a particular type of resource or object.

Active Directory Objects

Active Directory has a few objects that regular administrators will need to access and manage. For example, users, groups, computers, and contact objects will need to be managed to set security, make configuration changes, or add or remove members from groups. To access these objects and read or set values on particular object's properties, VBScript needs to connect to that object or objects using a specific interface that provides the access.

The interface is commonly referred to as the application programming interface (API), which contains one or several programming object models that can be referenced through it. As an example, the Active Directory Services Interface provides access to an Active Directory user object using a built-in, predefined user object model. The ADSI user object model provides the ability to access most of the user properties. The object properties available are usually defined by what properties are available for that object, as defined in the Active Directory Schema. The Active Directory Schema defines all properties an object could ever have. It defines which properties are mandatory and must be defined before a new object can be created, and it defines the characteristics of object properties. For example, a user object property of Last Name is an optional attribute. If populated, it will need to have at least one character but no more that 128 as defined in the Active Directory Schema.

To access and modify all the attributes on Active Directory objects, you can use several different application programming interfaces and programming object models to manage the entire directory or a single directory object. After the next few sections cover frequently used object and directory interfaces, we will provide and outline a few sample scripts to show how different technologies can be used when you need to script an administrative task. Half the battle associated with scripting is knowing which object models and interfaces can be used to perform the task or access the desired object in the directory. After the use of the interface is revealed, it is only a matter of finding the property names and the methods available to manipulate the object properties.

Active Directory Services Interface

ADSI is a directory service model that was developed to create a single interface to access and modify directories and directory objects. ADSI supports several directories such as Microsoft Exchange 5.5, Novell NetWare NDS, and Microsoft Active Directory. Using ADSI, you can automate many directory-related tasks, such as creating users or dynamically adding or removing members from groups. ADSI will be used in conjunction with ADO, CDO, WMI, and VBScript when devices in the enterprise need to be located and when directory objects need to be created or modified.

Working with Active Directory Objects

Active Directory objects can be created, deleted, or modified using scripts. Before any object can be accessed, a connection to the directory must first be established. You perform this task by presenting a directory services path to the directory container using a standard protocol. For example, to connect to Active Directory, you can use the LDAP protocol to connect and use ADSI to specify the directory container object to connect to. By using the string "LDAP://CN=Users,DC=Companyabc,DC=com", you can use a specific ADSI method called Get to connect to the Users container in the Companyabc.com domain. When the connection or binding is established, the container can be queried for a list of computers, users, or groups; or new objects can be created. The initial binding to the directory determines the root starting point for directory searches and sets the level of permission granted to the directory, which is based on the user context in which the script is run.



Previous page
Table of content
Next page
Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499
Authors: Rand Morimoto, Michael Noel, Alex Lewis
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Metrics and Models in Software Quality Engineering (2nd Edition)
SQL Hacks
Cisco CallManager Fundamentals (2nd Edition)
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy