As in a traditional LDAP directory, to create objects in the Active Directory, you must know several pieces of information, including the following:
The desired location in the directory
The class of the object to be created
The appropriate values for the mandatory attributes for the selected class
To help determine which attributes are required for each object class, consider Table 12.1, which describes the most commonly created objects in the Active Directory:
Object Class | Mandatory Attribute(s) | Attribute Datatype(s) |
---|---|---|
computer | cn | String |
sAMAccountName | String | |
contact | cn | String |
container | cn | String |
group | cn | String |
groupType | Integer | |
sAMAccountName | String | |
locality | l | String |
organizationalUnit | ou | String |
printQueue | cn | String |
shortServerName | String | |
serverName | String | |
printerName | String | |
versionNumber | Integer | |
uNCName | String | |
user | cn | String |
sAMAccountName | String |
Use the following Visual Basic code as a guide to create any object in the Active Directory:
Dim RootDSE As IADs Dim Container As IADsContainer Dim RelativePathToObject As String Dim ObjectClass As String Dim ObjectName As String Dim NewObject As IADs Dim MandatoryProperty1_Name As String Dim MandatoryProperty1_Value As String 'Define more mandatory properties as needed RelativePathToObject = "ou=administrators," ObjectClass = "user" ObjectRelativeName = "cn=TestAdmin" MandatoryProperty1_Name = "sAMAccountName" MandatoryProperty1_Value = "TestAdmin" 'If you dimensioned additional mandatory properties, assign them here Set RootDSE = GetObject("LDAP://RootDSE") Set Container = GetObject("LDAP://" & RelativePathToObject & RootDSE.Get("defaultNamingContext")) Set NewObject = Container.Create(ObjectClass, ObjectRelativeName) NewObject.Put MandatoryProperty1_Name, MandatoryProperty1_Value 'Assign additional mandatory properties to the object here NewObject.SetInfo
Note
To create groups, computer accounts, or user accounts in the Active Directory, follow the code found in Chapter 3, "Container Enumeration Methods and Programmatic Domain Account Policy Manipulation," used to create each respective object type (after the binding operation takes place and the sAMAccountName has been set).
To create these objects on Windows 2000 member servers or workstations, simply follow the code used for Windows NT infrastructures .
To find the mandatory properties of a class for any existing object in the directory, use the following Visual Basic code:
Dim RootDSE As IADs Dim ObjectName As IADs Dim ObjectClass As IADs Dim RelativePath As String Dim Obj As IADs Dim MandatoryProperty As Variant RelativePath = "cn=System," Set RootDSE = GetObject("LDAP://RootDSE") ADsPath = "LDAP://" & RelativePath & RootDSE.Get("DefaultNamingContext") Set ObjectName = GetObject(ADsPath) Debug.Print "Object Name: " & ObjectName.Name Debug.Print "Object Class: " & ObjectName.Class Set ObjectClass = GetObject(ObjectName.Schema) For Each MandatoryProperty In ObjectClass.MandatoryProperties Debug.Print vbTab & MandatoryProperty Next
Top |