Recipe 4.6 Searching the Global Catalog

4.6.1 Problem

You want to perform a forest-wide search using the global catalog.

4.6.2 Solution

4.6.2.1 Using a graphical user interface
  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a global catalog server.

  4. For Port, enter 3268.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter credentials of a user.

  8. Click OK.

  9. From the menu, select Browse Search.

  10. For BaseDN, type the base distinguished name where to start the search.

  11. For Scope, select the appropriate scope.

  12. For Filter, enter an LDAP filter.

  13. Click Run.

4.6.2.2 Using a command-line interface
> dsquery * <BaseDN> -gc -scope <Scope> -filter "<Filter>" -attr "<AttrList>"
4.6.2.3 Using VBScript
' This code searches the global catalog ' ------ SCRIPT CONFIGURATION ------ strBase    =  "<GC://<BaseDN>>;" strFilter  = "<Filter>;" strAttrs   = "<AttrList>;" strScope   = "<Scope>" ' ------ END CONFIGURATION --------- set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) objRS.MoveFirst while Not objRS.EOF     Wscript.Echo objRS.Fields(0).Value     objRS.MoveNext wend

4.6.3 Discussion

The global catalog facilitates forest-wide searches. When you perform a normal LDAP search over port 389, you are searching against a particular partition in Active Directory, whether that is the Domain naming context, Configuration naming context, Schema naming context, or application partition. If you have multiple domains in your forest, this type of search will not search against all domains.

The global catalog contains all a subset of the attributes for all objects in the forest (excluding objects in application partitions). Think of it as a subset of all the naming contexts combined. All objects will be contained in the global catalog, except for objects in application partitions, but only some of the attributes will be available. For that reason, if you perform a global catalog search and do not get values for attributes you were expecting to, make sure those attributes are included in the global catalog, also known as the partial attribute set (PAS). See Recipe 10.14 for more information.

4.6.3.1 Using a graphical user interface

The only difference between this solution and Recipe 4.5 is that the "Port" has changed to 3268, which is the standard GC port.

4.6.3.2 Using a command-line interface

The only difference between this solution and Recipe 4.5 is the addition of the -gc flag.

4.6.3.3 Using VBScript

The only difference between this solution and Recipe 4.5 is that strBase variable changed to use the GC: progID:

strBase  =  "<GC://<BaseDN>>;"

4.6.4 See Also

Recipe 4.5 for searching for objects, and MSDN: Searching with ActiveX Data Objects (ADO)



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net