Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
The script in Listing 7.25 is limited to returning the name attribute of objects in the Management OU. If there are child OUs of the Management OU, objects within the child OUs are not searched for the value of their name attribute. To find all objects meeting the criteria of the search in the Management OU and all child OUs, change the search scope from onelevel (line 10 in Listing 7.25) to subtree.
To expand the search to all objects in the domain, modify the search base to the domain and specify subtree as the search scope. The LDAP search dialect as it would appear in a script for this search is the following:
objCommand.CommandText = _
"<LDAP://dc=NA,dc=fabrikam,dc=com>;
"& _
"(&(objectCategory=person)(objectClass=user));
"& _
"name;subtree
"
Using the LDAP moniker in the LDAP search dialect of the preceding example limits the search to the contents of the na.fabrikam.com domain by default. Any child domains of na.fabrikam.com are not searched. This default behavior can be changed, but if the attributes that should be returned by the script are in the global catalog, a better option is to use the GC moniker to bind to the global catalog instead of the domain.
Unlike the domain, the global catalog contains a partial attribute list of all objects in its domain and all child domains. Therefore, if you bind to a global catalog server in the root domain, you can perform a forest-wide search from a single global catalog server.
Listing 7.26 contains a script that uses LDAP search dialect to limit a result set to the values of an attribute assigned to a specific type of user account in a forest. To carry out this task, the script performs the following steps:
Lines 8 10 specify the search base, two search filters, the attribute to return, and the search scope.
The search base binds to the global catalog because the name attribute is contained in the global catalog, and the global catalog in the root domain contains a partial replica of all objects in the forest.
Listing 7.26 Performing a Search to Display the Names of User Account Types That Are Security Principals in a Forest
|
|
Send us your feedback | « Previous | Next » |