What is LDAP?
LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server.
This is an application protocol for querying and modifying directory services running over TCP/IP.
Key aspects of LDAP are:
- Protocol elements are carried directly over TCP or other transport,
bypassing much of the session/presentation overhead.
- Many protocol data elements are encoding as ordinary strings (e.g.,
Distinguished Names).
- A lightweight BER encoding is used to encode all protocol elements.
What is Active Directory?
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.
An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network.
If you are a computer administrator for a large corporation or organization, you can easily update all end users computers with new software, patches, files, etc simply by updating one object in a forest or tree.
Access to information stored in Active Directory is available using standard Active Directory management utilities. They are convenient and fairly easy to use; however, there are situations in which you might want to develop alternative, custom solutions. For example, you might want to quickly access user or group account information from any workstation in your environment.
Technical Details To Access Active Directory via ASP (vb script)
The script below, ListADGroups.vbs, uses Active Data Objects (and an underlying OLE DB Directory Services provider called ADsDSOObject) to extract a list of groups from Active Directory. This involves creating the following ADO objects:
* A Connection object stored in oCon variable,
* A Command object stored in oCmd variable,
* A RecordSet object, stored in oRecordSet variable.
For each of these objects, we set appropriate properties. More specifically, for the Connection object:
* Provider property determines OLE DB provider used for connection to Active Directory (ADSDSOObject)
* sUser variable is the name of the domain user that will be used to connect to Active Directory (replace this value with an actual user name in your domain)
* sPassword variable is a password for the sUser account (set it appropriately as well)
For the Command Object:
* ActiveConnection property is set to the previously created oCon object
* CommandText property consists of semicolon-separated search parameters. The scope is determined by the first parameter, which contains, in this case, the LDAP path of the target domain. The second parameter contains search criteria. objectCategory determines the type of object to search for (groups in our case). The objects are filtered according to the value of the sGroup variable. For example, in order to return all the groups with names that start with the "US" prefix, you would set sGroup to "US*". The value of "*" used in the script returns all the groups within the scope determined by the first parameter (domain in this case). Object properties to be returned are listed in the third parameter (and include group name, LDAP path, description, and group members). Finally, the last parameter specifies search depth (in the hierarchy of Active Directory containers) -- all directory objects in our case.
The outcome of running the Execute method of the ADO Command object is stored in the RecordSet. In order to retrieve the results, the script traverses it record by record and displays contents of each one.
Check Out the Function to Query The Active Directory using LDAP into a recordset
Sub GetDisplayName()
Dim conn
Dim com
Dim oRecordset
'*******************************
'* Open the connection to AD *
'*******************************
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Properties("User ID") = "Dir Mgr"
conn.Properties("Password") = "MyPassword"
conn.Open "LDAP Provider"
Set com = CreateObject("ADODB.Command")
com.ActiveConnection = conn
com.CommandText = "SELECT displayName FROM 'LDAP://MyHost:477/OU=abc,DC=ad,DC=mhkk,DC=com'"
oRecordset = com.Execute
end sub
LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server.
This is an application protocol for querying and modifying directory services running over TCP/IP.
Key aspects of LDAP are:
- Protocol elements are carried directly over TCP or other transport,
bypassing much of the session/presentation overhead.
- Many protocol data elements are encoding as ordinary strings (e.g.,
Distinguished Names).
- A lightweight BER encoding is used to encode all protocol elements.
What is Active Directory?
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.
An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network.
If you are a computer administrator for a large corporation or organization, you can easily update all end users computers with new software, patches, files, etc simply by updating one object in a forest or tree.
Access to information stored in Active Directory is available using standard Active Directory management utilities. They are convenient and fairly easy to use; however, there are situations in which you might want to develop alternative, custom solutions. For example, you might want to quickly access user or group account information from any workstation in your environment.
Technical Details To Access Active Directory via ASP (vb script)
The script below, ListADGroups.vbs, uses Active Data Objects (and an underlying OLE DB Directory Services provider called ADsDSOObject) to extract a list of groups from Active Directory. This involves creating the following ADO objects:
* A Connection object stored in oCon variable,
* A Command object stored in oCmd variable,
* A RecordSet object, stored in oRecordSet variable.
For each of these objects, we set appropriate properties. More specifically, for the Connection object:
* Provider property determines OLE DB provider used for connection to Active Directory (ADSDSOObject)
* sUser variable is the name of the domain user that will be used to connect to Active Directory (replace this value with an actual user name in your domain)
* sPassword variable is a password for the sUser account (set it appropriately as well)
For the Command Object:
* ActiveConnection property is set to the previously created oCon object
* CommandText property consists of semicolon-separated search parameters. The scope is determined by the first parameter, which contains, in this case, the LDAP path of the target domain. The second parameter contains search criteria. objectCategory determines the type of object to search for (groups in our case). The objects are filtered according to the value of the sGroup variable. For example, in order to return all the groups with names that start with the "US" prefix, you would set sGroup to "US*". The value of "*" used in the script returns all the groups within the scope determined by the first parameter (domain in this case). Object properties to be returned are listed in the third parameter (and include group name, LDAP path, description, and group members). Finally, the last parameter specifies search depth (in the hierarchy of Active Directory containers) -- all directory objects in our case.
The outcome of running the Execute method of the ADO Command object is stored in the RecordSet. In order to retrieve the results, the script traverses it record by record and displays contents of each one.
Check Out the Function to Query The Active Directory using LDAP into a recordset
Sub GetDisplayName()
Dim conn
Dim com
Dim oRecordset
'*******************************
'* Open the connection to AD *
'*******************************
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Properties("User ID") = "Dir Mgr"
conn.Properties("Password") = "MyPassword"
conn.Open "LDAP Provider"
Set com = CreateObject("ADODB.Command")
com.ActiveConnection = conn
com.CommandText = "SELECT displayName FROM 'LDAP://MyHost:477/OU=abc,DC=ad,DC=mhkk,DC=com'"
oRecordset = com.Execute
end sub
No comments:
Post a Comment