Home > Windows > LDAP provider with remote login (VBscript)

LDAP provider with remote login (VBscript)

Lately I needed to perform some Active Directory code using the LDAP provider that had to connect to a computer in another domain. This is possible, but took some investigation.

Error checking and variable definitions are missing, just a code sample.

Using these values:

strUser = "contoso\testuser"
strPass = "********"
strComp = "dc1.contoso.com" '* the remote domain controller
strAccount = "testfind"

First Part, getting AD info.

Connect to the remote domain controller and query it for the default naming context. This example could return “DC=CONTOSO,DC=COM” in strTargetDncDomain if a login as the testuser was successful.

Const ADS_SERVER_BIND = &h0200

Set objDSO = GetObject("LDAP:")
Set objRootDse = objDSO.OpenDSObject("LDAP:\\" & strComp & "\RootDSE" , _
  strUser, strPass, _
strTargetDncDomain = objRootDse.Get("defaultNamingContext")

To summarise, instead of just using GetObject(), you now need to use the OpenDSObject method on an LDAP provider object and provide some extra parameters to the method.

Second Part, searching AD info.

Search the AD for a specific object. If the object is found, you can use it, similar to how the RootDSE object is obtained, just with a different AD path instead of “RootDSE” e.g. the value of strDnFound. The strTargetDncDomain defined in the first example is used here.

This is almost the same as the case without logging on, just a few extra properties needed.

strBase    = "<" & "LDAP:\\" & strComp & "\" & strTargetDncDomain & ">;"
strAttrs = "distinguishedName,sAMAccountName;"
strScope = "subtree"
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & strAccount & "));"

strQuery = strBase & strFilter & strAttrs & strScope

Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
oConnection.Properties("Encrypt Password") = True
oConnection.Open "Active Directory Provider", strUser, strPass

Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
oCommand.Properties("Page Size") = 100
oCommand.Properties("Timeout") = 30
oCommand.Properties("Cache Results") = False

oCommand.CommandText = strQuery
Set objRS = oCommand.Execute
Do While Not objRS.EOF
  strDnFound = objRS.Fields("distinguishedName")

Here, like in the first example, only a few extra parameters are needed to do a remote login to a specific server.

  1. JFoushee
    14 February 2017 at 17:09

    Kept receiving the error message “An invalid directory pathname was passed” until I changed the backslash to slash (LDAP:\\ -> LDAP://)

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: