Archive

Posts Tagged ‘ldap provider’

LDAP provider with remote login (VBscript)

23 March 2013 1 comment

Lately I needed to perform some Active Directory code using the LDAP provider that had to connect to a computer in another domain. This is possible, but took some investigation.

Error checking and variable definitions are missing, just a code sample.

Using these values:

strUser = "contoso\testuser"
strPass = "********"
strComp = "dc1.contoso.com" '* the remote domain controller
strAccount = "testfind"

First Part, getting AD info.

Connect to the remote domain controller and query it for the default naming context. This example could return “DC=CONTOSO,DC=COM” in strTargetDncDomain if a login as the testuser was successful.

Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_SERVER_BIND = &h0200

Set objDSO = GetObject("LDAP:")
Set objRootDse = objDSO.OpenDSObject("LDAP:\\" & strComp & "\RootDSE" , _
  strUser, strPass, _
  ADS_SECURE_AUTHENTICATION OR ADS_SERVER_BIND)
strTargetDncDomain = objRootDse.Get("defaultNamingContext")

To summarise, instead of just using GetObject(), you now need to use the OpenDSObject method on an LDAP provider object and provide some extra parameters to the method.

Second Part, searching AD info.

Search the AD for a specific object. If the object is found, you can use it, similar to how the RootDSE object is obtained, just with a different AD path instead of “RootDSE” e.g. the value of strDnFound. The strTargetDncDomain defined in the first example is used here.

This is almost the same as the case without logging on, just a few extra properties needed.

strBase    = "<" & "LDAP:\\" & strComp & "\" & strTargetDncDomain & ">;"
strAttrs = "distinguishedName,sAMAccountName;"
strScope = "subtree"
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & strAccount & "));"

strQuery = strBase & strFilter & strAttrs & strScope

Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
oConnection.Properties("Encrypt Password") = True
oConnection.Open "Active Directory Provider", strUser, strPass

Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
oCommand.Properties("Page Size") = 100
oCommand.Properties("Timeout") = 30
oCommand.Properties("Cache Results") = False

oCommand.CommandText = strQuery
Set objRS = oCommand.Execute
Do While Not objRS.EOF
  strDnFound = objRS.Fields("distinguishedName")
  objRS.MoveNext
Loop

Here, like in the first example, only a few extra parameters are needed to do a remote login to a specific server.

Advertisements