Using the LDAP Provider

The ADSI LDAP provider looks superficially similar to the WinNT provider, but uses LDAP-style naming conventions to name specific objects. A typical LDAP connection might look like this:

Dim objDomain

Set objDomain = GetObject("LDAP://dc=braincore,dc-net")

Notice that the LDAP provider is specified, and then an LDAP naming path is listed. In this case, objDomain will become a reference to the braincore.net domain. Perhaps the most confusing part of these LDAP paths is figuring out which components to use.

• Use DC when specifying any portion of a domain name. Always list the domain name components in their regular order. For example, a domain named east.braincore.net would have an LDAP path of "dc=east,dc=braincore,dc=net". DC stands for domain component, not domain controller; this type of LDAP path will force ADSI to find a domain controller following Windows' normal rules for doing so.

• Use OU when specifying an organizational unit. For example, to connect to the Sales OU in the braincore.net domain, specify "ou=sales,dc=braincore,dc=net". Notice that the domain name components are still required, so that ADSI can locate the domain that contains the OU.

• Use CN when specifying a common name, such as a user, group, or any of the built-in AD containers. Remember that the Users, Computers, and Built-in containers aren't technically OUs, and so they can't be accessed with the OU component. To connect to the Users container, use "cn=Users,dc=braincore,dc=net". To connect to a specific user, you can just specify the user and domain name: "cn=Donj,dc=braincore,dc=net". You don't need to specify the OU, because AD won't normally allow two users in the same domain to have the same name.

After you've bound to an object, you can work with its properties. For example, suppose I want to modify the description of a particular user group. The following code will do it.

Dim objGroup

Set objGroup = GetObject( _

 "cn=Sales,ou=EastSales,dc=domain,dc=com")

objGroup.Put "description", "Eastern Sales representatives"

objGroup.SetInfo

The Put method allows me to specify a property to modify (in this case, the description of the group), and a new value. I have to call SetInfo to actually save the change. This is a straightforward technique with single-value properties like description; many AD properties, however, are multivalued. For example, the otherTelephone property can contain multiple telephone numbers. Here's how you might modify them.

Dim objUser

Set objUser = GetObject("cn=DonJ,ou=Sales,dc=braincore,dc=net")

objUser.PutEx 3, "otherTelephone", Array("555-1212")

objUser.SetInfo

The PutEx method accepts three parameters. The last two should look familiar: They're the property name and the value you're adding. The first parameter tells PutEx what you're doing.

• 1: Clear all values

• 2: Update all entries

• 3: Append an entry

• 4: Delete an entry

You can make these a bit easier to work with by specifying constants. For example:

Const MVP_CLEAR = 1

Const MVP_UPDATE = 2

Const MVP_APPEND = 3

Const MVP_DELETE = 4



Dim objUser

Set objUser = GetObject("cn=DonJ,ou=Sales,dc=braincore,dc=net")

objUser.PutEx MVP_APPEND, "otherTelephone", Array("555-1212")

objUser.SetInfo

Whenever you're modifying a multivalued property more than once in a script, be sure to call SetInfo after each modification. Otherwise, ADSI will lose track of what you're doing, and only the last change will be saved back to the directory.