LDAP server access via VBscript/ADO - vbscript

Can ADO access attributes other that ADsPath and Name when bound to an LDAP server?
Below is the code I use to bind to and query a LDAP server on the internet:
Set ado = CreateObject("ADODB.Connection")
ado.Provider = "ADSDSOObject"
ado.Properties("User ID") = ""
ado.Properties("Password") = ""
ado.Properties("Encrypt Password") = False
ado.Open "NameSearch"
serverName = "xxxxxx.xxxx.xxx"
filterStr = "(objectClass=*)"
Set Ol= ado.Execute("<LDAP://" & serverName & ">;" & filterStr & ";ADsPath;SubTree")
While Not Ol
WScript.Echo Ol.Fields(0).value
Ol.MoveNext
Wend
Also how do assign the search base in the above code to "o= xxxxxx University;c=US"?

See How To Use ADO to Access Objects Through an ADSI LDAP Provider.
The connection object Execute method's
CommandText (first object) is an LDAP
query composed of four elements
separated by semicolons, in the
following format:
<LDAP://server/adsidn>;ldapfilter;attributescsv;scope
where adsidn is the distinguished name
(DN) of the starting point for your
query expressed ADsPath format with
"/" separators and the root of the
namespace to the left. You can also
use an X.500 style attributed name
format with the relative distinguished
names separated by commas and the root
of the name space to the right.
To return the ADsPath, class, and cn
attributes of all the objects in all
the recipient containers in an
Exchange server, you can use the
following CommandText (in URL format):
LDAP:; (objectClass=*);ADsPath,objectClass,cn;subtree
To put it all together,
Dim conn As ADODB.Connection
Dim rs As ADODB.Recordset
Set conn = New ADODB.Connection
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
Set rs = conn.Execute( _
"<LDAP://server/o=organization/o=xxxxxx University/c=US>;" _
& "(objectClass=*);ADsPath,objectClass,cn;subtree")
While Not rs.EOF
Debug.Print rs.Fields(0).Value, rs.Fields(1).Value, _
rs.Fields(2).Value
rs.MoveNext
Wend
conn.Close

Related

How to LDAP query without knowing exact OU

Set objDomain = GetObject("WinNT://abc.local")
For each objDomainItem in objDomain
if objDomainItem.Class = "User" then
'WScript.echo "Name: " & objDomainItem.Name + " : Full Name: " + objDomainItem.FullName
Set objUser = Nothing
err.clear
Set objUser = GetObject("LDAP://cn=" & objDomainItem.FullName & ",OU=IS, OU=Users, OU=ABC Company, DC=ABC, dc=local")
if err.number = 0 then
wscript.echo "distinguishedName: " & objUser.distinguishedName
end if
end if
Next
Right now, this works fine to list all users in the IS department (OU=IS). But when I take out "OU=IS" to list all users in all departments, it returns nothing; no user objects at all. The only way it will return the user object for the given fullName is if I also specify the OU that that user is contained in; but I do not have the OU to supply it.
Our AD structure is
ABC Company --> Users --> IS
ABC Company --> Users --> FINANCE
ABC Company --> Users --> Management
ABC Company --> Users --> Flight Operations
etc etc etc
I want to use the code above to enumerate all users from the "Users" level, down through ALL departments, but again, as soon as I remove "OU=IS", it returns nothing.
Any help?
Do a query with scope Subtree using an ADODB.Connection and an ADODB.Command object:
base = "<LDAP://OU=Users,OU=ABC Company,DC=ABC,DC=local>"
fltr = "(&(objectClass=user)(objectCategory=Person))"
attr = "distinguishedName,sAMAccountName"
scope = "subtree"
Set cn = CreateObject("ADODB.Connection")
cn.Provider = "ADsDSOObject"
cn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = cn
cmd.CommandText = base & ";" & fltr & ";" & attr & ";" & scope
Set rs = cmd.Execute
Do Until rs.EOF
WScript.Echo rs.Fields("distinguishedName").Value
WScript.Echo rs.Fields("sAMAccountName").Value
rs.MoveNext
Loop
Add other attributes to attr as required (the variable contains a list of attribute names as a comma-separated string).
Since these queries require the same boilerplate code every time, I got fed up with writing it over and over again some time ago and wrapped it in a custom class (ADQuery) to simplify its usage:
'<-- paste or include class code here
Set qry = New ADQuery
qry.SearchBase = "OU=Users,OU=ABC Company,DC=ABC,DC=local"
qry.Attributes = Array("distinguishedName", "sAMAccountName")
Set rs = qry.Execute
Do Until rs.EOF
WScript.Echo rs.Fields("distinguishedName").Value
WScript.Echo rs.Fields("sAMAccountName").Value
rs.MoveNext
Loop

Search in active directory forest

I have multiple domains in our Active Directory like below:
pnc.com → root domain
europe.pnc.com → Child domain
asia.pnc.com → Child domain
americas.pnc.com → Child domain
I want a write a VBScript that can search for a user in entire forest and show me the location of the user object.
I have tried in the past searching like this but I had to give the exact domain name.
You need to enable referral chasing for subordinate domains:
Set rootDSE = GetObject("LDAP://RootDSE")
base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
filter = "(&(objectClass=user)(objectCategory=Person))"
attr = "distinguishedName"
scope = "subtree"
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.Properties("Chase referrals") = &h20
cmd.CommandText = base & ";" & filter & ";" & attr & ";" & scope
Set rs = cmd.Execute
...
Back in the day I wrote a wrapper class for AD queries, which enables this by default:
'add/import class here
Set qry = New ADQuery
qry.Filter = "..."
qry.Attributes = Array("sAMAccountName", ...)
Set rs = qry.Execute
...

Why does VBScript fail with a “Type mismatch" error?

I am experiencing difficulty with the following VBS
set conn = createobject("ADODB.Connection")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
strQueryDL = "<LDAP://company.address.com/cn=address>;(&(objectCategory=person)(objectClass=user));distinguishedName,adspath;subtree"
set objCmd = createobject("ADODB.Command")
objCmd.ActiveConnection = Conn
objCmd.Properties("SearchScope") = 2 ' we want to search everything
objCmd.Properties("Page Size") = 500 ' and we want our records in lots of 500
objCmd.CommandText = strQueryDL
Set objRs = objCmd.Execute
While Not objRS.eof
wscript.echo objRS.Fields("distinguishedName")
' do something with objRS.Fields("distinguishedName")'
objRS.MoveNext
Wend
Please help me, I just started vbscripting and this was from an answer in this website.
wscript.echo objRS.Fields("distinguishedName")
The error was from the above line/code. How do I display out the field or convert it to display?
LDAP://company.address.com/cn=address is not a valid LDAP URL (see here). The search base must be a distinguished name, e.g.:
LDAP://company.address.com/cn=address,dc=address,dc=com
The distinguished name of the domain (dc=address,dc=com) can be obtained like this:
Set rootDSE = GetObject("LDAP://RootDSE")
WScript.Echo rootDSE.Get("defaultNamingContext")

VB6 Get List of Active Directory Domains

Using VB6, is it possible to get a list of all available domains in active directory?
Thanks,
Alex
Add references for ActiveDS type library, and ADO to your project.
Sub GetDomains()
Dim objRootDSE As IADs
Dim objBase As IADs
Dim path As String
Dim rsDomains As ADODB.Recordset
Dim cnADS As ADODB.Connection
Dim cmdCommand As ADODB.Command
Set objRootDSE = GetObject("LDAP://rootDSE")
path = "LDAP://" & objRootDSE.Get("rootDomainNamingContext")
Set objBase = GetObject(path)
Set cnADS = New ADODB.Connection
cnADS.Provider = "ADsDSOObject"
cnADS.Open "ADSI"
Set cmdCommand = New ADODB.Command
cmdCommand.ActiveConnection = cnADS
cmdCommand.Properties("searchScope") = ADS_SCOPE_SUBTREE
cmdCommand.CommandText = "SELECT Name, distinguishedName FROM '" & objBase.ADsPath & "' WHERE objectCategory = 'domain'"
Set rsDomains = cmdCommand.Execute
Do While rsDomains.EOF = False
List1.AddItem (rsDomains!Name)
rsDomains.MoveNext
Loop
End Sub
I have only the one domain to test this against so I hope you'll need to let me know if it gets all the domains for you. Also please note, I didn't add error handling.

Connecting to OpenLDAP server in vbScript via openDSObject

I have code that works correctly to connect to an Active Directory server:
Dim oDSObj: Set oDSObj = GetObject("LDAP:")
Dim oAuth: Set oAuth = oDSObj.OpenDSObject("LDAP://ldap.domain.com", "DOMAIN\username", "password", 1)
However, I can't seem to figure out the syntax to make this work against an OpenLDAP Server:
Dim oDSObj: Set oDSObj = GetObject("LDAP:")
Dim oAuth: Set oAuth = oDSObj.OpenDSObject("LDAP://ldap.domain.com/ou=Users", "username", "password", 1)
To be honest, I'm a bit of a n00b when it comes to LDAP, so I don't understand what dc vs cn vs ou means (I know they stand for org unit, common name etc) but I don't get when you need to tack that on to queries.
Once I connect to the Active Directory server, the following code queries it:
dc = ""
Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Provider = "ADSDSOObject"
oConn.Open "Ads Provider", "DOMAIN\username", "password" '
Dim rs: Set rs = oConn.Execute("<LDAP://ldap.domain.com" & dc & ">;(& (objectCategory=person)(objectClass=user)(sAMAccountName=" & GetLDAPUserName(sPerson) & "));name,mail,telephoneNumber;subtree")
But I realize that sAMAccountName is an AD specific thing, so the openLDAP code will need a different syntax.
The user is 'ldapuser' with a password of 'password', stored here:
ou=Users,dc=domain,dc=com
What is the code to connect to that LDAP server and query for account info?
I finally figured it out:
sUser = "myusername"
sDN = "cn=" & sUser & ",ou=people,dc=company,dc=com"
sRoot = "LDAP://ldapservername.com/dc=company,dc=com"
Dim oDS: Set oDS = GetObject("LDAP:")
Dim oAuth: Set oAuth = oDS.OpenDSObject(sRoot, sDN, "password", &H0200)
Dim oConn: Set oConn = CreateObject("ADODB.Connection")
oConn.Provider = "ADSDSOObject"
oConn.Open "Ads Provider", sDN, "password"
Dim rs
Set rs = oConn.Execute("<" & sRoot & ">;(uid=" & sUser & ");cn,mail,telephoneNumber;subtree")
wscript.echo rs("cn").value
wscript.echo rs("mail").value
wscript.echo rs("telephoneNumber").value
Thanx a lot for your code Michael. I've modified it to simply authenticate users (user-password) using the central OpenLDAP server. Here is the code that worked for me (MSAccess 2003):
sUser = "TheUserName"
sDN = "uid=" & sUser & ",o=users,dc=MyDomain,dc=it"
sRoot = "LDAP://MyLDAPServer/o=users,dc=MyDomain,dc=it"
Dim oDS: Set oDS = GetObject("LDAP:")
On Error GoTo AuthError
Dim oAuth: Set oAuth = oDS.OpenDSObject(sRoot, sDN, "ThePassword", &H200)
On Error GoTo 0
MsgBox "Login Successful"
Exit Sub
AuthError:
If Err.Number = -2147023570 Then
MsgBox "Wrong Username or password !!!"
End If
On Error GoTo 0

Resources