Windows 2000, Active Directory, Organisational Units, Schemas, namespaces, group policy. All these new buzzwords surrounding Microsoft’s new directory service deployed with Windows 2000.
In this article I’ll walk you through the basics of scripting some simple functions using the Active Directory Services Interface (or ADSI). This powerful set of functions can be harnessed to our benefit by providing a more customized and automated way to perform a variety of different tasks.
Firstly it’s important for us to understand how ADSI works, the jargon and where all this stuff becomes useful.
OK, well, ADSI is really a set of interfaces through which a provider (for example the Windows NT system) can publish its functionality. Each provider must conform to the basics of the ADSI structure, although it can offer additional features.
This may sound a little confusing, so lets use a diagram to help out:
This diagram (hopefully) makes the concept of namespaces and ADSI a bit clearer. Firstly, your code interacts with the ADSI structure. Through a set of common interfaces (IADsContainer etc) a variety of providers can make their data available. In this example the WinNT provider is being made available through the ADSI structure, with the data being Windows NT user information and other such details.
To put these things in to a more practical application lets look at some simple but useful scripts using ADSI and the WinNT provider…
Below are a few simple scripts written in VB Script, which allow an administrator to create users, add users to groups, change passwords and reset passwords. The code is pretty self explanatory, but if you have any queries please use the Post Feedback Now link at the bottom of the page.
'Add a new user using ADSI and the WinNT namespaceSet adsDomain = GetObject("WinNT://MyDomain")Set adsUser = adsDomain.Create("user","shuggill")adsUser.SetInfo'Now add the user to a groupSet adsGroup = GetObject("WinNT://MyDomain/MyGroup")adsGroup.Add "WinNT://MyDomain/shuggill"'Change the user's passwordSet adsUser = GetObject("WinNT://MyDomain/shuggill")adsUser.ChangePassword "oldpassword", "newpassword"adsUser.SetInfo'Reset the user's passwordSet adsUser = GetObject("WinNT://MyDomain/shuggill")AdsUser.SetPassword "newpassword"
Now that we have looked at the way ADSI fits together with a variety of providers and some simple scripts, lets look at the best way to store the code.
There are two ways in which we can encapsulate our ADSI code. Firstly, we can use simple VB Scripts (a .vbs extension). This is the best approach if you are going to be performing server management at the server itself, or on the same subnet. In that way you can execute scripts locally from the command line, making these administrative tasks quick and simple.
However, if you server will be located separately from you, or you want to perform administration over your intranet or even the Internet, then you might want to consider wrapping up the code in a DLL, being made accessible by a set of ASP pages.
For our example we will be placing the code in a DLL, written in VB, and called from ASP. For more information on using ASP to access DLLs, take a look at: http://www.vbsquare.com/internet/aspdev/
Ok. Well I wont go into great details in writing the DLL, but here are several steps you need to take to ensure you can access your DLL:
-Create a class module named clsAdmin
-Set the Instancing property to 5 — Multiuse
-Place your code in the class module, defining the routines as Public
-Compile your DLL as per normal
Now that you have your DLL setup, all you need to do is write several nice looking ASP pages to provide an interface, and place some VB Script code behind it to interface with the DLL. Here’s a quick snippet of code to access your DLL from ASP:
<%Set objAdmin = Server.CreateObject("Project1.clsAdmin")ObjAdmin.ResetPassword "username","password"Set objAdmin = Nothing%>
To download a demonstration DLL and set of ASP pages click on the link below:
Now that we have the basics in place, lets go on to learn how to build a small scale, web based management system using ADSI!
In this example we are going to build our own web based management system using the concepts presented in this article.
The demo will have a backend VB DLL, and two interfaces that should be useful. The first interface is a standard VB Client interface, allowing you to perform the following:
-View all users in a group
-Remove a user
-Add a user
-Change a user’s password
-Reset a user’s password
There is also a simple ASP interface, that provides all of the above features bar viewing all the users in a group (this is due to VB Scripts lack of support for collections).
To get all this to work you will have to download the demo project from here:http://www.vbsquare.com/demos/adsi-demo/
Unzip the lot, and register the prjAdmin.DLL file on your web server (must be IIS). Place the ASP files in your wwwroot area somewhere, and point your browser to default.asp. From there you can test out the DLL. Make sure that you enter the correct details in the forms, otherwise errors may occur (there is no error handling currently!)
The VB client requires the DLL to be registered but can be run normally to see how VB interacts with our component. The source code for the DLL is included, so have a look around and see how it all works.
If you have any problems don’t hesitate to email me at: [email protected]