Let’s now take a look at simple manipulation of
Active Directory objects using ADSI. We are using Active Directory as
the primary target for these scripts, but the underlying concepts are
the same for any supported ADSI namespace and automation language.
All the scripts use
GetObject to instantiate
objects, assuming you are logged in already with an account that has
administrator privileges; if you aren’t, you need to
IADsOpenDSObject::OpenDSObject as shown
earlier in the chapter.
The easiest way to show how to manipulate objects with ADSI is
through a series of real-world examples, the sort of simple tasks
that form the building blocks of everyday scripting. To that end,
imagine that you want to perform the following tasks on the
mycorp.com Active Directory
Create an Organizational Unit called Sales.
Create two users in the Sales OU.
Iterate through the Sales OU and delete each user.
Delete the Organizational Unit.
This list of tasks is a great introduction to how ADSI works because we will reference some of the major interfaces using these examples.
The creation process for the Sales Organizational Unit is the same as for any object. First you need to get a pointer to the container in which you want to create the object. You do that using the following code:
Set objContainer = GetObject("LDAP://dc=mycorp,dc=com")
While VBScript and VB have the
GetObject function, VC++ has no such built-in function. ADSI provides the ADsGetObject ...