Simple Manipulation of ADSI Objects
Let’s now take a look at simple manipulation of
Active Directory objects using ADSI. We are using Active Directory as
the primary target for these scripts, but the underlying concepts are
the same for any supported ADSI namespace and automation language.
All the scripts use GetObject
to instantiate
objects, assuming you are logged in already with an account that has
administrator privileges; if you aren’t, you need to
use IADsOpenDSObject::OpenDSObject
as shown
earlier in the chapter.
The easiest way to show how to manipulate objects with ADSI is
through a series of real-world examples, the sort of simple tasks
that form the building blocks of everyday scripting. To that end,
imagine that you want to perform the following tasks on the
mycorp.com
Active Directory
forest:
Create an Organizational Unit called Sales.
Create two users in the Sales OU.
Iterate through the Sales OU and delete each user.
Delete the Organizational Unit.
This list of tasks is a great introduction to how ADSI works because we will reference some of the major interfaces using these examples.
Creating the OU
The creation process for the Sales Organizational Unit is the same as for any object. First you need to get a pointer to the container in which you want to create the object. You do that using the following code:
Set objContainer = GetObject("LDAP://dc=mycorp,dc=com")
Tip
While VBScript and VB have the GetObject
function, VC++ has no such built-in function. ADSI provides the ADsGetObject ...
Get Active Directory, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.