Binding to Objects Via Authentication
Whenever we need to access the properties of an object in Active Directory, we bind to it using VBScript’s GetObject function or the ADSI method IADsOpenDSObject::OpenDSObject. The circumstances in which each method should be used to access Active Directory is very clear-cut but deserves to be outlined here, as it will be important whenever you construct ASPs.
When to Use VBScript’s GetObject Function
By default, many of the objects and properties within Active Directory can be read by any authenticated user of the forest. As an example, here is some code to connect to an Organizational Unit called Sales under the root of the domain. This code works under the WSH:
Set objSalesOU = GetObject("LDAP://ou=Sales,dc=mycorp,dc=com")
Wscript.Echo objSalesOU.DescriptionHere is the same script incorporated into an ASP:
<HTML>
<HEAD>
<TITLE>Binding to an existing Organizational Unit</TITLE>
</HEAD>
<BODY>
<%
Set objSalesOU = GetObject("LDAP://ou=Sales,dc=mycorp,dc=com")
Response.Write "The Sales OU description is: " & objSalesOU.Description
%>
</BODY>
</HTML>This mechanism works perfectly when you wish to have read-only access
to properties of objects that can be read without special privileges.
Using GetObject is not appropriate in the
following cases:
You want to write properties of an object.
The object you are attempting to bind to requires elevated privileges to access.
While it may make little sense, it is perfectly feasible to restrict read access to ...
Get Active Directory, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
