Re: Enumerate User Attributes

Lee,

First, thank you for such a quick reply.

Unfortunately, I don't have the equipment and/or knowledge to duplicate
AD in a VM. Also, I have put so much time (with your assistance) into
getting the ADAM instance to duplicate the objects and attributes from
my production AD, I hate to give all of that up unless what I am try to
accomplish is impossible. I feel I have come such a long way with ADAM
as my test bed, i hate to give it up now.

I really despise being such a newbie at this, but admittedly, when you
commented in your post regarding defaultNamingContext, I am lost.
Maybe if i ask the question a little differently, it will help. Let me
try again...

I have found many querys/scripts/examples which could be the beginnings
of what i am try to accomplish. However, in many cases, the code
references "rootDSE" and "defaultNamingContext". In the article
"Madam, I'm ADAM" from the scripting clinic, it states:

"So why don't we recommend that you use rootDSE when binding to an ADAM
instance? That's easy: it won't work. Well, that's only partially true.
You can use rootDSE to bind to a few things, such as the configuration
partition. However, because ADAM doesn't have a true domain partition,
and because it doesn't support the use of defaultNamingContext, you
can't use rootDSE to bind to an OU, a user account, a group, or
anything else of day-to-day interest. Instead, you have to either
hardcode dc=fabrikam,dc=com into the script, or provide a way for a
user to supply that information when the script runs (for example, as a
command-line parameter)."

I guess what I am trying to find out is what the proper binding syntax
should be in a query or script to run against ADAM to replace the
standard syntax used to bind to AD such as:

Set objRootDSE = GetObject("LDAP://rootDSE";)
Set objContainer = GetObject("LDAP://cn=Users,"; _
objRootDSE.Get("defaultNamingContext"))

>>From the article the most i understand is i need to bind to the
computer and port specifically.
What I have tried is:
Set objRootDSE = GetObject("LDAP://localhost:389/dc=fsi,dc=com";)
Set objContainer = GetObject("LDAP://localhost:389/dc=fsi,dc=com,";
objRootDSE.Get("defaultNamingContext"))

But as you already know, the above will not work.
Could you tell me the proper syntax and how I navigate to the location
you specified in your above comments?


Also, since my original post, I have found the utility "adfind"
referenced on several posts and got it from joeware.net and up to this
point, i have been able to come up with the following which returns all
users displaynames, title and department for the OU specified. If I
don't specify an OU it will return results for all users of the domain:

C:\WINDOWS\ADAM>adfind -list -h localhost:389 -b
"ou=1173,ou=plants,dc=fsi,dc=com" -f "(&(o
bjectcategory=person)(objectclass=user))" displayname title department
memberOf

Example Output from one user:
Smith, John (displayname)
CN=1173.Instructors,OU=Distribution
Lists,OU=1173,OU=Plants,DC=fsi,DC=COM (memberOf group)
CN=ESS_Time_Approver,OU=Portal,DC=fsi,DC=COM (memberOf group)
CN=FSI_Everyone,OU=Portal,DC=fsi,DC=COM (memberOf group)
Technician 1 (title)
Electronics (department)

Now I am wondering if it is possible to use "AdFind" along with
additional code/query/script to generate a list of users and attributes
and then determine group membership accordingly.

Comments and criticism are greatly appreciated....i don't mind
criticism at all.

.

Relevant Pages

  • Re: Enumerate User Attributes
    ... I don't have the equipment and/or knowledge to duplicate ... I feel I have come such a long way with ADAM ... > You can use rootDSE to bind to a few things, ... > don't specify an OU it will return results for all users of the domain: ...
    (microsoft.public.windows.server.active_directory)
  • Re: How Redirect ADAM to AD ?
    ... To use a simple bind, you must create bind proxy objects in ADAM for your AD ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... LDAP bind, then a bind proxy is what you want to create. ...
    (microsoft.public.windows.server.active_directory)
  • Re: adam bind-redirect
    ... could benefit from bind redirect/User Proxy Object ... The store for Azman will also be an ADAM. ... > They have there own SSO solution thats similar to forms authentication. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Sign in Problem
    ... Are you trying to do simple bind with a Windows user? ... By default, ADAM can ... exist in the Adam Instance and ist not disabled. ... account is disabled due a password that does not conform to the ...
    (microsoft.public.windows.server.active_directory)
  • Re: How Redirect ADAM to AD ?
    ... If you wish to authenticate your users in AD against ADAM using a simple ... LDAP bind, then a bind proxy is what you want to create. ... In order to be able to authenticate my users with their account AD I ...
    (microsoft.public.windows.server.active_directory)