Re: Enumerate User Attributes
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 16:48:38 -0600
Hi Moe,
One thing about the article you quote is that it is not quite correct.
While it is true that ADAM does not define a defaultNamingContext attribute
*by default*, you can create one as Lee previously suggested. This will
give you parity with AD to use it to bootstrap a naming context to use for a
search root.
The reason ADAM doesn't define a defaultNamingContext by default is that it
doesn't make sense in the same way that AD does. For a domain controller,
it makes sense that the domain naming context would be the default.
However, ADAM can have multiple partitions and might not have any at all, so
it makes sense that you would have to choose one to be the "default" if you
want that functionality.
Like Lee suggested, you can always supply the root via some sort of
configuration or parameter or enumerate the namingContexts attribute.
Joe K.
"Moe" <flightsafetyinternational@xxxxxxxxx> wrote in message
news:1136397671.386792.181090@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Lee,
>
> First, thank you for such a quick reply.
>
> Unfortunately, I don't have the equipment and/or knowledge to duplicate
> AD in a VM. Also, I have put so much time (with your assistance) into
> getting the ADAM instance to duplicate the objects and attributes from
> my production AD, I hate to give all of that up unless what I am try to
> accomplish is impossible. I feel I have come such a long way with ADAM
> as my test bed, i hate to give it up now.
>
> I really despise being such a newbie at this, but admittedly, when you
> commented in your post regarding defaultNamingContext, I am lost.
> Maybe if i ask the question a little differently, it will help. Let me
> try again...
>
> I have found many querys/scripts/examples which could be the beginnings
> of what i am try to accomplish. However, in many cases, the code
> references "rootDSE" and "defaultNamingContext". In the article
> "Madam, I'm ADAM" from the scripting clinic, it states:
>
> "So why don't we recommend that you use rootDSE when binding to an ADAM
> instance? That's easy: it won't work. Well, that's only partially true.
> You can use rootDSE to bind to a few things, such as the configuration
> partition. However, because ADAM doesn't have a true domain partition,
> and because it doesn't support the use of defaultNamingContext, you
> can't use rootDSE to bind to an OU, a user account, a group, or
> anything else of day-to-day interest. Instead, you have to either
> hardcode dc=fabrikam,dc=com into the script, or provide a way for a
> user to supply that information when the script runs (for example, as a
> command-line parameter)."
>
> I guess what I am trying to find out is what the proper binding syntax
> should be in a query or script to run against ADAM to replace the
> standard syntax used to bind to AD such as:
>
> Set objRootDSE = GetObject("LDAP://rootDSE";)
> Set objContainer = GetObject("LDAP://cn=Users,"; _
> objRootDSE.Get("defaultNamingContext"))
>
>>>From the article the most i understand is i need to bind to the
> computer and port specifically.
> What I have tried is:
> Set objRootDSE = GetObject("LDAP://localhost:389/dc=fsi,dc=com";)
> Set objContainer = GetObject("LDAP://localhost:389/dc=fsi,dc=com,";
> objRootDSE.Get("defaultNamingContext"))
>
> But as you already know, the above will not work.
> Could you tell me the proper syntax and how I navigate to the location
> you specified in your above comments?
>
>
> Also, since my original post, I have found the utility "adfind"
> referenced on several posts and got it from joeware.net and up to this
> point, i have been able to come up with the following which returns all
> users displaynames, title and department for the OU specified. If I
> don't specify an OU it will return results for all users of the domain:
>
> C:\WINDOWS\ADAM>adfind -list -h localhost:389 -b
> "ou=1173,ou=plants,dc=fsi,dc=com" -f "(&(o
> bjectcategory=person)(objectclass=user))" displayname title department
> memberOf
>
> Example Output from one user:
> Smith, John (displayname)
> CN=1173.Instructors,OU=Distribution
> Lists,OU=1173,OU=Plants,DC=fsi,DC=COM (memberOf group)
> CN=ESS_Time_Approver,OU=Portal,DC=fsi,DC=COM (memberOf group)
> CN=FSI_Everyone,OU=Portal,DC=fsi,DC=COM (memberOf group)
> Technician 1 (title)
> Electronics (department)
>
> Now I am wondering if it is possible to use "AdFind" along with
> additional code/query/script to generate a list of users and attributes
> and then determine group membership accordingly.
>
> Comments and criticism are greatly appreciated....i don't mind
> criticism at all.
>
.
- References:
- ADAM: Enumerate User Attributes
- From: Moe
- Re: Enumerate User Attributes
- From: Lee Flight
- Re: Enumerate User Attributes
- From: Moe
- ADAM: Enumerate User Attributes
- Prev by Date: Re: Dhcp db migration
- Next by Date: Re: 2003 Server
- Previous by thread: Re: Enumerate User Attributes
- Next by thread: Re: Active Directory Users Export
- Index(es):
Relevant Pages
|
