Re: Reducing ADAM Accesses
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Feb 2007 10:59:00 -0600
The ADAM rootDSE tokenGroups attribute is a single search you can perform
that will give you the SIDs of all of the groups that the currently bound
user is a member of, including both Windows and ADAM groups if the currently
bound user is a Windows user.
I'd suggest trying it out to learn more about how it works and how it might
help you.
Once you have the SIDs, you can either resolve those into friendly names if
you need to or just use them directly, in which case you are basically done
and don't need to make any additional calls. I'd also suggest caching this
info so you don't need to perform this operation frequently.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Phran" <Phran@xxxxxxxxxxxxxxx> wrote in message
news:6669ADE3-E0CE-4BA4-B062-852D58EE9964@xxxxxxxxxxxxxxxx
Hi Joe, thanks for this suggestion. I have looked at some documentation on
MSDN but I can't find anything obvious that seems to cover reducing
traffic.
Was there anything in particular that you had in mind?
"Joe Kaplan" wrote:
Have you looked at the ADAM tokenGroups attribute on RootDSE?
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Phran" <Phran@xxxxxxxxxxxxxxx> wrote in message
news:E517F220-2215-4955-8B49-FE6E89F8ED99@xxxxxxxxxxxxxxxx
Hello, I have a question about reducing the number of trips to query
group
membership held in and ADAM.
Below is some code that I have butchered from a sample to keep things
simple. The code is intended to bind to a user object and then to
iterate
over the group memberships of that user - in order to find out whether
the
user is a member of a group. If I was to call this code repeatedly for
the
same user it seems to me that there would be repeated binds to the ADAM
followed by repeated iterations of over the group membership.
What suggestions do people have about reducing the number of trips to
the
ADAM?
ADsOpenObject(..., (void **)&pIADsUser);
IADsMembers *pIADsMembers;
pIADsUser->Groups(&pIADsMembers)));
pIADsMembers->get__NewEnum(&pUnk);
hr = pUnk->QueryInterface(IID_IEnumVARIANT,(void**)&pEnum);
while (SUCCEEDED(hr) && hr != S_FALSE)
{
hr = pEnum->Next(1, &Variant, &ulElementsFetched)));
// hr = false if there is no next
if (hr != S_FALSE)
{
IDispatch *pDispatch = NULL;
IADsGroup *pIADsGroup = NULL;
hr = pDispatch->QueryInterface(IID_IADsGroup,(VOID **) &pIADsGroup))) ;
pIADsGroup->get_ADsPath(&groupNameBstr);
}
}
.
- Follow-Ups:
- Re: Reducing ADAM Accesses
- From: DaveMo
- Re: Reducing ADAM Accesses
- References:
- Re: Reducing ADAM Accesses
- From: Joe Kaplan
- Re: Reducing ADAM Accesses
- From: Phran
- Re: Reducing ADAM Accesses
- Prev by Date: Re: encypted password AD authentication
- Next by Date: Re: UPN Suffixes
- Previous by thread: Re: Reducing ADAM Accesses
- Next by thread: Re: Reducing ADAM Accesses
- Index(es):
Relevant Pages
|
