Re: domain name/LDAP redundancy
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 20 Jan 2008 19:37:41 -0600
Andy Wolsten wrote:
I am trying to develop some redundancy in to one of our in house
applications which relies on contacting Active Directory for usernames and
other info via LDAP.
The app currently contacts one of the DC's for the LDAP search however,
this
obviously presents a single point of failure.
I am under the impression that i can use the actual domain name for
contacting a DC e.g. domain.inside Does this return a list of available
DC's,
or does it return the local one? I am trying to end with a situation where
the application does not fail if the local DC is down, and automatically
redirects to another local/remote DC.
There should be no need to specify a DC. I use the RootDSE object to
retrieve the DNS name of the domain and bind to that with a serverless
binding string. The nearest DC responds. For example, this VBScript program
uses ADO to retrieve the Distinguished Names of all users in the domain. It
can be modified to retrieve other information:
===============
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strDN
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://"; & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strDN = adoRecordset.Fields("distinguishedName").Value
Wscript.Echo strDN
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
=========
This code will run in any domain, so long as the user is authenticated to
the domain. The nearest DC responds to the query.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Follow-Ups:
- Re: domain name/LDAP redundancy
- From: Andy Wolsten
- Re: domain name/LDAP redundancy
- Prev by Date: Re: max number of group memberships of a user?
- Next by Date: Re: Get SAMAccountNames for all users in an active directory group
- Previous by thread: Re: Orphaned DC
- Next by thread: Re: domain name/LDAP redundancy
- Index(es):
Relevant Pages
|
