The AD Schema class objects define where containers and leafs belong. A given namespace permits only certain types of containers and certain types of leafs. Similarly, each type of container permits only certain types of containers and leafs. Thus, the schema are the rules of the directory service database because they define what information the database can store.
The schema in NT 5.0's AD and NetWare 4.0's NDS are extensible. You can
define new object classes or redefine existing object classes. Applications are
numerous, but one traditional example is to add payroll information to user
objects.
NT 4.0 and NetWare 3.0, however, have locked schema. With fixed object
classes, only the directory service provider (e.g., Microsoft and Novell) has
the ability to add objects that are not in the standard ADSI object set.
It's Time to Start
Now that you know about ADSI's environment and object architecture, you can
start experimenting with ADSI. But first, you need to download it from
http://www.microsoft.com/win32dev/netwrk/adsi.htm. To create programs or
scripts with ADSI, you need the several-megabyte SDK, which includes the ADSI
specification (a 100-page Word document). Then you need the 500KB-compressed
runtime libraries and possibly a patch for them. You must install these
libraries in each workstation that will execute ADSI applications. (NT 5.0 will
include these runtime libraries.)
After you install the downloaded files, you need to enable VB to use ADSI.
In VB 5.0, simply select Project/References and check Active DS Type Library in
the list of references. In VB 4.0, you first need to use the Tools menu to add
the type library ActiveDS.Tlb (in System32 folder) to your Project menu. These
steps let you use AD COM objects in your application.
For the sake of simplicity, the examples from this point on will focus on
how to implement ADSI on NT rather than NetWare. The examples will deal mostly
with users as the objects, but the same principles apply if the objects are
printers, services, or other elements.
Browse a Little, Report a Lot
Once you have installed the necessary files, you can browse with DSBrowse,
which is in the SDK. This sample application browses your namespaces and shows
objects and properties in them.
Next, you can run several reports that will help you learn about your
directory services. The reports that are most useful are the namespaces, user,
and property reports.
Namespaces correspond to the four providers: WinNT, NWCOMPAT, NDS, and
LDAP. Table 2 (page 166) gives examples of names in different namespaces. To
check which namespaces are installed in your computer system, you can use this
code:
Dim NamespacesObj as IADs Namespaces
Dim obj as IADs
Set NamespacesObj = GetObject("ADS:")
For Each obj in NamespacesObj
Debug.Print obj.Name
Next obj
This exercise not only tells you which namespaces are available, but also
shows you many of the steps in ADSI programming. First, you define the variables
with Dim statements, usually including the letters IADs. Next you use GetObject
to instantiate (or create) the object based on the path given. GetObject is an
ADSI helper function and is not to be confused with a VB function with the same
name. Then on the same line, you assign the object to a variable, after which
you can finally use it. If your object has many elements, you can walk through
them with the For Each loop.
If you want to make a report containing all users and their home directory,
you first need to use the code just given to find out the namespaces. (If you
want, you can skip this step and just assume that you are using NT with the
WinNT: namespace. This assumption isn't too risky.) Next, determine which
domains you have. If your namespace is only WinNT:, you can get a list of the
domains from your network neighborhood. Once you know the domains, use this
code:
Dim Container As IADsContainer
Dim Child As IADs
Set Container = GetObject
("WinNT://SomeDomain")
Container.Filter = Array("user")
For Each Child In Container
Debug.Print Child.Name + Chr$(9) + Child.HomeDirectory
Next Child
This code sets a filter to the container so that it lists only users. It
ignores other objects, such as groups and computers. (You can, however, run
reports on other objects in a domain. The SDK can help you with this task.) The
code then uses a For Each loop to recall each user's name and home directory.
A property report will tell you which optional properties each user
supports. (A printout of mandatory properties would be empty.) Here's how to run
the optional properties report:
Dim Class As IADsClass
Set Class = GetObject("WinNT://SomeDomain/Schema/User")
l = LBound(Class.OptionalProperties)
u = UBound(Class.OptionalProperties)
For i = l To u
Debug.Print Class.OptionalProperties(i)
Next i
Table 3 shows sample output from this procedure.
Another way you can access the properties of AD objects is to use the Get
and Put methods. A benefit of using Get and Put is that, theoretically, you do
not need to know anything about your network objects or properties beforehand.
You can browse the schema and then use the property names found as variables in
the Get and Put statements. (For more information on Get and Put, see the ADSI
specification.)
Register
