Securely process LDAP objects with VBscript using alternate credentials

Question

Securely process LDAP objects with VBscript using alternate credentials

I am aware of using ADsDSOobject with explicit credentials to connect to an AD object to read attributes, list items, etc. And the GetObject method ("LDAP // ...") for managing these objects (adding group members, changing properties, etc.), but is there a way to manipulate attributes and memberships with explicit credentials?

The first method I have in mind is something like ...

Set conn = Server.CreateObject("ADODB.Connection")
Set cmd = Server.CreateObject("ADODB.Command")
conn.Provider = "ADsDSOobject"
conn.Properties("User ID") = AD_Username
conn.Properties("Password") = AD_Password
conn.Properties("Encrypt Password") = True
conn.Open "Active Directory Provider"
Set cmd.ActiveConnection = conn

But none of the script examples that perform tasks such as adding a user to a domain group can use this approach, as far as I know. Is there any way to do this somehow?

+5

vbscript active-directory ldap

Skatterbrainz Mar 12 '11 at 20:07

1

Harvey Kwok · Accepted Answer · 2011-03-15T05:57:36+0000

VBScript ADSI .

Set objUser = GetObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com")
Set objGroup = GetObject("LDAP://CN=group1,DC=fabrikam,DC=com")
objGroup.add(objUser.ADsPath)

, credentails. , GetObject .

credentails, GetObject OpenDSObject

Const ADS_SECURE_AUTHENTICATION = 1
Set openDS = GetObject("LDAP:") 

Set objUser = openDS.OpenDSObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

Set objGroup = openDS.OpenDSObject("LDAP://CN=group1,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

objGroup.add(objUser.ADsPath)

Securely process LDAP objects with VBscript using alternate credentials

More articles: