All geek questions in one place

LDAP Queries at URL

I am trying to make LDAP queries using Visual Basic. I do not have administrator access to Active Directory, but I can view all user objects. I do not know what restrictions, if any, find me in the directory through LDAP: // requests.

In the Excel application that I create, I have a column for entering user IDs. When a user enters a user ID, I would like other columns to be automatically populated based on server side information associated with that user (e.g. email address)

Let's say c.Value is the identifier of the user that was entered into the spreadsheet:

strUser = "CN=" & c.Value & ",OU=User Accounts,OU=Area,OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk/" 
 Set objUser = GetObject("LDAP://" & strUser)

The problem is that when OU = Area is known, the search is successful. However, I would like the request to check all OU areas for the UserID. As far as I can tell, they are not stored and are not reflected in a central place. Can wildcards be used in such a query?

Does anyone have any other ideas or suggestions for alternative ways to do this?

Thanks,

Tom

+4
source share
2 answers

Before answering your question, here are some basic knowledge in Active Directory.

  • User objects in Active Directory contain a number of attributes.
  • CN is one of the attributes of a user object. This does not always match your login username.
  • The name samAccountName contains the login name prior to Windows 2000. This is probably what you are looking for. The objects
  • stored hierarchically. User object can be placed in OU or container

To complete the LDAP query, you need to use the ADO connection object. You need to pass the LDAP query string to the ADO connection object. The LDAP query string contains four parts.

  • The root path where we begin the search.
  • LDAP filter
  • Returned attributes
  • Search Area

The LDAP query string you should use should look something like this:

 <LDAP://OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk>;(&(objectClass=user)(samAccountName=yourusername));adspath;subtree
  • The root path in the above example is <LDAP://OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk> . This means starting a search at this level.
  • Since you are looking for a user, the LDAP filter (&(objectClass=user)(samAccountName=yourusername)) . Of course, you need to replace yourusername with something else inside your code. If you really want to search on CN, replace it with CN here.
  • Return Attributes is a special adspath attribute that allows you to bind to this object later.
  • I assume that you are trying to find all user objects in the same domain. So your search should be subtree

Here is a complete sample that I think should do your job

 userName = "harvey" ldapStr = "<LDAP://OU=Users,OU=Accounts,DC=joe,DC=bloggs,DC=co,DC=uk>;(&(objectClass=user)(samAccountName=" & userName & "));adspath;subtree Set conn = CreateObject("ADODB.Connection") conn.Provider = "ADSDSOObject" conn.Open "ADs Provider" Set rs = conn.Execute(ldapStr) While Not rs.EOF wscript.echo rs.Fields(0) rs.MoveNext Wend
+4
source

You probably see anonymous style permissions. This way you can read some default attributes. What you want to do is make sure that you are authorized as a user with sufficient permissions to read the data you are interested in.

If UserID is indeed the Pre-Windows 2000 username (aka sAMAccountName), then search for the full DN of the user whose sAMAccountName = c.Value.

By the way, the chances are very good that CN = is not a short name, but rather some version of the First and Last person, which is the default ADC MMC template.

0
source

Source: https://habr.com/ru/post/1338437/

More articles:


All Articles