Simple Manipulation of ADSI Objects

Let's now take a look at simple manipulation of Active Directory objects using ADSI. We are using Active Directory as the primary target for these scripts, but the underlying concepts are the same for any supported ADSI namespace and automation language. All the scripts use GetObject to instantiate objects and are assuming you are logged in already with an account that has administrative privileges over the objects manipulated. If you aren't, you need to use IADsOpenDSObject::OpenDSObject as shown earlier in the chapter.

The easiest way to show how to manipulate objects with ADSI is through a series of real-world examples, the sort of simple tasks that form the building blocks of everyday scripting. To that end, imagine that you want to perform the following tasks on the mycorp.com Active Directory forest:

  1. Create an Organizational Unit called Sales.

  2. Create two users in the Sales OU.

  3. Iterate through the Sales OU and delete each user.

  4. Delete the Organizational Unit.

This list of tasks is a great introduction to how ADSI works because we will reference some of the major interfaces using these examples.

Creating the OU

The creation process for the Sales Organizational Unit is the same as for any object. First you need to get a pointer to the container in which you want to create the object. You do that using the following code:

    Set objContainer = GetObject("LDAP://dc=mycorp,dc=com")

Tip

While VBScript and VB have the GetObject function, Visual C++ (VC++) ...

Get Active Directory, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.