Chapter 28. Using ADSI and ADO from ASP or VB

Two important features of Active Directory require administrators to create their own tools:

  • The ability to extend the Active Directory schema with your own classes and attributes, which allows you to store additional data with objects

  • The ability to delegate control of administration of Active Directory in a very detailed manner

If you take advantage of these, there is a large chance that you will want to provide customized tools for administration.

For example, you might decide that a group of users is to manage only certain properties of certain objects; for example, which users can go into a group. There is no point in giving them Active Directory Users and Computers snap-in; that’s like using a sledgehammer to crack a nut. Why not create a tool of your own that only allows them to manipulate the values that they have permission to? If you then incorporate logging into a file or database within this application, you have a customized audit trail as well.

Tools of this nature do not lend themselves to VBScript because they tend to require a much more enhanced GUI interface. Consequently, you are left with three choices:

  • Write code in a compiled language like Visual Basic or VB.NET that supports complex GUI routines.

  • Write code for a web-based interface using HTML and Active Server Pages (ASPs) or using ASP.NET.

  • Write code in another scripting language such as Perl that supports complex graphical controls.

We will concentrate on the first two ...

Get Active Directory, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.