September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.1. Viewing the RootDSE
Problem
You want to view attributes of the RootDSE, which can be useful for discovering basic information about a forest, domain, or domain controller.
Solution
Using a graphical user interface
Open LDP.
From the menu, select Connection → Connect.
For Server, enter a domain controller, domain name, or leave blank to do a serverless bind.
For Port, enter 389.
Click OK.
The contents of the RootDSE will be shown in the right pane.
Using a command-line interface
> enumprop "LDAP://RootDSE"
Using VBScript
' This code prints the attributes of the RootDSE
set objRootDSE = GetObject("LDAP://RootDSE")
objRootDSE.GetInfo
for i = 0 to objRootDSE.PropertyCount - 1
set strProp = objRootDSE.Item(i)
WScript.Echo strProp.Name & " "
for each strPropval in strProp.Values
WScript.Echo " " & strPropval.CaseIgnoreString
next
nextDiscussion
The RootDSE was originally defined in RFC 2251 as part of the LDAPv3 specification. It is not part of the Active Directory namespace per se. It is a synthetic object that is maintained separately by each domain controller.
The RootDSE can be accessed anonymously, and in fact, none of the three solutions used credentials. In the CLI and VBScript solutions, I used serverless binds against the RootDSE. In that case, the DC Locator process is used to find a domain controller in the domain you authenticate against. This can also be accomplished with LDP by not entering a server name from the Connect dialog box.
The RootDSE is key to writing portable AD-enabled ...