' This code prints the attributes of the RootDSE set objRootDSE = GetObject("LDAP://RootDSE") objRootDSE.GetInfo for i = 0 to objRootDSE.PropertyCount - 1 set strProp = objRootDSE.Item(i) WScript.Echo strProp.Name & " " for each strPropval in strProp.Values WScript.Echo " " & strPropval.CaseIgnoreString next next
The RootDSE was originally defined in RFC 2251 as part of the LDAPv3 specification. It is not part of the Active Directory namespace per se. It is a synthetic object that is maintained separately by each domain controller.
The RootDSE can be accessed anonymously, and in fact, none of the three solutions used credentials. In the CLI and VBScript solutions, I used serverless binds against the RootDSE. In that case, the DC Locator process is used to find a domain controller in the domain you authenticate against. This can also be accomplished with LDP by not entering a server name from the Connect dialog box.
The RootDSE is key to writing portable AD-enabled applications. It provides a mechanism to programmatically determine the distinguished names of the various naming contexts among other things, which means you do not need to hardcode that information in scripts and programs. Here is an example from LDP when run against a Windows Server 2003-based domain controller:
ld = ldap_open("dc01", 389); Established connection to dc01. Retrieving base DSA information . . . Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: 1> currentTime: 05/26/2003 15:29:42 Pacific Standard Time Pacific Daylight Time; 1> subschemaSubentry:CN=Aggregate,CN=Schema,CN=Configuration,DC=rallencorp,DC=com; 1> dsServiceName: CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=rallencorp,DC=com; 5> namingContexts: DC=rallencorp,DC=com; CN=Configuration,DC=rallencorp,DC=com; CN=Schema,CN=Configuration,DC=rallencorp,DC=com; DC=DomainDnsZones,DC=rallencorp,DC=com; DC=ForestDnsZones,DC=rallencorp,DC=com; 1> defaultNamingContext: DC=rallencorp,DC=com; 1> schemaNamingContext: CN=Schema,CN=Configuration,DC=rallencorp,DC=com; 1> configurationNamingContext: CN=Configuration,DC=rallencorp,DC=com; 1> rootDomainNamingContext: DC=rallencorp,DC=com; 21> supportedControl: 1.2.840.1135184.108.40.2069; 1.2.840.1135220.127.116.111; 1.2.840.113556. 1.4.473; 1.2.840.113518.104.22.1688; 1.2.840.113522.214.171.1247; 1.2.840.1135126.96.36.1999; 1.2. 840.1135188.8.131.521; 1.2.840.1135184.108.40.2069; 1.2.840.1135220.127.116.115; 1.2.840.113556.1. 4.521; 1.2.840.113518.104.22.1680; 1.2.840.113522.214.171.1248; 1.2.840.1135126.96.36.1994; 1.2. 840.1135188.8.131.529; 1.2.840.1135184.108.40.2060; 1.2.840.1135220.127.116.113; 2.16.840.1. 113718.104.22.168; 2.16.840.1.113722.214.171.124; 1.2.840.1135126.96.36.1994; 1.2.840.113556.1.4. 1852; 1.2.840.1135188.8.131.522; 2> supportedLDAPVersion: 3; 2; 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange; 1> highestCommittedUSN: 53242; 4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5; 1> dnsHostName: dc01.rallencorp.com; 1> ldapServiceName: rallencorp.com:dc01$@RALLENCORP.COM; 1> serverName: CN=DC01,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=rallencorp,DC=com; 3> supportedCapabilities: 1.2.840.1135184.108.40.2060; 1.2.840.1135220.127.116.110; 1.2.840. 113518.104.22.1681; 1> isSynchronized: TRUE; 1> isGlobalCatalogReady: TRUE; 1> domainFunctionality: 0 = ( DS_BEHAVIOR_WIN2000 ); 1> forestFunctionality: 0 = ( DS_BEHAVIOR_WIN2000 ); 1> domainControllerFunctionality: 2 = ( DS_BEHAVIOR_WIN2003 );
All attributes of the RootDSE were retrieved and displayed.
Typically, you will need only a few of the attributes; in which case,
you’ll want to use
GetEx as in the following example:
strDefaultNC = objRootDSE.Get("defaultNamingContext")
Or if want to get an object based on the distinguished name (DN) of
one of the naming contexts, you can call
using an ADsPath:
set objUser = GetObject("LDAP://cn=administrator,cn=users," & _ objRootDSE.Get("defaultNamingContext") )