Simple Manipulation of ADSI Objects

Let’s now take a look at simple manipulation of Active Directory objects using ADSI. We are using Active Directory as the primary target for these scripts, but the underlying concepts are the same for any supported ADSI namespace and automation language. All the scripts use GetObject to instantiate objects, assuming you are logged in already with an account that has administrator privileges; if you aren’t, you need to use IADsOpenDSObject::OpenDSObject as shown earlier in the chapter.

The easiest way to show how to manipulate objects with ADSI is through a series of real-world examples, the sort of simple tasks that form the building blocks of everyday scripting. To that end, imagine that you want to perform the following tasks on the Active Directory forest:

  1. Create an Organizational Unit called Sales.

  2. Create two users in the Sales OU.

  3. Iterate through the Sales OU and delete each user.

  4. Delete the Organizational Unit.

This list of tasks is a great introduction to how ADSI works because we will reference some of the major interfaces using these examples.

Creating the OU

The creation process for the Sales Organizational Unit is the same as for any object. First you need to get a pointer to the container in which you want to create the object. You do that using the following code:

Set objContainer = GetObject("LDAP://dc=mycorp,dc=com")


While VBScript and VB have the GetObject function, VC++ has no such built-in function. ADSI provides the ADsGetObject ...

Get Active Directory, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.