Chapter 20. Managing Active Directory Domain Extensions

As you've seen in previous chapters, many features of Windows and Active Directory can be scripted with the WinNT ADSI provider. WinNT is useful for managing most core functions, including user, group, and computer accounts. However, when you want to perform more advanced manipulation of Windows or Active Directory, you'll need to use the LDAP (Lightweight Directory Access Protocol) ADSI provider. With LDAP, you can script the extended features of any Active Directory object.

Working with Naming Contexts and the RootDSE Object

Active Directory uses a multimaster approach for maintaining and replicating directory information. Because of this, you can use any domain controller to view and manage directory information and don't have to specify a specific server when working with Active Directory. In fact, with the LDAP provider you are encouraged not to specify a server in your AdsPaths. Instead, you should bind to the root of the directory tree and then select a naming context that you want to work with. In Active Directory, the RootDSE object represents the root of the directory tree.

Binding to a naming context

A naming context is a top-level container for the directory tree. Three naming contexts are available: domain container, ...

Get Microsoft® PowerShell, VBScript and JScript® Bible now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.