Chapter 24. Working with Active Directory Using ADSI and PowerShell

ADSI—the Active Directory Services Interface—allows you to query directory services. Three different kinds of directories are commonly used in the Microsoft world:

  • WinNT allows access to the local computer, and Windows NT (pre–Windows 2000) domains.

  • LDAP accesses an Active Directory Domain Controller using the LDAP protocol.

  • GC accesses an Active Directory Global Catalog server.

A Quick Introduction to Active Directory

Active Directory is a replicated database that holds information about objects that are to be centrally managed—for example, Users, Groups and Computers. The set of object classes that can be stored is extensible, so anything that needs to be managed centrally can have an object definition added to AD. Exchange 2000 was the first major application to use Active Directory to store its information. It uses AD as its mail directory and defines extra classes for mail stores, gateways, and so on.

In addition to classes, AD defines a set of attributes (properties) for those classes. The set of attributes is also extensible. Any attribute can be added to any existing class. So, for example, Exchange does not define a new class for a mail-enabled user. Instead, the attributes that it needs—the users' mail addresses, where their mailboxes ...

Get Microsoft® PowerShell, VBScript and JScript® Bible now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.