ASP 3.0 The Complete Reference
Chapter 21
Working with ADSI (Outline and Notes)
Early days of computing had many standards for storing system related
information
As networked systems became more prevalent, a standard became necessary
Directories are geared towards system or configuration data
Should not be a used as a transactional database persistent store for
infrequently changing data
Network administrators will use Active Directory programming to automate common
administrative tasks, such as adding users and groups, managing printers, and
setting permissions on network resources.
Independent software vendors and end user developers will use Active Directory
programming to "directory enable" their products and applications.
Services can publish themselves in Active Directory, clients can use Active
Directory to find services, and both can use the directory to find and
manipulate other objects of interest.
Should mention Site Server somewhere
Use to Look up location of a service
What is a Directory Service?
Provides a data store of
-
User Information
-
Bind to Services
-
Store Configuration Info
Optimized for Read Info
Not Relational- Cant do joins
Loose Consistency with Convergence - No Distributed Lock Management
Not a replacement for local registries
Consider file replication as an alternative for nonstructured
data
Schema
schema - stored in the directory as objects itself
Hierarchical Structures
best for static data of reasonable size
based on the replication latency
And for data that is globally required
guideline 30% of your users require the data
order of data may not be preserved
Containers
-
Create objects within the container.
-
Delete objects from the container.
-
Count the number of objects within the container.
-
Enumerate the contained objects.
-
Access the contained objects.
Objects
-
A simple way to set and retrieve configuration properties on a specific node in
the metabase.
-
A way to retrieve the path of the object's parent container object.
-
Binding information that uniquely identifies the object instance in a directory
tree.
-
A path to the schema definition of the object.
-
Identification information that indicates the name and type of the object.
-
A way to retrieve namespace properties.
-
A simple implicit caching system.
Attributes Properties
properties
syntax
name
OID Object Identifier
Single or Multiple Value
Some Contraints
Data Type
Mandatory
Optional
Classes -- Objects
Collection of Attributes to form objects
Name
OID
Possible Superiors (parents in hierarchy)
mayContain
mustContain
Inheritance
Show how properties cascade
Good example with IIS Metabase
OIDs
Must be generated by a registration authority
or for small changes can use the OIDgen tool to create an ID in the Microsoft
namespace
Schema Extensions
need Schema Manager
highly restricted
Many corporations
Cant delete schema only set to defunct
Many corporation will not take kindly to schema revisions
must derive from the Top class
Display Names
problem with name collisions
using unique conventions:
Company Code or domain.com
and Product Code
and Attribute Name
Publish Services
Detecting Latency
Replication
Multi Master Replication
Flexible Replication Topology
Mutual Authentication
Security
Kerberos
Strongly Typed Data
Benefits
Location transparency
Persistent Data Store
Queryable
High Availability
What is ADSI?
general interface to Directory Services
Like ADO in some sense
In fact, ADO supplies an OLEDB provider for ADSI
Access to Various Services through a variety of providers
LDAP. This is a namespace implementation that is compatible with Lightweight
Directory Access Protocol (LDAP).
NDS. This is a namespace implementation compatible with Novell NetWare
Directory Service (NDS).
NWCOMPAT. This is a namespace implementation compatible with Novell NetWare
3.x.
WinNT. This is a namespace implementation that is compatible with Windows
NT/Windows 2000.
LDAP Provider
Lightweight Directory Access Protocol
X.500 Global Standard
access to Active Directory
Exchange
IIS Provider
The Metabase
from Microsoft
Figure
1: maybe
coordinate style with list below
access to metabase
WinNT Provider
Not an actual directory
Also supplied by Active Directory
Primary Focus on User Accounts
WinNT Objects
The WinNT object class hierarchy starts from the Namespace object.
|
WinNT Object
|
AD Object
|
Description
|
|
Namespace
|
|
Top-level object container.
|
|
Domain
|
|
The Windows NT domain.
|
|
User
|
|
User account.
|
|
Group
|
|
Group account for managing access rights.
|
|
UserGroupCollection
|
|
A set of user groups implementing IADsMember.
|
|
GroupCollection
|
|
A set of other groups implementing IADsMember.
|
|
Computer
|
|
Windows NT 4.0 server or workstation.
|
|
PrintJob
|
|
Print job in the print queue
|
|
PrintJobsCollection
|
|
A set of print jobs.
|
|
PrintQueue
|
|
Print queue on a printer spooler
|
|
Service
|
|
Application running as a service.
|
|
FileService
|
|
Services accessing file system
|
|
FileShare
|
|
File share point
|
|
Resource
|
|
A resource in the service
|
|
Session
|
|
An active file service connection
|
|
User
|
|
Local user account
|
|
Group
|
|
Local group
|
|
UserCollection
|
|
Collection of local users
|
|
GroupCollection
|
|
Collection of local groups.
|
|
Schema
|
|
WinNT Schema container.
|
|
Class
|
|
Schema class definition.
|
|
Property
|
|
Schema attribute definition.
|
|
Syntax
|
|
Syntax of a property.
|
Exchange
Current version has its own directory but will be
Site Server
Membership Directory
Others
Novell
Netware
NDS
What you need
Windows 2000
for other systems
http://www.microsoft.com/NTServer/nts/downloads/other/ADSI25/default.asp
The Example
Authenticating Users within Groups for access
not very secure however if the pages themselves are not restricted
or
Admin pages to coordinate user groups
or
Link Permission checker like the Permission checker object
Figure
2: Screen Shot of
Start ASP
|
|
Start ASP
|
|
1
2
3
4
5
6
7
8
9
10
|
|
Figure
3: Results ASP
|
|
Results ASP
|
|
1
2
3
4
5
6
7
8
9
10
|
|
Connecting to the Directory
|
|
VBScript
|
|
1
2
3
4
5
6
7
8
9
10
|
|
Creating the Ads Path
No expression evaluation
Joins not supported directly- only through the OLEDB provider not native to LDAP
Parts of a Path
Provider
Namespace
Objects
|
|
Path Examples
|
|
1
2
3
4
5
6
7
8
9
10
|
|
Variations in Syntax
|
|
VBScript
|
|
1
2
3
4
5
6
7
8
9
10
|
|
Binding to a Directory Object
using GetObject
|
|
VBScript
|
|
1
2
3
4
5
6
7
8
9
10
|
|
using openDSObject
|
|
VBScript
|
|
1
2
3
4
5
6
7
8
9
10
|
|
Iterating through Directory Collection Objects
|
|
VBScript
|
|
1
2
3
4
5
6
7
8
9
10
|
|
Getting Properties from an Object
6 read only properties for an ADSI object
All ADSI objects, except for the Namespaces object, implement the COM interface
IADs, which has six properties.
|
Property
|
Description
|
|
Name
|
The name of the object.
|
|
Class
|
The schema class name of the object.
|
|
GUID
|
A Globally Unique Identifier structure that uniquely identifies the object.
|
|
ADsPath
|
The string fo |