Active directory

[Silver_clone]

---

hi guys,, ask lang unta ko kinsa ninyu naay script sa pag add ug properties sa user object sa Active Directory.. Hope naa maka hatag ninyu..VB... thanks guys..

nag develop ko ug user management interface ani online..everything is working fine but need ko mo add ug email..

sa akong add user interface, I have this username, and password.. then ma add na ang user.. hope pd sad ko maka add ug email.. problem naku ang email is under sa user object properties. hope naa mo script ani,..,thanks

[MarkCuering]

Hi, can i ask few questions.

1. What platform is your DC where AD is installed? 2000, 2003, 2008?

2. In your Add User interface, what other langauge you are using? ASP, ASP.NET, Did you manage it by calling wscript and triggering some batch file or wscript triggering the commands similarly from dsadd.exe if it is 2003.

3. Do you really have to provide a web based interface? or you want to run anywhere in your client? because there are a lot of ways to control your DC particularly on AD objects. eg. DSADD USER command, CSVDE command, LDIFDE command or even the old NET USER command.

[Silver_clone]

1.it is in 2003 server...

2.and im doing this in asp...

3. and yes, I really have to make a web based interface..

in adding and editing and removing users, i just used the object user....,

heres my some of my code

this is the function for adding users

Function addUser(computer, user, pass)

If Not userExists(computer, user) Then
Set location = getObject("WinNT://" & computer)
Set objUser = location.Create("user", user)
objUser.SetPassword pass
objUser.SetInfo
addUser = true
Else
addUser = false
End If

and the add.do.asp

<!--#include file="config.inc"-->
<!--#include file="functions.inc"-->
<%

user = USER_PREFIX & Request("user")
pass = Request("pass")
email = Request("mail")


If len(Request("user")) <= 1 Then

Response.Redirect "index.asp?action=add&user=" & user & "&m=invuser"

ElseIf userExists(COMPUTER, user) Then

Response.Redirect "index.asp?action=add&user=" & user & "&m=exists"

Else

ret = addUser(COMPUTER, user, pass)
Response.Redirect "index.asp?action=add&user=" & user & "&m=added"

End If
%>

[MarkCuering]

Hope you can follow this...

1. you need to bind an object to your active directory using LDAP://rootDSE

refer here as your guide: Microsoft - Scripting with rootDSE

most likely you will have a code like this..

Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")
Set objDomain = GetObject(strADsPath)

2. you need to add Service Objects, you can even have a primary email, secondary email etc...

Microsoft Windows 2000 Scripting Guide - Creating Directory Service Objects

Set objDomain = GetObject("LDAP://dc=NA,dc=fabrikam,dc=com")
Set objOU = objDomain.Create("organizationalUnit", "ou=HR")
objOU.SetInfo <---- you move this down, to add information.

Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")
Set objUser = objOU.Create("user", "cn=MyerKen")
objUser.Put "sAMAccountName", "myerken" <----- setting attribute
objUser.SetInfo <-- Commit


if you still confuse on MSDN try this: LDAP Binding Strings


To make it more simple:

1. follow this pattern provided by MSDN

Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext") <-- dont modify defaultNamingContext its an attribute to rootDSE.
Set objDomain = GetObject(strADsPath) <--- in case doesn't work try "LDAP://" & strADsPath


2. Binding happens here


' Section to create the contact
Set objOU = GetObject("LDAP://"& "OU=<replace here>" & "," & strADsPath) <-- again read binding strings.
Set objContact = objOU.Create("<replace>", "cn=<replace>") <-- eg. Create("Email", "cn=President")
objContact.Put "Description", "your descript here" <--- putting attributes.
objContact.Put "Email", "email-address-here"
objContact.SetInfo <-- commit..

[MarkCuering]

opsss.... i already reply ur pm...pls refresh.

[MarkCuering]

Bro as promise, buzz me nlng sa YM, hope you can make it right

Code:

Option Explicit
Dim objRoot, objOU, objDomain, objContact
Dim strDNS, strOU, strName, strEmailAddress

' FROM MSDN
' reference http://technet.microsoft.com/en-us/library/ee156506.aspx
' 1. Bind to rootDSE.
' 2. Use the Get method to read an attribute of rootDSE.
' 3. Use the attribute returned by rootDSE to construct an ADsPath 
'    and bind to a container or an object in the directory.

Set objRoot = GetObject("LDAP://rootDSE") 
strDNS = objRoot.Get("defaultNamingContext") 
Set objDomain = GetObject("LDAP://" & strDNS) 


' Preparing a binding string.
' reference 1: http://www.rlmueller.net/LDAP_Binding.htm

strOU = "OU=East" 'Organizational Unit where user "Joe Smith" resides
strCN = "cn=UserName" 'Relative Distinguished Name of container "Users"
' IMPORTANT:
' strCN = "cn=UserName" <-- this must be unique, you need to provide the unique value of username.
' you can code it like this:
'
' strCN = "cn=" & strName
'
' strName <--- variable that holds to whatever name you want to add. Again, must be unique.


' from MSDN
' reference: http://technet.microsoft.com/en-us/library/ee156503.aspx
' please refer to Listing 5.3 Creating a User Account and scroll up.

Set objOU = GetObject("LDAP://"& strOU & "," & strDNS)

' reference on LDAP attributes http://a2zdotnet.com/ArticleImages/49_9.jpg
' these attributes belongs to objectclass. same in programming, CLASS and its ATTRIBUTES.
' to visualize this the hierarchy, you can see this image http://www.zytrax.com/books/ldap/images/ldap-object-hierarchy.gif
' mail attribute is under "contact" objectclass, so inorder to set Mail property we need to pull the object first.

Set objContact = 	objOU.Create("contact", strCN) ' get the objectclass.
objContact.Put "Mail", strEmailAddress 'set value to mail property.
objContact.SetInfo ' SetInfo method will propagate these changes to the Membership Directory.

Worst thing may happen... I didn't mentioned earlier that this activity silently binds WSH.
Windows Script Host (WSH), it can failed and run as if it were nothing happpened.

you need to have that kind of service.
for WinXP Download details: Windows Script 5.7 for Windows XP
for Win2000 Download details: Windows Script 5.7 for Windows 2000
for win2003 Download details: Windows Script 5.7 for Windows Server 2003

Helpful tools:

Windows Sysinternals : AD Explorer
the rest you can find it there.

[Silver_clone]

i already have done this project..


thanks d.i Mark,,


I have found out na ang security d.i naku sa IIS sa sever maoy rason...

and some wrong codes..

here are some snippets,

this is the main page..



<style type="text/css">
.mainbody {
background-image:url(image1.png);
background-repeat:no-repeat;
background-position:center;
}
</style>
<%
Response.Expires = -1000 'Makes the browser not cache this page
Response.Buffer = True 'Buffers the content so our Response.Redirect will work

If Session("UserLoggedIn") = "" Then
Response.Redirect("login.asp")
End If
%>
<body class="mainbody">
<center><table width="500" height="180" border="1" class="bodyab">
<tr>
<th ><!--#include file="config.inc"-->
<!--#include file="functions.inc"-->

<LINK REL=StyleSheet HREF="main.css" TYPE="text/css">
<title><%=HEADER%></title>

<div class="header1" style="top:auto"">
<%=HEADER%></div>

<%
action = Request("action")
user = Request("user")

If action = "chpasswd" Then
%>
<!--#include file="chpasswd.form.asp"-->
<%
ElseIf action = "remove" Then
%>
<!--#include file="remove.form.asp"-->
<%
ElseIf action = "edituser" Then
%>
<!--#include file="edituser.form.asp"-->
<%
ElseIf action = "userproperties" Then
%>
<!--#include file="userproperties.asp"-->
<%
ElseIf action = "add" Then
%>
<!--#include file="add.form.asp"-->
<%
ElseIf action = "logout" Then
%>
<!--#include file="logout.asp"-->
<%
Else
%>
<!--#include file="main.asp"-->
<%
End If
%>

<table width="495">
<tr>
<th><h6><a href="?action=add"><p align="left">Add New User<a></p></h6></th>
<th><h6><a href="?action=logout"><p align="right">Logout<a></p></h6></th>
</tr>
</table>
<table class="tableUsers" width="500">

<tr>
<th>#</th>
<th>Username</th>
<th>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Function s</th>
</tr>
<%

'get list of all users that match USER_PREFIX
Set location = GetObject("WinNT://" & COMPUTER)
location.Filter = Array("User")

count=0
For Each objUser In location
If instr(objUser.Name, USER_PREFIX) = 1 Then
count = count + 1
%>
<tr>
<td>&nbsp;&nbsp;<%=count%>.</td>
<td>&nbsp;&nbsp;&nbsp;&nbsp;<a href="?user=<%=objUser.Name%>&action=userpropertie s"><%=objUser.Name%></a></td>
<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;<a href="?user=<%=objUser.Name%>&action=chpasswd">Cha nge Password</a> &nbsp;&nbsp;|
&nbsp;&nbsp; <a href="?user=<%=objUser.Name%>&action=edituser">Edi t User</a>&nbsp;&nbsp;|
&nbsp;&nbsp; <a href="?user=<%=objUser.Name%>&action=remove">Remov e Account</a>
</td>
</tr>
<%
End If
Next



'Set User1 = location.Create("user", "admin2")
'User1.SetPassword "abc"
'User1.SetInfo

'Set Group = GetObject("WinNT://" & COMPUTER & "/Administrators,group")
'Group.Add(User1.ADspath)
%>
</table>
</p>
</th>
</tr>
</table>

other files are included nalng sa script..based on the action.

then maoy ni ang sakto na format sa pag query ug dynamic na userobject with LDAP..

sample lang is sa pag add ug object sa user na imu gi pili..

user = USER_PREFIX & Request("user")
pass = Request("pass")
mail = Request("mail")
fname = Request("fname")
lname = Request("lname")


If len(Request("user")) <= 1 Then

Response.Redirect "index.asp?action=add&user=" & user & "&m=invuser"

ElseIf userExists(COMPUTER, user) Then

Response.Redirect "index.asp?action=add&user=" & user & "&m=exists"

Else

ret = addUser(COMPUTER, user, pass)
''ret = addMail(COMPUTER, user, mail)
''Set location = getObject("WinNT://" & computer)
Set objUser = GetObject("LDAP://cn="& user &",cn=Users, dc=domain, dc=com, dc=local")
objUser.Put "mail", mail
objUser.Put "givenName", fname
objUser.Put "SN", lname
objUser.setInfo
addMail = true
Response.Redirect "index.asp?action=add&user=" & user & "&m=added"

End If
%>

input nLang ka sa data sa textbox.. and it wil be added in your userobject properties under general tab..


..hope nakatabang ni...

thanks.

humana jud ko.

[Silver_clone]

Humana jud ko..

BuGy aU ang WINDOWS..atots..

[MarkCuering]

Nice... I thought it was on the DC, I tried the scenerio from your case, thru ADAM in my WinXP. it works fine, none of that popup thing appear. So that's why I Adviced you to make another GROUP and apply diserable security, it was on your IIS pala, the popup thing is happened only when I disable the WMI service hehehe...

I forogt to tell that you can use ADAM to simulate all the operations similarly as if you are working in Win2k3 LDAP server, you can make some test cases there.

Hoping there would be no abuse in your client... otherwise you need to put that LIMITS I told you back then.... Have fun working...so its not suicidal na...its surviving :-p

[Silver_clone]

mao..mao.. ehehehe.. gamay Lang sipyat, guba jud amu windows server..lols.. patay jud amung mga gi host na mga site..

^^.. actually the account operator is ok na gamiton..

I'll just set the admin of a particular sharepoint site user as member of the account operator... and it works smoothly.. ehehe