Computer Performance, Windows 2003, Exchange 2003, Logon Scripts

Google

Web Search Site

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

 

VBScript - The Importance of RootDSE

Guy recommends:
VBScript Training Video on CD

Computer Training Software

Introduction to RootDSE

The purpose of RootDSE is to give us a 'handle' so that we can  bind the user object to Active Directory.  The purpose of RootDSE is to give us a 'handle' so that we can bind the user object to Active Directory.  In fact the words behind the acronym - Root Directory Service Entry, neatly explains what this object does. Technically, its WSH rather than VBS that provides the GetObject method which makes the connection to Active Directory.

Strictly speaking, RootDSE should be defined as the Root DSA-Specific Entry (where DSA is Directory System Agent). It stores a standard set of information about configuration and capabilities of the LDAP directory (as defined by RFC 2251).  I thank Chris Dent for this extra information.

Technically, its WSH rather than VBS that provides the GetObject method which makes the connection to Active Directory.  In large organization you can set RootDSE to the root domain, normally you would set it to the current domain. 

Topics for RootDSE

 

ADSI Edit - Support Tool

To get another perspective on what RootDSE can do, launch ADSI Edit from the Support tools on the CD. ADSI provides an interface which can read the properties of Active Directory objects such as user and computer.  There will be countless times when you need to check the LDAP properties in your script, so take the time to explore with the ADSI utility.

When you launch ADSI Edit you will see these three container objects in Active Directory.

  1. Domain
  2. Configuration - Most useful for scripting
  3. Schema

 

Example 1 - Get Domain name from RootDSE

 

' Get Domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

WScript.Echo strDomain    ' This is line Guy put in to test

 

The above scripts Gets the name of your present domain and echo's it to a message box.

 

Note 1:  I have used the variables objRootDSE and strDomain here.  You could choose different names for the variables and the script would still work.  That said, meaningful names are best.

Note 2:  The variables follow the 'Hungarian Convention'.  To remind us of type of variable, the convention uses str to precede string and obj to precede object variables.

Note 3:  DefaultNamingContext is a property of RootDSE (Active Directory).  My point is while you can make up names of variables, you must abide by the names of properties.  If you substituted a made up name - for example adName -  in place of defaultNamingContext, then WSH would generate a 800500D error.

Example 2 - Setting the objContainer

 

Set objContainer = GetObject("LDAP://" & strOUContainer)

 

Note 1:  strOUContainer is a vital variable that controls the OU where the users will be created.  You need to set this string accurately to reflect you domain name and your choice of OU.

Note 2: "LDAP://" tells the script that the object is Active Directory.  Alternatives for other scripts would be WINNT or NDS.

 

See Also

 

 .

Google

Webcomputerperformance.co.uk

GFi Events Manager

Guy Recommends: GFi EventsManager

Here is a solution to monitor, manage and archive thousands of events that are generated by devices across your entire network.  Get your free evaluation copy of GFI EventsManager.

 

Home Copyright © 1999-2009 Computer Performance LTD All rights reserved

Please report a broken link, or an error.