Guy's Scripting Ezine number 21 - Binding to Active Directory

A great VBScript editor will save you both time and frustration. While notepad is an adequate vehicle for copying and pasting, in comparison, a proper script editor is like driving a Rolls Royce. Where a script editor is most useful is when your are troubleshooting. Have you ever wasted time counting down 27 lines to find the error? Well with a script editor, you can instantly see the line numbers and so locate the error at once.

I have to confess, that at first I thought that colour coding was a gimmick, but then I saw how useful colour was in distinguishing strVariables from Set Commands. Why choose VBsEdit? Not only do they offer a free trial version, but you also get friendly people who care and will look after you. Try VBsEdit

Binding to Active Directory

There is a whole family of scripts which manipulate objects in Active Directory. For example, scripts which create new users. One of the first tasks for such scripts is to connect or 'Bind' to Active Directory.

The command that does the binding is:
Set objRootDSE = GetObject("LDAP://RootDSE")

In my mind's eye 'Binding' is like connecting a pipe from the script to Active Directory. Once the pipe is open, the next line extracts the DNS name so that we can name our user object
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

Then on the third line we use the information to set the objDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)

The above three lines are a joy to use because they get the domain name without you having to explicitly hard code the value. Here below a shorter, but inferior alternative. I say inferior because you have to know the correct values for dc=.

Example 1 - To create a user

The purpose of this script 1 is to create a user called Guido Fawk. Now this script is good, but it could be improved. My hidden agenda this week is learning from mistakes, so while 'BindAD.vbs should work there is a flaw which will be revealed in example 2.

' BindAD.vbs
' VBScript to bind to Active Directory and create a user.
' Author Guy Thomas http://computerperformance.co.uk
' Version 1.8 - March 7th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawk")
objUser.Put "sAMAccountName", "GuidoFawk"
objUser.SetInfo
WScript.Echo "Created " & objUser.get ("cn")
WScript.quit

Learning points

Note 1: We created Guido Fawk with the minimum user attributes, cn and sAMAccountName.

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

Note 3: The script will work, but it's not easy to find your user! Make sure you have View (Menu) Advanced Features selected, now you can see the user under the root of the domain - not in the users folder. Alternatively just use 'Find' from your Domain object in Active Directory Users and Computers.

Note 4: Admire how the script saves the objUser with two methods, 'Put' and a SetInfo.

What we need is a command to place the new account in the USERS container, then we can see the new user more easily in Active Directory Users and Computers.

' BindADUser.vbs
' VBScript to bind to AD and create a user in Users Container.
' Author Guy Thomas http://computerperformance.co.uk
' Version 2.3 - March 7th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strDNSDomain = "CN=Users," & strDNSDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawkes")
objUser.Put "sAMAccountName", "GuidoFawkes"
objUser.SetInfo
WScript.Echo "Created " & objUser.get ("cn")
WScript.quit
' End of example VBScript

Learning Points

Note 1: If you like a challenge change the CN=Users, to OU=YourOU. If you accept this challenge make sure that OU=YourOU really exists.

Note 2: Users is a container, so its CN=Users, whereas OU is, well an OU, so, OU=YourOU is correct. (CN=YourOU would be wrong)

Out Takes - Introducing two Guy Challenges.

The truth is that rather like T.V. programs have cuts our out takes, so do my scripts!

My idea is to give you a script with two deliberate mistakes, so that you have a chance to troubleshoot and correct the problems.

There is a tiny error in this script which produces Error: 0x80005000. Can you find it? A good text editor would help you identify the line number.

Answers to Out Takes

Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Dim objDomain, objUser, objRootDSE

' BindAD.vbs
' VBScript to bind to AD and create a user in Users Container.
' Author Guy Thomas http://computerperformance.co.uk
' Version 2.2 - March 7th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objDomain, objUser, objRootDSE
Dim objContainer, strDNSDomain
Dim objDomain, objUser, objRootDSE
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strDNSDomain = "CN=Users" & strDNSDomain
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objUser = objDomain.Create("User", "cn=Guido Fawke")
objUser.Put "sAMAccountName", "GuidoFawke"
objUser.SetInfo
WScript.Echo "Created " & strDNSDomain
WScript.quit
' End of example VBScript

Note 1: Clue it's a single unwanted symbol.A good script editor would help! Take a look at VBsEdit

Contact Guy

About Us

Affiliate Program

MCSE Exams

Guy's eBooks

Advice Payment

Guy's Scripting Ezine No 21 - Binding to Active Directory

Contents for Binding to Active Directory