ADSI (Active Directory Service Interfaces)
LDAP is a language that enables Active Directory to find, create and manipulate objects. ADSI Edit will let you examine a user’s properties and display all the LDAP properties. Through knowing the property names, you can bulk import users from a spreadsheet using a rich selection of LDAP attributes. The trick is getting the correct fields in the first row or header of your import file.
I have added a whole detailed section on ADSI Edit here
Example of ADSI
My tactic is to find a user in ADSI edit, for example Guy Thomas. Then I was able to match the user’s properties in Active Directory Users and Computers (See here) with the LDAP attributes [Right Diagram]
LDAP Properties
For more detail, right-click a user and select properties, here [below] are two examples:
The mandatory objects are worth noting
You may wish to drill down one more layer. Here is a view of the LDAP attributes for the important DN = distinguishedName. If it were necessary you could use ADSI Edit to actually make changes to the LDAP names.
Guy Recommends: Permissions Analyzer – Free Active Directory Tool
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Download Permissions Analyser – Free Active Directory Tool
Where Do You Get ADSI Edit?
When ever you discover a useful utility such as ADSI Edit, always make a note of where it comes from. The best place to get ADSI Edit is from the support folder of the Windows Server 2003/8 CD. You can also find the executable in many of Microsoft’s Resource Kits. Failing all else you can download ADSI Edit here
What Do You Need to Run ADSI Edit
You need very little to get started with ADSI Edit. I love the MMC (Microsoft Management Console), so I just add ADSI Edit as extra Snap-in to my console. Here is a sure way to launch ADSI Edit, Start, run MMC. File (Menu) Add Remove Snap-in, ADSI Edit.
Once ADSI Edit launches you need to decide on the Naming Context. For scripting, and Active Directory Users and Computers properties, you normally select Domain. However, with TechNet pay close attention as to whether you need the Configuration or Domain naming context. After a while I expect that you will add both contexts to the snap-in.
Download your eBook: How to create users with a VBScript- only $6.25
Save hours of frustration and buy Guy’s eBook. The features include: detailed examples on how to import LDAP properties from a spreadsheet, Do…Loop Until explained, connect to your domain with RootDSE.
You get a printer friendly version with copy enabled, and no expiry date.
