locked
Questions about a few things LDAP RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User958028122 posted

    I am really new to LDAP programming with ASP.net 2.0 and I had a few questions...

    First off, when searching for objects in AD when should you use the RootDSE object instead of the regular LDAP:\\OU=OUName,DC=DCName,DC=Com?

    Second, I snagged a code snippit to help me learn and (code posted below) had a few questions about the code, first can you tell which computers are orphaned or disabled using this method, also can you see which stations haven't changed their passwords in say over 60 days?  Same questions about user accounts (I havent ventured into user accounts just yet).  I am learning as I go and would really appreciate any help you guys can provide :)

    

    Imports System.DirectoryServices
    

    Partial Class Test
    

    Inherits System.Web.UI.Page
    

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    

    Dim adsRoot As New DirectoryEntry(LDAP://OU=OUName,DC=DCName,DC=Com)
    

    Dim adsUser, adsComputer As DirectoryEntry
    

    Dim strCompName As String
    

    Dim ocnt As Integer
    

    For Each adsComputer In adsRoot.Children
    

    If adsComputer.SchemaClassName = "computer" Then
    

    strCompName = Mid(adsComputer.Name, 4)
    

    Response.Write(strCompName & ":")
    

    Response.Write(adsComputer.Properties("whenCreated").Value & ":")
    

    Response.Write(adsComputer.Properties("operatingsystem").Value & " ")
    

    Response.Write(adsComputer.Properties("operatingsystemservicePack").Value & " ")
    

    'Response.Write(adsComputer.Properties("lastLogon").Value)
    

    ocnt = ocnt + 1
    

    Try
    

    'adsUser = New DirectoryEntry("WinNT://" & Trim(strCompName) & "/Administrator")
    

    'Response.Write(adsUser.Properties("MaxPasswordAge").Value / 86400 & ", ")
    

    'Response.Write(adsUser.Properties("MinPasswordLength").Value & ", ")
    

    'Response.Write(adsUser.Properties("PasswordHistoryLength").Value & ", ")
    

    'Response.Write(adsUser.Properties("MaxBadPasswordsAllowed").Value & ", ")
    

    'Response.Write(adsUser.Properties("AutoUnlockInterval").Value & ", ")
    

    'Response.Write(adsUser.Properties("LockOutObservationInterval").Value & ", ")
    

    Catch ex As Exception
    

    Response.Write(ex.Message & "<br>")
    

    End Try
    

    Response.Write("<br>")
    

    End If
    

    Next
    

    Response.Write(ocnt & " Workstations Flagged.")

    Sunday, June 4, 2006 2:25 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User958028122 posted

    Imports

    System.DirectoryServices
    Partial

    Class Test

    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    Dim adsRoot As New DirectoryEntry(LDAP://OU=OUName,DC=DCName,DC=Com)

    Dim adsUser, adsComputer As DirectoryEntry

    Dim strCompName As String

    Dim ocnt As Integer

    For Each adsComputer In adsRoot.Children

    If adsComputer.SchemaClassName = "computer" Then
    strCompName = Mid(adsComputer.Name, 4)

    Response.Write(strCompName & ":")
    Response.Write(adsComputer.Properties("whenCreated").Value & ":")
    Response.Write(adsComputer.Properties("operatingsystem").Value & " ")
    Response.Write(adsComputer.Properties("operatingsystemservicePack").Value & " ")

    'Response.Write(adsComputer.Properties("lastLogon").Value)
    ocnt = ocnt + 1


    Try

    'adsUser = New DirectoryEntry("WinNT://" & Trim(strCompName) & "/Administrator")

    'Response.Write(adsUser.Properties("MaxPasswordAge").Value / 86400 & ", ")

    'Response.Write(adsUser.Properties("MinPasswordLength").Value & ", ")

    'Response.Write(adsUser.Properties("PasswordHistoryLength").Value & ", ")

    'Response.Write(adsUser.Properties("MaxBadPasswordsAllowed").Value & ", ")

    'Response.Write(adsUser.Properties("AutoUnlockInterval").Value & ", ")

    'Response.Write(adsUser.Properties("LockOutObservationInterval").Value & ", ")

    Catch ex As Exception
    Response.Write(ex.Message &

    "<br>")

    End Try
    Response.Write("<br>")

    End If

    Next
    Response.Write(ocnt & " Workstations Flagged.")

    Monday, June 5, 2006 9:54 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1354132231 posted
    The RootDSE is the boot-strapper for LDAP.  It allows you to look up values for the directory and choose what to do.  It also tells you where partitions are located that you can use.

    For searching, if you already know your path, then use it.  If you don't know your path, you can use the RootDSE to dynamically discover it and build the path.
    Tuesday, June 6, 2006 4:40 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1354132231 posted

    Second, I snagged a code snippit to help me learn and (code posted below) had a few questions about the code, first can you tell which computers are orphaned or disabled using this method, also can you see which stations haven't changed their passwords in say over 60 days?  Same questions about user accounts (I havent ventured into user accounts just yet).  I am learning as I go and would really appreciate any help you guys can provide :)



    Computer accounts are exactly the same as user accounts for this type of thing.  What you are asking is a very long post if I had to write it again.  Luckily, you can read all about password expiration and more if you just click through the link for the first post in this forum called Samples Available and download the sample chapter from my book's website.  It has all about password stuff in much more detail than I would care to write again. :)
    Tuesday, June 6, 2006 4:45 PM