Script Tips
ADSI Connections with a Twist
How to connect with alternate credentials, this time with an ADSI twist.
In my "
Split Personality" column a few weeks ago, I showed you how to specify alternate credentials for WMI connections. This time, it's all about alternate credentials in ADSI connections.
Like WMI connections, ADSI connections are most often made using the GetObject() function and either the LDAP or WinNT provider:
Set objDomain = GetObject("LDAP://dc=company,dc=com")
However, unlike WMI, you can use almost the same thing to include alternate credentials:
Const ADS_SECURE_AUTHENTICATION = 1
'Specify alternate credentials
strUserDN = "cn=Administrator,cn=Users,dc=company,dc=com"
strPassword = InputBox("Enter password for " _
& "[email protected]")
'Connect to the domain
Set objRoot = GetObject("LDAP:")
Set objDomain = _
objRoot.OpenDSObject("LDAP://dc=company,dc=com", _
strUserDN, strPassword, ADS_SECURE_AUTHENTICATION)
Here, GetObject() is just being used to activate the local LDAP provider. It’s OpenDSObject() method, which accepts alternate credentials, is used to actually execute the LDAP query.
Note that the username portion of the alternate credentials is a fully-qualified distinguished name (FQDN). And, just like the last tip, note that I didn’t hard-code the password in the script: I prompted for it, using InputBox(). Remember that there is no safe way to hard-code credentials into a script. Again, if you’re thinking the Microsoft Script Encoder will protect the credentials from prying eyes, do a Google search for "Microsoft Script Decoder" and think again.
About the Author
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.