I just read what your code is trying to do (should have before I posted, not just reply's). An additional point above and beyond discovery is detection of the DSA once connected. For that the most reliable mechanism is looking at supportedCapabilities off of RootDSE. Through that you can figure out if it is AD vs. ADAM, and also what version of each (AD on 2000, 2003, etc.) ~Eric
________________________________ From: Eric Fleischman Sent: Thu 8/12/2004 8:37 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value It is worth noting that the detection of ADAM, even using mechanisms Carlos outlined, is not nearly as robust as AD. It is a much higher overhead and he is also making assumptions (like you are an admin on all remote systems that you scan if looking in the registry, or you blindly scan ports across the network and probably annoy some others). SCPs are a realiable way to detect ADAM instances assuming that ADAM/AD are configured to allow the registration of them. However using SCPs assumes 1) ADAM is running in a domain that is >=2k (not NT4) 2) ADAM service account is successfully registering those SCPs 3) You know what forest an instance is running in (further remember that not all instances have to run in the same forest). The lack of robust DSA discovery was an intentional tradeoff we made when we allowed you to create NCs that have no alignment with DNS in any way. The fact that domain NCs align with a DNS namespace and we manditate the registration of those records means we can assume that certain records (SRV, A, etc.) are present for DSAs in that domain. Since ADAM has no such mandate to give the administrator flexibility, we lost the ability to make that assumption. My $0.02 ~Eric ________________________________ From: [EMAIL PROTECTED] on behalf of Harpreet_Kapoor Sent: Thu 8/12/2004 5:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Hi , Thank you so much... I have not worked much on ADAM and you being a great help.. Can you send me the tool that you have prepared and tell me the changes that I need to make to my code in order to detect ADAM ? I shall be thankful if you do so. Also, how do I set the defaultNamingContext manually? Thanks, Harry ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Thursday, August 12, 2004 1:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Harry, ADAM does not implement the domainDNS structure like Active Directory does, instead it uses Application Partitions in your case "dc=abcd,dc=com" , I am not saying that you can not add or use domainDNS, I am just trying to highlight that ADAM was not designed to work with the domainDNS structure like Active Directory was. You will also find that your RootDSE - defaultNamingContext is not populated by default as it is in Active Directory. You have to populate this attribute manually (very easy). Now about your code, I am not sure what you mean by "trying to find the value of ObjectClass" are you trying to find all objects using the LDAP filter "ObjectClass=*" ? The objectClass attribute contains the class of which the object is an instance, as well as all classes from which that class is derived. If you would like to see more detail including some code (which is what I think you trying to do) here is the link - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/retrieving_the_objectclass_property.asp Let us know how it goes. I also strongly suggest that you read ADAM's technical reference document, alot of work was put into it explaining these concepts and is one of the best ADAM documents around you can find it here -- http://www.microsoft.com/downloads/details.aspx?familyid=96c660f7-d932-4f59-852c-2844b343f3e0&displaylang=en AD, ADAM or any LDAP programming? - http://groups.yahoo.com/group/adsianddirectoryservices Carlos Magalhaes Active Directory Programming MVP ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harpreet_Kapoor Sent: Thursday, August 12, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADAM attribute value We are trying to find the value of the "objectClass" attribute in ADAM. For this we wrote the following code : char *attrs[2] = {"objectClass", NULL}; LDAPMessage* result = NULL; int nResult = ldap_search_s (ld, "dc=abcd,dc=com", LDAP_SCOPE_SUBTREE, "objectClass=*", attrs, 0, &result); if (nResult != LDAP_SUCCESS) { return LDAPUTIL_GETVERSIONFAIL; } int nentries = ldap_count_entries(ld, result); if (nentries <= 0) { if (result != NULL) ldap_msgfree (result); return LDAPUTIL_SUCCESS; } LDAPMessage* e = ldap_first_entry (ld, result); char** vals = ldap_get_values (ld, e, attrs[0] ); int i=0; if (vals != NULL) { if (vals[i] != NULL) { cout<<"\n val[i] "<<vals[i]<<endl; i++; } ldap_value_free (vals); } if (result != NULL) ldap_msgfree (result); nResult = ldap_compare_s (ld, dcRoot, "objectClass","domainDNS"); if ((nResult == LDAP_COMPARE_TRUE)) { cout<<"Active Directory Application Mode(ADAM)"; return LDAP_SUCCESS; } Actually,our main aim is to find the value of objectClass for ADAM(Active Directory Application Mode)for use in ldap_compare_s().This is why we wrote the code above to find the value of the objectclass parameter. I have the following questions: 1)We have observed that domainDNS works for Active Directory.Does it also work for ADAM? In our case,it does not.If it does not,what is the attribute value of objectClass in case of ADAM?In my case, ldap_compare_s returns the value 0x10 which means that the attribute does not exist. However,in ADAM ,I can clearly see the attribute.But when I give this value in ldap_compare_s(), it returns the error code 0x10.Is there any other attribute which can be used to identify the dc objects on ADAM just as objectclass and its value domainDNS work for Active Directory. 2)ldap_get_values() returns a NULL .What could be the possible solution? My configuration settings: Root DN : dc=abcd,dc=com Thanks, Harry List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
