I would like to add that ASP is funny. I have seen occasions where serverless binding acts hokey but if you specify a server it works just fine. In fact in the Notes from the Field book there is a cool website by Dave Trulli called dsinfo that does a serverless bind to a DC of a domain and retrieves the rootdse, it then uses the dnshostname returned in that query to do the rest of the work.
Overall, I never really liked the ASP scripting model and tended to call out to perl CGI scripts to the work. Too often you hear about vbs that works great until it hits an ASP page. Then you have to start debugging access rights and even if those are fine the scripting engines I think are different. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, January 26, 2005 4:17 PM To: [email protected] Subject: RE: [ActiveDir] OT: limiting ldap query to single domain To do what you're after, you'll want to use ADSI with the LDAP provider vs. the WINNT provider. Joe gives a lot of great advice as a way to do what you're after. The query would look something like this with ado: "<LDAP://yourdomaincontroller_for_that_domain/dc=domain,dc=com>;(&(objectCla ss=Person)(objectCategory=User));distinguishedName,name,telephonenumber;subt ree" in your code. Here's an interesting article on getting the domain controllers: http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec04/hey1216. mspx If you're using ASP.NET, this might be of interest: http://www.15seconds.com/issue/020730.htm For just plain old ordinary script ripping though, this one looks pretty like a pretty decent example http://cwashington.netreach.net/depo/view.asp?Index=1011&ScriptType=vbscript (note the strLDAPpath variable and how it's syntax is written; note: don't use the whole script unless you want them to e able to disable the user accounts :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Wednesday, January 26, 2005 2:49 PM To: '[email protected]' Subject: RE: [ActiveDir] OT: limiting ldap query to single domain It's a webpage ASP, since we are only reading, permissions shouldn't be a problem. jb -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, January 26, 2005 2:39 PM To: [email protected] Subject: RE: [ActiveDir] OT: limiting ldap query to single domain Sure. Is this VBSCRIPT? What about permissions? Do you have to worry about that? Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Wednesday, January 26, 2005 2:20 PM To: '[email protected]' Subject: RE: [ActiveDir] OT: limiting ldap query to single domain We are working on a phonelist using AD. Because we have multiple domains and domain name spaces, I want to be able to filter each search request by the domain. I want to have drop down the list the domains(a.com,b.com,c.com) they are not subdomains it is a flat forest. Right now we can use the GC and pull information from the entire forest, but we cannot get ldap to work for each domain. A quick domain list A.com Server1.a.com (DC) Server2.a.com (GC) B.com Server1.b.com (DC) Server2.b.com (GC) I need to be able to list users from each domain seperately for the phone list. Hope this clears things up a little. jb -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, January 26, 2005 1:50 PM To: [email protected] Subject: RE: [ActiveDir] OT: limiting ldap query to single domain It would probably be better if you'd tell us what information you're after and how you're going about getting it in your script. If you can post the logic or the whole script that would be helpful. Keep in mind that the GC has a subset of information in it, so there are times when you may need to go to the individual DC's to get the necessary information. al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Wednesday, January 26, 2005 1:36 PM To: '[email protected]' Subject: [ActiveDir] OT: limiting ldap query to single domain We have a large flat AD forest, with separate name spaces (a.com,b.com,c.com,etc) I have a few script questions. First is there a way to retrieve each domain name, using winnt: doesn't work Second, if I use GC, I can read information on all objects, but how can I limit it so I can query only 1 domain at a time. If I use DC I have to query a different DC for each domain. Thanks,jb List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
