Secure LDAP object manipulation with VBscript using alternate credentials
In VBScript, very often, you are using ADSI to add user to group. Here is a sample code to add a user to a domain group
Set objUser = GetObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com")
Set objGroup = GetObject("LDAP://CN=group1,DC=fabrikam,DC=com")
objGroup.add(objUser.ADsPath)
It works fine but it's always using your current user credentails. It's because GetObject
doesn't allow you to specify alternate credentials.
To specify another credentails, you need to replace GetObject
by OpenDSObject
Const ADS_SECURE_AUTHENTICATION = 1
Set openDS = GetObject("LDAP:")
Set objUser = openDS.OpenDSObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com",
"username",
"password",
ADS_SECURE_AUTHENTICATION)
Set objGroup = openDS.OpenDSObject("LDAP://CN=group1,DC=fabrikam,DC=com",
"username",
"password",
ADS_SECURE_AUTHENTICATION)
objGroup.add(objUser.ADsPath)
Comments
-
Skatterbrainz almost 2 years
I'm aware of using ADsDSOobject with explicit credentials to connect to an AD object to read attributes, list members, etc. And the GetObject("LDAP//...") method for manipulating those objects (adding group members, changing properties, etc.), but is there a way to manipulate attributes and memberships with explicit credentials?
The first method I'm referring to is something like...
Set conn = Server.CreateObject("ADODB.Connection") Set cmd = Server.CreateObject("ADODB.Command") conn.Provider = "ADsDSOobject" conn.Properties("User ID") = AD_Username conn.Properties("Password") = AD_Password conn.Properties("Encrypt Password") = True conn.Open "Active Directory Provider" Set cmd.ActiveConnection = conn
But none of the script examples that perform tasks like adding a user to a domain group can use this approach as far as I know. Is there a way to do that somehow?
-
Skatterbrainz about 13 yearsThanks Harvey! I don't know why I didn't see that before.
-
ratna almost 5 years@Harvey Hello Harvey , I'm facing similar problem . I want to fetch user details from active directory using alternate credentials . Can you give me any sample code of it . Any example , any clue will be fine . I posted my question in stackoverflow . can you look into this stackoverflow.com/questions/56183055/…