Secure LDAP object manipulation with VBscript using alternate credentials

vbscript active-directory ldap
15,916

In VBScript, very often, you are using ADSI to add user to group. Here is a sample code to add a user to a domain group

Set objUser = GetObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com")
Set objGroup = GetObject("LDAP://CN=group1,DC=fabrikam,DC=com")
objGroup.add(objUser.ADsPath)

It works fine but it's always using your current user credentails. It's because GetObject doesn't allow you to specify alternate credentials.

To specify another credentails, you need to replace GetObject by OpenDSObject

Const ADS_SECURE_AUTHENTICATION = 1
Set openDS = GetObject("LDAP:") 

Set objUser = openDS.OpenDSObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

Set objGroup = openDS.OpenDSObject("LDAP://CN=group1,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

objGroup.add(objUser.ADsPath)
Share:
15,916
Skatterbrainz
Author by

Skatterbrainz

I came. I saw. I procrastinated.

Updated on June 13, 2022

Comments

  • Skatterbrainz
    Skatterbrainz almost 2 years

    I'm aware of using ADsDSOobject with explicit credentials to connect to an AD object to read attributes, list members, etc. And the GetObject("LDAP//...") method for manipulating those objects (adding group members, changing properties, etc.), but is there a way to manipulate attributes and memberships with explicit credentials?

    The first method I'm referring to is something like...

    Set conn = Server.CreateObject("ADODB.Connection")
Set cmd = Server.CreateObject("ADODB.Command")
conn.Provider = "ADsDSOobject"
conn.Properties("User ID") = AD_Username
conn.Properties("Password") = AD_Password
conn.Properties("Encrypt Password") = True
conn.Open "Active Directory Provider"
Set cmd.ActiveConnection = conn

    But none of the script examples that perform tasks like adding a user to a domain group can use this approach as far as I know. Is there a way to do that somehow?

  • Skatterbrainz
    Skatterbrainz about 13 years
    Thanks Harvey! I don't know why I didn't see that before.
  • ratna
    ratna almost 5 years
    @Harvey Hello Harvey , I'm facing similar problem . I want to fetch user details from active directory using alternate credentials . Can you give me any sample code of it . Any example , any clue will be fine . I posted my question in stackoverflow . can you look into this stackoverflow.com/questions/56183055/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Excel VBA - Getting a users LDAP string correct
What are the other alternative to test a LDAP connection on linux machine
LDAP: How to add a new user to a group inside an OU
VBScript Error when calling GetObject("WinNT://JohnDoe,User")
How best to recursively query AD Group membership in ASP.NET (using vb)
Adding users to AD using LDAP
Query active directory to get a user's roles in .NET
How to retrieve DirectoryEntry from a DirectoryEntry and a DN
LDAP Error "User Name Not Found"
Using LDAP functions to get Active Directory tokenGroups attribute in PHP