We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Different between GetObject("WinNT://" & domain) and GetObject("LDAP://" & domain)

Abdu_Allah
Abdu_Allah asked
on
Medium Priority
8,670 Views
Last Modified: 2007-12-19
hi, I just want to know what is the different  between GetObject("WinNT://" & domain) and GetObject("LDAP://" & domain)?

Thanks.
Comment
Watch Question

Commented:
LDAP was built for email gateways to communicate with the domain. the GetObject WinNT is the back-door of sorts right into the domain. you still can't retreive passwords with it, but you can do basically the same things in both of them, just with different commands.
Raju SrivatsavayeSoftware Engineer

Commented:
("WinNT://" & domain) seems to be Windows NT Authetication user domain

("LDAP://" & domain) is LDAP server domain(Its an active directory used mostly internally for storing email addresses and logins etc..)

Author

Commented:
>you still can't retreive passwords

I can change paswords, add user, delete user etc , look here: http://dev.coadmin.dk/Resources/ADSI%20SDK%205%20HTML/winnt.htm#bind_domain
Commented:
but you can't get a password from the domain. there isn't any method available (that i've ever heard of) including the active directory MMC snapin that will display a user's password.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Commented:
This simple question can have lots of explanation :o)

In active directory domains, there are more things can be done with the object returned with LDAP syntax than the one with WinNT. But you can't use the LDAP provider in NT domains nor can you use it to manage local computer accounts. In this case, use WinNT instead. LDAP provider supports hierarchical structure in which you can group objects into logical units, e.g. Organization Units or into Security units like Global Security Groups. On the other hand, WinNT supports a flat namespace and is blinds to the hierarchy of objects. There are also some incompability issues in attributes naming and usage. E.g. displayName, scriptPath and userAccountControl attributes are recognized only by LDAP. With WinNT, those attributes are called displayName, scriptPath and userAccountControl.

Some good reading.
http://msdn.microsoft.com/library/en-us/adsi/adsi/adsi_ldap_provider.asp
http://msdn.microsoft.com/library/en-us/adsi/adsi/adsi_winnt_provider.asp

From .NET Framework programming standpoint, you are always better off using the System.DirectoryServices API than the traditional COM GetObject syntax. The API can give all you need to explore your active directory forest.

http://msdn.microsoft.com/library/en-us/sds/sds/portal.asp


Henry

Author

Commented:
I want to access domains information(Such as domains' users etc) using Active Directory so which one should I use?

Author

Commented:
[Points raised to 500]

Commented:
LDAP

Author

Commented:
Why? GetObject("WinNT://" & domain) does not work on AD or what?!

Commented:
It also works on active directory domains, it's just hat LDAP provider provides more facilities compare to WinNT.

E.g. in Win2K or Win2K3 AD domains
-  you can't reset password with WinNT
-  you can't change password with WinNT
etc.

Author

Commented:
I returned back the points to 500 since they are in different TA and different participants.

Author

Commented:
I increased the points after the discussion raised many other branched questions which they are different somehow in the two threads...this is why I increased the points. please return them back to 500
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.