Different between GetObject("WinNT://" & domain) and GetObject("LDAP://" & domain)

hi, I just want to know what is the different  between GetObject("WinNT://" & domain) and GetObject("LDAP://" & domain)?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LDAP was built for email gateways to communicate with the domain. the GetObject WinNT is the back-door of sorts right into the domain. you still can't retreive passwords with it, but you can do basically the same things in both of them, just with different commands.
Raju SrivatsavayeSoftware EngineerCommented:
("WinNT://" & domain) seems to be Windows NT Authetication user domain

("LDAP://" & domain) is LDAP server domain(Its an active directory used mostly internally for storing email addresses and logins etc..)
Abdu_AllahAuthor Commented:
>you still can't retreive passwords

I can change paswords, add user, delete user etc , look here: http://dev.coadmin.dk/Resources/ADSI%20SDK%205%20HTML/winnt.htm#bind_domain
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

but you can't get a password from the domain. there isn't any method available (that i've ever heard of) including the active directory MMC snapin that will display a user's password.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
This simple question can have lots of explanation :o)

In active directory domains, there are more things can be done with the object returned with LDAP syntax than the one with WinNT. But you can't use the LDAP provider in NT domains nor can you use it to manage local computer accounts. In this case, use WinNT instead. LDAP provider supports hierarchical structure in which you can group objects into logical units, e.g. Organization Units or into Security units like Global Security Groups. On the other hand, WinNT supports a flat namespace and is blinds to the hierarchy of objects. There are also some incompability issues in attributes naming and usage. E.g. displayName, scriptPath and userAccountControl attributes are recognized only by LDAP. With WinNT, those attributes are called displayName, scriptPath and userAccountControl.

Some good reading.

From .NET Framework programming standpoint, you are always better off using the System.DirectoryServices API than the traditional COM GetObject syntax. The API can give all you need to explore your active directory forest.


Abdu_AllahAuthor Commented:
I want to access domains information(Such as domains' users etc) using Active Directory so which one should I use?
Abdu_AllahAuthor Commented:
[Points raised to 500]
Abdu_AllahAuthor Commented:
Why? GetObject("WinNT://" & domain) does not work on AD or what?!
It also works on active directory domains, it's just hat LDAP provider provides more facilities compare to WinNT.

E.g. in Win2K or Win2K3 AD domains
-  you can't reset password with WinNT
-  you can't change password with WinNT
Abdu_AllahAuthor Commented:
I returned back the points to 500 since they are in different TA and different participants.
Abdu_AllahAuthor Commented:
I increased the points after the discussion raised many other branched questions which they are different somehow in the two threads...this is why I increased the points. please return them back to 500
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.