• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9052
  • Last Modified:

LDAP Connection String Values

We have an application that integrates to LDAP.  The example string the vendor shows is:  'LDAP://DomainNm/ou=US,dc=company,dc=com'; however, our domain name is simply company.local.  Does this mean that the string it wants looks like LDAP://company.local,dc=company,dc=local?  I'm not sure if the "/ou=US" is something that is optional, or something that's always required.  Is there an easy way (using adsiedit, perhaps) to determine the proper string for this?

Thanks!
0
Chuck Brown
Asked:
Chuck Brown
1 Solution
 
jwarnkenCommented:
This is something that depends on the structure of you domain.
I would use the rootDSE and "defaultNamingContext" from this example script to make your script dynamic enough to run in any domain
' Users .vbs
' Sample VBScript to create a User in Users .
' Author Guy Thomas http://Computerperformance.co.uk/
' Version 1.3 - September 2005
' ------------------------------------------------------'
Option Explicit
Dim strUser
Dim objRootLDAP, objContainer, objNewUser
strUser = "DomGuy2"
 
' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
objRootLDAP.Get("defaultNamingContext"))
 
' Build the actual User.
Set objNewUser = objContainer.Create("User", "cn=" & strUser)
objNewUser.Put "sAMAccountName", strUser
objNewUser.SetInfo
 
WScript.Quit
 
' End of free sample Create Users VBScript.

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

> Does this mean that the string it wants looks like LDAP://company.local,dc=company,dc=local?  

It would be:

LDAP://company.local/DC=company,DC=local

It splits into:

<Port>://<Server>/<LDAPBase>

Server in this case is "company.local", if you run "nslookup company.local" you should get back the IP address for each of your Domain Controllers which is why it works quite happily.

In their example they start their search / synchronisation at an Organisational Unit called USA (and everything beneath that). If you wanted to start yours at an OU called All Offices you would write it as:

LDAP://company.local/OU=All Offices,DC=company,DC=local

All it does it help you limit the search, preventing the inclusion of unwanted users / details on the system (typically to avoid the inclusion of all the default accounts, Administrator, Guest, etc, etc).

Chris
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now