Solved

LDAP Connection String Values

Posted on 2009-04-05
2
8,989 Views
Last Modified: 2013-12-24
We have an application that integrates to LDAP.  The example string the vendor shows is:  'LDAP://DomainNm/ou=US,dc=company,dc=com'; however, our domain name is simply company.local.  Does this mean that the string it wants looks like LDAP://company.local,dc=company,dc=local?  I'm not sure if the "/ou=US" is something that is optional, or something that's always required.  Is there an easy way (using adsiedit, perhaps) to determine the proper string for this?

Thanks!
0
Comment
Question by:Chuck Brown
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Expert Comment

by:jwarnken
ID: 24074269
This is something that depends on the structure of you domain.
I would use the rootDSE and "defaultNamingContext" from this example script to make your script dynamic enough to run in any domain
' Users .vbs
' Sample VBScript to create a User in Users .
' Author Guy Thomas http://Computerperformance.co.uk/
' Version 1.3 - September 2005
' ------------------------------------------------------'
Option Explicit
Dim strUser
Dim objRootLDAP, objContainer, objNewUser
strUser = "DomGuy2"
 
' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
objRootLDAP.Get("defaultNamingContext"))
 
' Build the actual User.
Set objNewUser = objContainer.Create("User", "cn=" & strUser)
objNewUser.Put "sAMAccountName", strUser
objNewUser.SetInfo
 
WScript.Quit
 
' End of free sample Create Users VBScript.

Open in new window

0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24076000

> Does this mean that the string it wants looks like LDAP://company.local,dc=company,dc=local?  

It would be:

LDAP://company.local/DC=company,DC=local

It splits into:

<Port>://<Server>/<LDAPBase>

Server in this case is "company.local", if you run "nslookup company.local" you should get back the IP address for each of your Domain Controllers which is why it works quite happily.

In their example they start their search / synchronisation at an Organisational Unit called USA (and everything beneath that). If you wanted to start yours at an OU called All Offices you would write it as:

LDAP://company.local/OU=All Offices,DC=company,DC=local

All it does it help you limit the search, preventing the inclusion of unwanted users / details on the system (typically to avoid the inclusion of all the default accounts, Administrator, Guest, etc, etc).

Chris
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question