How to crate/delete users in Active Directory using php?

I have created a system for administrating users, that is based on mysql, and PHP. I need to conect to AD-and create and delete users, from the webpage? How can I do this.

I have tested out some php examples that connect to AD throug LDAP, and read out data. But i need somethinh that can write back.

Who is Participating?
chqshaitanConnect With a Mentor Commented:
ah from linux.. interesting :) nothing to stop you from enabling telnet on the windows server(except for the security concerns) and writing a script that will send the commands via telnet.

Or you could write a small php commandline app that runs on the windows domain controller, and checks a text file(database table) say on the linux box, and creates the associated user?

there are various commandline utils that you can do this with. You didnt mention what version of ad you are running on so this may not be correct, but check out

ds add -->
andomanAuthor Commented:
Thanks, the link looks interresting.

But I`m running the AD on a Windows 2003-server. And I want to connect with php running on apache on linux.

So I`m looking for a tool that run commands on a linux-box, that connect to AD and do stuff.

Some other tip?
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

or you could look at linking linux and ad together.

have a read of the following :
To do what you want, use an LDAP connection:

See this link for a examples and troubleshooting:

I made some php scripts to create and delete users in AD.
All the info I needed was available on
Check this site for more info:

The commands you will mostly be interested in are:
ldap_add to create an AD object
ldap_mod_add to add the user to AD groups
ldap_delete to delete an AD object.

ldap_rename and ldap_modify can also be very useful.

Good luck.
andomanAuthor Commented:
Managed to do what I wanted with telnet, expect sripts, and PHP.

php, is calling an expectscript with a set of arguments that is pushed to the windows-server via telnet(unsecure, and unencrypted).

Used asadd, and dsrm, thats part of windows command line tool, to modify AD.

Do not use this solution in any unsecure enviorment.!!
It is a much better solution som implement ldap-support.
All Courses

From novice to tech pro — start learning today.