问题
I am writing a VBScript which will run on a computer that is not yet a member of the domain but needs to make a query against Active Directory to check a group's membership (as a step in the build process while re-imaging a computer).
The script will have access to the credentials (i.e., user name and password) for a domain user account when it runs.
At the point in the script where this query is made against Active Directory, how can I use the domain credentials in order to authenticate and have the query succeed?
Please note: The domain does not support anonymous queries.
In How Can I Run a Script Under Alternate Credentials? (Hey, Scripting Guy! Blog), I found sample code which would work if I already knew the distinguished name of the computer:
Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_ENCRYPTION = 2
strAdsiPath = "LDAP://" & strDistinguishedName ' But I don't know the DN yet
strUser = "domain\user"
strPassword = "password"
Set objDso = GetObject("LDAP:")
Set objComputer = objDso.OpenDSObject(strAdsiPath, _
strUser, _
strPassword, _
ADS_USE_ENCRYPTION OR ADS_SECURE_AUTHENTICATION)
From there, I could examine the objComputer variable to find the group membership.
In an answer to Secure LDAP object manipulation with VBscript using alternate credentials, there is also sample code which will work as long as the LDAP path to the object is known.
Since I don't know a way to get the distinguished name of the computer before I've successfully authenticated, I can't see how to use code like the sample above.
Is there another method other than OpenDSObject() which will allow me to pass credentials, or another way for me to get the distinguished name?
来源:https://stackoverflow.com/questions/14655718/how-to-make-an-active-directory-query-from-vbscript-on-a-non-domain-computer-usi