Secure LDAP object manipulation with VBscript using alternate credentials

前端未结

关注

 1  725

I\'m aware of using ADsDSOobject with explicit credentials to connect to an AD object to read attributes, list members, etc. And the GetObject(\"LDAP//...\") method for man

相关标签:

1条回答

挽巷

2020-12-18 03:05

In VBScript, very often, you are using ADSI to add user to group. Here is a sample code to add a user to a domain group

Set objUser = GetObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com")
Set objGroup = GetObject("LDAP://CN=group1,DC=fabrikam,DC=com")
objGroup.add(objUser.ADsPath)

It works fine but it's always using your current user credentails. It's because GetObject doesn't allow you to specify alternate credentials.

To specify another credentails, you need to replace GetObject by OpenDSObject

Const ADS_SECURE_AUTHENTICATION = 1
Set openDS = GetObject("LDAP:") 

Set objUser = openDS.OpenDSObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

Set objGroup = openDS.OpenDSObject("LDAP://CN=group1,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

objGroup.add(objUser.ADsPath)

0 讨论(0)