Directory Services


The ADsOpenObject function binds to an ADSI object using explicit username and password credentials.ADsOpenObject is a wrapper function for IADsOpenDSObject and is equivalent to the IADsOpenDSObject::OpenDsObject method.

HRESULT ADsOpenObject(
  LPWSTR lpszPathName,
  LPWSTR lpszUserName,
  LPWSTR lpszPassword,
  DWORD dwReserved,
  REFIID riid,
  VOID** ppObject


[in] The null-terminated Unicode string that specifies the ADsPath of the ADSI object. For more information and examples of binding strings for this parameter, see LDAP ADsPath and WinNT ADsPath.
[in] The null-terminated Unicode string that specifies the user name to supply to the directory service to use for credentials.
[in] The null-terminated Unicode string that specifies the password to supply to the directory service to use for credentials.
[in] Provider-specific authentication flags used to define the binding options. For more information, see ADS_AUTHENTICATION_ENUM.
[in] Interface identifier for the requested interface on this object.
[out] Pointer to a pointer to the requested interface.

Return Values

This method supports the standard HRESULT return values, including the following.

For more information and other return values, see ADSI Error Codes.

Return Code Description
S_OK Binding to the specified object succeeded.


A C/C++ client calls the ADsOpenObject helper function to bind to an ADSI object, using the user name and password supplied as credentials for the appropriate directory service. If lpszUsername and lpszPassword are NULL and ADS_SECURE_AUTHENTICATION is set, ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating.

The credentials passed to the ADsOpenObject function are used only with the particular object bound to and do not affect the security context of the calling thread. This means that, in the example below, the call to ADsOpenObject will use different credentials than the call to ADsGetObject.

IADs *padsRoot1;
IADs *padsRoot2;

hr = ADsOpenObject(L"LDAP://rootDSE",

hr = ADsGetObject(L"LDAP://rootDSE",

The ADsOpenObject function ignores the dwReserved flag when attempting to bind to an NDS or NWCOMPAT object.

To work with the WinNT: provider, you can pass in lpszUsername as one of the following strings:

With the LDAP provider for Active Directory, you may pass in lpszUsername as one of the following strings:

If Kerberos authentication is required for the successful completion of a specific directory request using the LDAP provider, the lpszPathName binding string must use either a serverless ADsPath, such as "LDAP://CN=Jeff Smith, CN=admin, DC=Fabrikam, DC=com", or it must use an ADsPath with a fully-qualified DNS server name, such as "LDAP:// Smith, CN=admin, DC=Fabrikam, DC=com". Binding to the server using a flat NETBIOS name or a short DNS name (for example, using the short name "central3" instead of "") may or may not yield Kerberos authentication.

The following code example shows how to bind to a directory service object with the requested user credentials.

IADs *pObject;
LPWSTR szUsername = NULL;
LPWSTR szPassword = NULL

// Insert code to securely retrieve the username and password.

hr = ADsOpenObject(L"LDAP://CN=Jeff,DC=Fabrikam,DC=com",
				 (void**) &pObject);


Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Adshlp.h.
Library: Use ActiveDS.lib.

See Also

ADSI Error Codes, ADSI Functions, IADsOpenDSObject, IADsOpenDSObject::OpenDsObject, Binding, ADsOpenObject and IADsOpenDSObject::OpenDsObject