| Directory Services |
In a directory structure, objects occupy different locations in a hierarchy. There are two basic ways that these objects relate to each other in ADSI. First, the relationship is between a container and its member; second, the relationship is between an object and its child.
A container is an object that holds a collection of similar objects. All the objects in a container share the same Class attribute, but they do not necessarily have related ADsPath attributes. Examples of containers and their members include a namespace and its domains, a domain and its computers, and a user group and its users.
The children of an object are all the items one level below that object in the directory structure. Unlike members of a container, an object's children need not share the same Class, but their ADsPath attributes will be directly related. For example, the children of a domain object include users, computers, global user groups, and other objects whose position in the directory structure is directly beneath the domain.
ADSI container objects all implement the IADsContainer interface, which supports the following properties and methods.
| Property | Description |
|---|---|
| Filter | Restricts an enumeration of the container's contents to return only objects whose class matches the classes listed in the Filter property. |
| Count | Returns the number of objects in the container, or if the Filter property has been specified, the number of objects of classes specified in the Filter. |
| Method | Description |
|---|---|
| GetObject | Binds the directory item with the specified ADsPath to a named variable. |
| Create | Creates a new object of a specified class in the current container. |
| Delete | Removes an object of the specified class from the current container. |
| Copyhere | Creates a copy of the object with a specified ADsPath in the current container. Be aware that the object must be in the same directory namespace. For example, you cannot copy an object from an LDAP: namespace to a WinNT: namespace. |
| Movehere | Moves the object with a specified ADsPath from its original location to the current container. The same namespace restrictions that apply to the Copyhere method also apply to the Movehere method. |
The following sections show how to find the members of a container and the children of a specific object.
To enumerate the members of a container, use the Members property of the container object.
For Each member In userGroup.Members WScript.Echo member.Name Next
The following code example can be used to list members of the user group Guests and their Description attributes.
Dim userGroup
Dim user
On Error Resume Next
Set userGroup = GetObject("LDAP://DC=Fabrikam,DC=com,CN=guests")
If Err.Number<>0 Then
WScript.Echo("An error has occurred." & Err.Number)
Exit Sub
End If
For Each user In userGroup.Members
WScript.Echo user.Class & ": " & user.Name
WScript.Echo user.Description
WScript.Echo
Next
The following code example produces output similar to the following.
User: Guest Built-in account for guest access to the computer/domain GlobalGroup: Domain Guests All domain guests
The following code example can be used to list the children of an object.
For Each item In myDomain WScript.Echo item.Name Next
The following code example can be used to list the children of a domain and their Class attributes.
Dim myDomain
Dim item
On Error Resume Next
Set myDomain = GetObject("WinNT://mydomain")
If Err.Number<>0 Then
WScript.Echo("An error has occurred." & Err.Number)
Exit Sub
End If
For Each item In myDomain
WScript.Echo item.Class & ": " & item.Name
Next
The following code example can be used to produce output in a large domain. You can limit the data returned from the enumeration of a container by applying a filter to that container.
All ADSI container objects have a Filter property, which is an array of schema class names returned in a given enumeration. The following code example limits the return values to only computers and users in the domain.
On Error Resume Next
Set myDomain = GetObject("LDAP://MyDomain.Fabrikam.com")
If Err.Number<>0 Then
WScript.Echo("An error has occurred." & Err.Number)
Exit Sub
End If
myDomain.Filter = Array("computer", "user")
For Each item in myDomain
WScript.Echo item.Class & ": " & item.Name
Next
Be aware of the Array function in the code example. The Filter property expects an array, and even if only one value should be applied in the filter, it must still be made into an array. Passing the schema class name by itself, without using the Array function, does not raise an error, but no filtering is applied.
The following code example sets the filter to return only services in the domain.
myDomain.Filter = Array("service")
The following code example can be used to change the filter settings and reuse the filter; that is clear its contents by setting it to an empty string.
myDomain.Filter = ""