Directory Services

Choosing an Interface for Binding

When a directory object is bound to, the caller specifies the type of ADSI interface desired. All ADSI directory objects support the IADs interface. An ADSI object can also support other interfaces. The actual interfaces supported by the object depends on the class of object. For example, a user object supports the IADsUser interface, but will not support the IADsComputer interface.

Automation clients should use the IADs* interfaces because these interfaces are dual-interfaces that provide a greater level of abstraction and provide data using the VARIANT data type.

In addition to the IADs* interfaces, C/C++ clients can use the IDirectoryObject and IDirectorySearch interfaces. These interfaces are not dual-interfaces and do not support automation. These interfaces do provide greater control over exactly which attributes to retrieve and allow access to the raw data stored in a property. For example, when the IADs::Get method is used to retrieve the ntSecurityDescriptor attribute for an object, the IADs::Get method provides an IDispatch interface pointer that supports the IADsSecurityDescriptor interface. The IADsSecurityDescriptor interface is provided by ADSI to represent a security descriptor. In comparison, when the IDirectoryObject::GetObjectAttributes method is used to retrieve the ntSecurityDescriptor attribute, IDirectoryObject::GetObjectAttributes provides an array of bytes that can be cast to a SECURITY_DESCRIPTOR structure. The Win32 security APIs can be used with this data to manipulate the security descriptor.