Directory Services

Containers and Children

In a directory structure, objects occupy different locations in a hierarchy. There are two basic ways that these objects relate to each other in ADSI. First, the relationship is between a container and its member; second, the relationship is between an object and its child.

A container is an object that holds a collection of similar objects. All the objects in a container share the same Class attribute, but they do not necessarily have related ADsPath attributes. Examples of containers and their members include a namespace and its domains, a domain and its computers, and a user group and its users.

The children of an object are all the items one level below that object in the directory structure. Unlike members of a container, an object's children need not share the same Class, but their ADsPath attributes will be directly related. For example, the children of a domain object include users, computers, global user groups, and other objects whose position in the directory structure is directly beneath the domain.

ADSI container objects all implement the IADsContainer interface, which supports the following properties and methods.

Property Description
Filter Restricts an enumeration of the container's contents to return only objects whose class matches the classes listed in the Filter property.
Count Returns the number of objects in the container, or if the Filter property has been specified, the number of objects of classes specified in the Filter.
Method Description
GetObject Binds the directory item with the specified ADsPath to a named variable.
Create Creates a new object of a specified class in the current container.
Delete Removes an object of the specified class from the current container.
Copyhere Creates a copy of the object with a specified ADsPath in the current container. Be aware that the object must be in the same directory namespace. For example, you cannot copy an object from an LDAP: namespace to a WinNT: namespace.
Movehere Moves the object with a specified ADsPath from its original location to the current container. The same namespace restrictions that apply to the Copyhere method also apply to the Movehere method.

The following sections show how to find the members of a container and the children of a specific object.

Enumerating Container Members

To enumerate the members of a container, use the Members property of the container object.

For Each member In userGroup.Members
	WScript.Echo member.Name
Next

The following code example can be used to list members of the user group Guests and their Description attributes.

Dim userGroup
Dim user

On Error Resume Next
Set userGroup = GetObject("LDAP://DC=Fabrikam,DC=com,CN=guests")
If Err.Number<>0 Then
	WScript.Echo("An error has occurred." & Err.Number)
	Exit Sub
End If

For Each user In userGroup.Members
	WScript.Echo user.Class & ": " & user.Name
	WScript.Echo user.Description
	WScript.Echo
Next

The following code example produces output similar to the following.

User: Guest
Built-in account for guest access to the computer/domain

GlobalGroup: Domain Guests
All domain guests

Listing Object Children

The following code example can be used to list the children of an object.

For Each item In myDomain
	WScript.Echo item.Name
Next

The following code example can be used to list the children of a domain and their Class attributes.

Dim myDomain
Dim item

On Error Resume Next
Set myDomain = GetObject("WinNT://mydomain")
If Err.Number<>0 Then
	WScript.Echo("An error has occurred." & Err.Number)
	Exit Sub
End If

For Each item In myDomain
	WScript.Echo item.Class & ": " & item.Name
Next

Filtering

The following code example can be used to produce output in a large domain. You can limit the data returned from the enumeration of a container by applying a filter to that container.

All ADSI container objects have a Filter property, which is an array of schema class names returned in a given enumeration. The following code example limits the return values to only computers and users in the domain.

On Error Resume Next
Set myDomain = GetObject("LDAP://MyDomain.Fabrikam.com")
If Err.Number<>0 Then
	WScript.Echo("An error has occurred." & Err.Number)
	Exit Sub
End If

myDomain.Filter = Array("computer", "user")
For Each item in myDomain
	WScript.Echo item.Class & ": " & item.Name
Next

Be aware of the Array function in the code example. The Filter property expects an array, and even if only one value should be applied in the filter, it must still be made into an array. Passing the schema class name by itself, without using the Array function, does not raise an error, but no filtering is applied.

The following code example sets the filter to return only services in the domain.

myDomain.Filter = Array("service")

The following code example can be used to change the filter settings and reuse the filter; that is clear its contents by setting it to an empty string.

myDomain.Filter = ""