THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server (all versions)
DISCUSSION
The script below enumerates the users on an Active Directory domain tree. Change the line "FROM 'LDAP:/dc=example, dc=com' " to point to the domain you want to search. You can use to list all users of the domain specified in the line "dc=rb,dc=net". If this lists all users in the entire tree, then so too should EFT Server’s AD authentication AD provider.
Consider the following issues when configuring the server for AD domains
- Are these AD domains on Windows 2003 or Windows 2000?
- Where is the Global Catalog located (by default it is on the first Domain Controller added to the forest, but it might have been changed)?
- Are the domains running in mixed mode or pure AD mode?
Due to the nature of AD trees, automatic bidirectional and transitive trusts exist between all domains in the same tree. This is why client authentication works; that is a separate process from the enumeration of users.
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Sort On") = "cn"
objCommand.CommandText = _
"SELECT distinguishedName, cn, SamAccountName, adsPath " & _
"FROM 'LDAP://dc=example,dc=com' " & _
"WHERE objectCategory='person'" ' & " (objectClass='user')"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strField = f.Name
strValue = f.Value
strOutput = ""
For i = 20 to Len(strField) step -1
strOutput = strOutput & " "
Next
strOutput = strOutput & "[" & strField & "]"
Wscript.Echo strOutput & " = " & (f.Value)
Next
WScript.Echo
objRecordSet.MoveNext
Loop