With ADSI (Active Directory Service Interface), Microsoft offers a COM-component for the access to various directory services. ADSI is a component of Windows 2000.
You can think of ADSI as a kind of ODBC-interface for various directory services. In a network, directory services act as an administration of users and capabilities, e.g. computers, printers, users, and services.
The structure of a directory service is hierarchic, it can be seen as a directory tree: there is a root where you can start from to other entries. The root can contain containers (knots) and leaves. Containers themselves can contain other entries while leaves mark the end of a branch in a directory tree. Every entry in this directory describes an object and has specific attributes. This can be illustrated with the Windows file system: the hard disk C: is the root, the directories/folders are the containers, and the files are the leaves.
Examples for directory systems which are supported by ADSI are: WinNT (access to Windows NT), GC (Windows 2000 Global Catalog), IIS (Internet Information Server Metabase), NWCOMPAT (Novell NetWare 3.x), NDS (Novell NetWare 4.x), and LDAP-directories.
The directory service LDAP will especially be considered in this context. LDAP (Lightweight Directory Access Protocol) was developed at the University of Michigan in the early 90’s and allows an easier access to the directory services of X.500 protocol. LDAP is based on TCP/IP and uses the port number 389. More and more firms integrate LDAP in their products, e.g., Microsoft with its products Exchange, Windows 2000, and Site Server.
Search in the Exchange LDAP directory
GetObject method, you can get access to a known object or container in the LDAP directory service, making it possible to display the address book.
But, what can you do if you want to search for a user?
In this case, ADSI offers access to the directory entries via OLE-DB. This makes it possible to make enquiries. Note: access via OLE-DB is only a read access. Entries cannot be modified.
The following information is needed for an LDAP-enquiry:
- The starting object of the hierarchy of the directory service.
- Search criteria.
- Attributes of the found objects which should be returned.
- Search depth based on the starting object.
The syntax of the LDAP enquiry is:
<LDAP://Servername/Startobject> ; search criteria ;
returned attributes ; search depth
A characteristic feature of the search criteria is the operators for the definition of the search criteria.
& - logical “and”
| - logical “or”
! - logical “not”
= - equal
> - bigger than
< - smaller than
are put in front of the conditions.
An example: (|(givenname=first name)(sn=surname*)).
The asterisk-symbol (*) can be used as a placeholder for several symbols.
In general, the Exchange Server supports only the use of the asterisk-symbol on the right side. The use of the asterisk-symbol on the left side has to be activated in the Exchange Server under XXXXX first.
There are three possible search depths: BASE (only basic level), ONELEVEL (basic level and first sub level), and SUBTREE (basic level and all following sub levels).
Example: Verify an email address in Exchange
First, an ADO connection to the database is made:
set oConn = CreateObject("ADODB.Connection")
set oCommand = CreateObject("ADODB.Command")
oConn.Provider = "ADsDSOObject"
oConn.Open "Ads Provider"
Then an LDAP enquiry is made and send via ADO to the database:
strServerName = "Exchange01"
strEmail = Request.Form("email")
strQuery = "<LDAP://" & strServername & _
">;(&(objectClass=*)(mail=" & strEmail & _
oCommand.CommandText = strQuery
set oRS = oCommand.Execute
If the enquiry was successful, the results will be given back in a
RecordSet object. The results can then be displayed with the known ADO methods:
if not oRS.eof then
response.write "This email adress is valid."
Response.Write "This email adress is not valid."
Survey on the user’s attributes in the Exchange LDAP
With this method, you can also verify other user attributes that are assigned to every user:
You have to make sure that the InternetUser has rights to access Exchange.
If you put these components together and add a search mask, then you get an easy search possibility for the Exchange address book, e.g., for the intranet.
Download the demo project, then you will see how it works!