使用备用凭据通过 VBscript 安全地操作 LDAP 对象 [英] Secure LDAP object manipulation with VBscript using alternate credentials

问题描述

我知道使用带有显式凭据的 ADsDSOobject 来连接到 AD 对象以读取属性、列出成员等.以及用于操作这些对象的 GetObject("LDAP//...") 方法(添加组成员，更改属性等)，但是有没有办法使用显式凭据来操作属性和成员资格?

I'm aware of using ADsDSOobject with explicit credentials to connect to an AD object to read attributes, list members, etc. And the GetObject("LDAP//...") method for manipulating those objects (adding group members, changing properties, etc.), but is there a way to manipulate attributes and memberships with explicit credentials?

我指的第一种方法类似于...

The first method I'm referring to is something like...

Set conn = Server.CreateObject("ADODB.Connection")
Set cmd = Server.CreateObject("ADODB.Command")
conn.Provider = "ADsDSOobject"
conn.Properties("User ID") = AD_Username
conn.Properties("Password") = AD_Password
conn.Properties("Encrypt Password") = True
conn.Open "Active Directory Provider"
Set cmd.ActiveConnection = conn

但据我所知，执行诸如将用户添加到域组之类的任务的脚本示例都不能使用这种方法.有没有办法做到这一点?

But none of the script examples that perform tasks like adding a user to a domain group can use this approach as far as I know. Is there a way to do that somehow?

推荐答案

在 VBScript 中，您经常使用 ADSI 将用户添加到组中.这是将用户添加到域组的示例代码

In VBScript, very often, you are using ADSI to add user to group. Here is a sample code to add a user to a domain group

Set objUser = GetObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com")
Set objGroup = GetObject("LDAP://CN=group1,DC=fabrikam,DC=com")
objGroup.add(objUser.ADsPath) 

它工作正常，但它始终使用您当前的用户凭据.这是因为 GetObject 不允许您指定备用凭据.

It works fine but it's always using your current user credentails. It's because GetObject doesn't allow you to specify alternate credentials.

要指定其他凭据，您需要将 GetObject 替换为 OpenDSObject

To specify another credentails, you need to replace GetObject by OpenDSObject

Const ADS_SECURE_AUTHENTICATION = 1
Set openDS = GetObject("LDAP:") 

Set objUser = openDS.OpenDSObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

Set objGroup = openDS.OpenDSObject("LDAP://CN=group1,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

objGroup.add(objUser.ADsPath) 

这篇关于使用备用凭据通过 VBscript 安全地操作 LDAP 对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！