使用VBScript安全LDAP对象的操作使用备用凭据 [英] Secure LDAP object manipulation with VBscript using alternate credentials

问题描述

我知道使用ADsDSOobject有明确的凭据连接到AD对象读取属性列表成员等，以及的getObject（LDAP // ......）方法操纵这些对象（添加组成员，更改属性等），但有没有办法来操作的属性和成员有明确凭据？

I'm aware of using ADsDSOobject with explicit credentials to connect to an AD object to read attributes, list members, etc. And the GetObject("LDAP//...") method for manipulating those objects (adding group members, changing properties, etc.), but is there a way to manipulate attributes and memberships with explicit credentials?

第一种方法，我指的是一样的东西......

The first method I'm referring to is something like...

Set conn = Server.CreateObject("ADODB.Connection")
Set cmd = Server.CreateObject("ADODB.Command")
conn.Provider = "ADsDSOobject"
conn.Properties("User ID") = AD_Username
conn.Properties("Password") = AD_Password
conn.Properties("Encrypt Password") = True
conn.Open "Active Directory Provider"
Set cmd.ActiveConnection = conn

但没有执行任务，如将用户添加到域组可以使用这种方法，因为据我所知的脚本示例。有没有办法做到这一点不知？

But none of the script examples that perform tasks like adding a user to a domain group can use this approach as far as I know. Is there a way to do that somehow?

推荐答案

在VBScript中，很多时候，你正在使用ADSI将用户添加到组。下面是一个示例code将用户添加到域集团

In VBScript, very often, you are using ADSI to add user to group. Here is a sample code to add a user to a domain group

Set objUser = GetObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com")
Set objGroup = GetObject("LDAP://CN=group1,DC=fabrikam,DC=com")
objGroup.add(objUser.ADsPath) 

它工作正常，但它总是使用当前用户credentails。这是因为 GetObject的不允许您指定备用凭据。

It works fine but it's always using your current user credentails. It's because GetObject doesn't allow you to specify alternate credentials.

要指定其他credentails，则需要更换 GetObject的通过的 OpenDSObject

To specify another credentails, you need to replace GetObject by OpenDSObject

Const ADS_SECURE_AUTHENTICATION = 1
Set openDS = GetObject("LDAP:") 

Set objUser = openDS.OpenDSObject("LDAP://CN=jeffsmith,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

Set objGroup = openDS.OpenDSObject("LDAP://CN=group1,DC=fabrikam,DC=com",
    "username", 
    "password",
    ADS_SECURE_AUTHENTICATION)

objGroup.add(objUser.ADsPath) 

这篇关于使用VBScript安全LDAP对象的操作使用备用凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！