次の方法で共有


ADSI Overview

Microsoft® Windows® 2000 Scripting Guide

Obtaining the skills necessary to successfully script directory administration tasks is not difficult. In fact, of all the required scripting skills, scripting with Active Directory Service Interfaces (ADSI) is perhaps the easiest to master. This is largely a result of the consistent and uniform approach ADSI brings to directory services management.

An Introductory Example

Consider the following scenario: It is Friday morning, and you plan to have a great weekend followed by a weeklong vacation. You then receive an urgent e-mail message from your boss telling you that a group of consultants will be working in the lab starting Monday morning. Their task is to load-test their application by logging on to this application using 1,000 different user accounts. The application is tightly integrated with Active Directory.

Your task is to set up an Active Directory domain on a computer running Microsoft® Windows® 2000 and create 1,000 user accounts in the Users container of the new domain. Installing Microsoft® Windows® 2000 Advanced Server and Active Directory is simple because you already have automated installation procedures in place.

But how are you going to create 1,000 user accounts and still get all of your daily work done before your planned hiatus? This is one of the many times that ADSI scripting can help you accomplish a potentially tedious and lengthy task. The script in Listing 5.1 creates 1,000 user accounts named UserNo1 - UserNo1000.

Listing 5.1 Creating 1,000 Active Directory User Accounts

  
1
2
3
4
5
6
7
8
9
10
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
 objRootDSE.Get("defaultNamingContext"))
For i = 1 To 1000
 Set objLeaf = objContainer.Create("User", "cn=UserNo" & i)
 objLeaf.Put "sAMAccountName", "UserNo" & i
 objLeaf.SetInfo
Next
Wscript.Echo "1000 Users created."

Caution

  • Do not run the script in Listing 5.1 in a production domain. By default, the script creates 1,000 user accounts in the current logon domain.

It might take this script up to five minutes to run if a slow domain controller is servicing the request. Even this amount of delay is minuscule compared with how long it would take you to create 1,000 user accounts manually.

Directory Service Management

The script in Listing 5.1 is powerful but represents only a single task, creating user accounts. Using ADSI scripts, you can complete countless Active Directory administration tasks. Simply put, Active Directory administration involves managing the life cycle of directory objects from initial creation (as demonstrated in Listing 5.1) to deletion. Active Directory includes objects such as user accounts, groups, computers, and sites. The four common task categories and some example tasks involved in the life cycle of objects are:

  1. Create. Creating user accounts, groups, organizational units (OUs), computer accounts, sites, subnets, published printers, and shared folders.

  2. Modify. Adding a telephone number to a user account, deleting a member from a group, resetting a password, disabling a computer account, and delegating control of an OU or a site to a user or group.

  3. Read. Reading the full name of a user account, reading a list of group members or a list of users in an OU, and reading operating system information from computer account objects.

  4. Delete. Deleting objects that are no longer in use, such as user accounts, groups, and OUs.

What makes using ADSI scripts a powerful and efficient way to manage Active Directory is the consistent approach ADSI provides for performing similar tasks on different types of objects. This consistency carries over from one major task category to the next. For example, you use the same basic approach to create a user, group, OU, or almost any object stored in Active Directory.

The same is true for modifying and reading Active Directory objects: You use the same basic steps to modify and read objects without regard to the target object's type. Finally, you use the same steps to delete objects, again regardless of the target object's type.