|
|
|
|
Almost any characters can be used in Distinguished Names. However, some must be escaped with the backslash "\" escape character. Active Directory requires that the following characters be escaped: The comma: "," The backslash character: "\" The pound sign character: "#" The plus sign: "+" The less than symbol: "<" The greater than symbol: ">" The semicolon: ";" The double quote character: " The equal sign: "=" In addition, ADSI requires that the forward slash character "/" also be escaped. The nine characters above, plus the forward slash, must be escaped in VBScript programs. If you view attribute values with ADSI Edit you will see the nine characters above escaped, but not the forward slash. Utilities (like adfind.exe) that do not use ADSI need to have the nine characters above escaped, but not the forward slash. For example, the following table shows example names that can appear in ADUC and the corresponding Relative Distinguished Names. The characters in the list above must be escaped in the Relative Distinguished Names (and the Distinguished Names):
Some characters that are allowed in Distinguished Names and do not need to be escaped include: * ( ) . & - _ [ ] ` ~ | @ $ % ^ & ? : | Characters that are not allowed in sAMAccountName's, but are allowed in Common Names: [ ] : ; | = + ? < > * " If you are binding to an object and specifying the Distinguished Name in the binding string, the characters listed above must be escaped with the backslash escape character. For example: Set objUser
= GetObject("LDAP://cn=Wilson\, Fred,ou=Sales,dc=MyDomain,dc=com") If you use the NameTranslate object to convert the NT name (NetBIOS name) of an object to the Distinguished Name, these characters will already be escaped by NameTranslate, except for the forward slash character. If the Distinguished Name has the "/" character, you must replace it with "\/" to avoid an error when you bind to the object. For example: ' Constants for the NameTranslate object. Const
ADS_NAME_INITTYPE_GC = 3 objTrans.Init ADS_NAME_INITTYPE_GC, "" strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Replace any "/" characters with "\/". ' All other characters that need to be escaped already are escaped. strUserDN = Replace(strUserDN, "/", "\/") The same thing happens if you use ADO to retrieve the value of the distinguishedName attribute. All characters will be properly escaped except any "/" characters. For example: ' Setup ADO objects. Set
adoCommand = CreateObject("ADODB.Command")
' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain
= objRootDSE.Get("defaultNamingContext") ' Filter on
user objects.
' Comma
delimited list of attribute values to retrieve.
' Construct
the LDAP syntax query.
' Run the
query. ' Enumerate
the resulting recordset.
' Retrieve values. ' Replace any "/" characters with "\/". ' All other characters that need to be escaped already are escaped. strDN = Replace(strDN, "/", "\/") ' Bind to user object. Set objUser = GetObject("LDAP://" & strDN) Wscript.Echo "NT Name: " & objUser.sAMAccountName _ & ", First Name: " & objUser.givenName _ & ", Last Name: " & objUser.sn
' Move to the next record in the recordset.
' Clean up. adoRecordset.Close adoConnection.Close |
Send mail to
HilltopLab@RLMueller.Net with questions or comments about this web site.
|