Binding to Active Directory objects with the WinNT provider

To access the properties and methods of an object, you need to bind to it. This creates a reference to the object. You bind to Active Directory objects in VBScript with a "Set" statement, using the GetObject method. GetObject requires a "binding string", which is a text string that uniquely specifies the object in Active Directory. This is also referred to as the AdsPath of the object. Below are examples of statements that bind to objects with the WinNT provider. The binding string is the string in quotes.

Set objComputer = GetObject("WinNT://MyDomain/Idaho,computer")
Set objGroup = GetObject("WinNT://MyComputer/TestGroup,group")
Set objUser = GetObject("WinNT://MyDC/MyDomain/JSmith,user")


WinNT: The provider (case sensitive)
objComputer, objGroup, objUser Variable referring to the object
Idaho, TestGroup, JSmith Name of the object (Relative Distinguished Name)
MyDomain The NetBIOS domain name
user, group, computer The object class, which is optional
MyComputer A computer name
MyDC The name of a domain controller

In the examples above, objComputer refers to a computer object in Active Directory. This computer has the name "Idaho" in the "MyDomain" domain. objGroup refers to a local group object with the name "TestGroup" on the computer "MyComputer". objUser refers to a user object with the name "JSmith" in the domain "MyDomain", but we are specifically retrieving the user object from the copy of Active Directory on the Domain Controller "MyDC". Ordinarily, you would avoid specifying a specific domain controller.

The "Name" attribute exposed by the WinNT provider is sometimes called the "NT name", because it is the name used in NT networks. It is the pre-Windows 2000 logon name of user objects. The actual Active Directory attribute is "sAMAccountName". If you were to bind to the same object with the LDAP provider, you would refer to the same attribute as "sAMAccountName". The "sAMAccountName" attribute of any object must be unique in the domain.