calin radoni's humble web presence

home

docs

toolbox

about

LDAP Authentication to Active Directory in VBScript

Intro
The code...
Script Usage
History
Copyright and License
Disclaimer

Intro

Today a friend has asked me how to do it. So I have done it.
This is my second attempt to use VBScript so the code may not be very VBScriptish. However, it works.

His problem was how to specify the canonical name of the user when you have multiple organizational units and the users are distributed among those organizational units.
To simplify things, and avoid an AD search, I have used the ADS_SECURE_AUTHENTICATION attribute for calling the OpenDSObject method of the IADsOpenDSObject interface. It is needless to say that this attribute offers an extra security.

The code...

... is way too simple. However there are some tricks:

do NOT forget to use the ADS_SECURE_AUTHENTICATION attribute!
specify the user name as a Canonical Name (like "John Doe") or as a User Principal Name (like "john.doe@calinradoni.local")

And the code is...

Set args = WScript.Arguments

userName = args.item(0)
userPass = args.item(1)

' Replace <yourLdapServer> with something like:
'     - your domain name, (example: calinradoni.local)
'     - the name of a DC in your domain, (example: dc47.calinradoni.local)
'     - the IP Address of a DC in your domain
ldapServer = "<yourLdapServer>"

sRoot = "LDAP://" & ldapServer

Set dso = GetObject("LDAP:")

On Error Resume Next
Set xResult = dso.OpenDSObject(sRoot, userName, userPass, ADS_SECURE_AUTHENTICATION)

WScript.Echo "Result: " & Err.number

...without further comments.

Script Usage

The script needs two parameters. Beeing just a demonstration script no error checking is performed (for input parameters).
From a command prompt, the usage is as follow:

cscript <scriptName> <userName> <password>

where:

<scriptName> is the name of the file where you have saved the previous script (example: ldapAuth.vbs);
<userName> is the user name specified as a Canonical Name or a User Principal Name. If you specify the user name as a Canonical Name and it includes space character(s) do not forget to surround it with quotes;
<password> the password, what else.

If the username / password pair is correct the result should be zero.

History

13 February 2007, First version.

Copyright and License

Disclaimer

No liability for the contents of this document can be accepted. Use the concepts, examples and information at your own risk. There may be errors and inaccuracies that could be damaging to your system. Proceed with caution, the author do not take any responsibility.

All copyrights are held by their respective owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.

Hosted on http://www.oocities.org/calinradoni

Last page modification is 13 February 2007