11

I would like to access the company server's Active Directory so I can write a simple phonebook program. It would seem that I need to use LDAP to connect to it in order to grab a recordset. Is there anyway to figure out what the LDAP URL is based on settings and properties in Outlook (or otherwise)?

Can some one help me to understand these Ldap field and to fill the values!

Thanks

alt text

Raedwald
  • 46,613
  • 43
  • 151
  • 237
NaV
  • 703
  • 4
  • 9
  • 19
  • 1
    I don't know how much details you need to know. I also don't know what kind of tools you are using. Here is a short explanation on each fields. URI is to let you find the LDAP server. Normally, it should be ldap://yourdc.yourdomain.com See my answer for how to find yourdc in AD on your workstation. Manager DN should be the user account that you are going to use to logon the LDAP server. Each user account has an object on LDAP server. Each object has a Distinguished Name (DN). You need to use LDAP Browser or ADSIedit to find out your user account's DN. I can't write too long in comment – Harvey Kwok Jan 05 '11 at 20:05

3 Answers3

18

I am assuming you are writing VBA. In Outlook, you can use ADO to make the query against the LDAP provider. The query is composed of four parts

  1. Base path
  2. Search filter
  3. attributes returned in the recordset
  4. Search scope.

The LDAP URL that you meantioned is actually the base path of the LDAP query. You can use ADSIedit to get the base path in your local domain. Normally, if your domain is called abc.com, your base path should be something like LDAP://abc.com/DC=abc,DC=com. However, it's not always the case. Active Directory allows you to name an Active Directory domain different from the DNS domain, although most of the time, they are the same. This configuration is called disjoint namespace.

For the disjoint namespace case, to find out the correct base path, you can install ADSIedit from Windows 2003 support tools. Launch the ADSIEdit by typing adsiedit.msc in command line. Right click the ADSIEdit node and click "Connect to". Then, select the naming context "RootDSE" and leave all other settings as default to connect to the local domain. If your machine is joined to the domain already, you should be automatically connected to that domain. In the top RootDSE node, you should also see what domain controller you are connected to now. Mark down the FQDN of the connected domain controller. It should be something like dc1.yourdomain.com. Then, Expand the top "RootDSE" node and you will see another "RootDSE" folder node underneath. Right click and click properties. Find the defaultNamingContext. It should be something like DC=yourdomain,DC=com.

With the domain controller name and the default naming context, you can create your base path, it should be LDAP://domain controller/default naming context

Sometimes you see people putting in FQDN domain name instead of domain controller name in the LDAP base path. This is legitmate only if the A record of the domain exists on the DNS server. I don't recommend using domain name. However, if you really don't want to specify a specific domain controller, you can consider to use serverless binding. LDAP://default naming context. It's an Active Directory feature. It doesn't work on other LDAP servers. You can use serverless binding only if you are running as a domain user. When you use a serverless binding, the LDAP query will simply pick the next available domain controller in the site for you. In this way, you reduce the chances of overloading that server with requests. However, this also makes your result less predictable because sometimes the data is not yet replicated from one domain controller to another domain controller.

Just a side note, I am suggesting you to use the domain naming context as your search base path because I assume you want to search all the users under your domain. You can always pick some other containers as your base path. For example, LDAP://yourdomain.com/CN=Users,DC=yourdomain,DC=com. Then, the search will be done only under the Users container in your domain.

Harvey Kwok
  • 11,713
  • 6
  • 37
  • 59
6

An alternative quick lookup is to run nslookup from Windows - Run

This should give you the Default Server. See here for more info:

https://serverfault.com/questions/78089/find-name-of-active-directory-domain-controller

You can then connect with AD Explorer (http://technet.microsoft.com/en-ca/sysinternals/bb963907.aspx) to make sure that it is correct.

Community
  • 1
  • 1
opticyclic
  • 7,412
  • 12
  • 81
  • 155
2

Building on Harvey's answer, if you need to do this on a Windows 7 computer, you will need Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1).

Open the start menu, there may be a menu called 'Administrative Tools' on the right-hand side. If so, it should have 'ADSI Edit' in it.

If the menu is not available, or if ADSI Edit is not in the menu, Then follow the following (annotated) instructions from Windows help:

Click Start, click Control Panel, and then click Programs.

In the Programs and Features area, click Turn Windows features on or off.

If you are prompted by User Account Control to allow the Windows Features dialog box to open, click Continue.

In the Windows Features dialog box, expand Remote Server Administration Tools.

Select the remote management tools that you want to install (Role administration tools > AD DS and AD LDS tools > AD DS Tools > Active Directory Administration Center), and then click OK.

Configure the Start menu to display the Administration Tools shortcut, if it is not already there.

Right-click Start, and then click Properties.

On the Start Menu tab, click Customize.

In the Customize Start Menu dialog box, scroll down to System Administrative Tools, and then select Display on the All Programs menu and the Start menu. Click OK.

Shortcuts for snap-ins installed by Remote Server Administration Tools (including ADSI Edit) for Windows 7 are added to the Administrative Tools list on the Start menu.

Martin Pain
  • 713
  • 4
  • 18