cs_zpiboo
Messages postés46Date d'inscriptionvendredi 12 avril 2002StatutMembreDernière intervention11 juin 20031 5 déc. 2002 à 17:31
The ADSI WinNT provider allows you to communicate to a Windows NT® 4.0 directory. Since Windows 2000 maintains backward compatible, you can also communicate with Windows® 2000 machines using WinNT. However, we recommend that you use the LDAP provider to communicate with Windows 2000 domain controllers. For the Windows 2000 standalone server and Professional Edition, you must use the WinNT provider to access the directory.
WinNT supports local and remote accounts, services, computers, security management and other functionalities. With the ADSI 2.5 extension, you'll be able to extend the functionality. For more information on extension, click here.
Requirements
Install ADSI 2.5. To download the runtime, visit http://www.microsoft.com/adsi on Windows NT 4.0 or Windows 95. Note: If you have Windows 2000 machine, you don't need to install ADSI. ADSI is one of Windows 2000 built-in components.
You must have a Windows NT 4.0 or Windows 2000 or higher to connect to. The client and server may be on the same machine.
Set up your development environment.
How do I...
Bind
Binding to a Windows NT 4.0 domain directory
A Windows machine may participate in a domain. You must know the domain name to which you want to bind.
Binding to a Windows NT 4.0 local directory of a machine
Each Windows nt workstation and standalone server has its own directory. You use the Mini User Manager (or Windows 2000 Local User Manager) tool to manage it. You must know the machine name to which you want to bind.
Manage Users
Creating a User
Changing the User's Full Name and Description
Changing the User's Password
Setting the User's Password
Setting the User's Password Expiration Date
Making the User Change the Password at Next Logon
Preventing the User from changing the Password
Setting the User's Password so that it Never Expires
Disabling the User's Account
Setting the Expiration Date on the User's Account
Unlocking the User's Account
Setting the User's Home Directory and Home Drive Directory
Setting the User's Login Script
Getting the User's Primary Group
Getting the User's SID (Security ID)
Deleting a User
Renaming a User
Source code can be found in \samples\WinNT\User directory
Manage a Group
Creating a Group
Adding a User to a Group
Adding a Group to a Group
Enumerating Group in a Domain or Computer
Enumerating Group Membership
Removing a Member from the Group
Finding Out if a User or Group is a Member of a Group
Source code can be found in \samples\WinNT\Group directory.
Manage a Computer
Connecting to a Computer
Enumerating Services in a Computer
Displaying a Service's Properties
Stopping and Starting a Service
Enumerating File Shares in a Computer
Creating a File Share in a Computer
Deleting a File Share
Setting File Share Security
Enumerating Sessions in a Computer
Enumerating Resources in a Computer
Source code can be found in the \samples\WinNT\Computer directory.
Manage Printers
Enumerating Print Queues in a Computer
Listing Print Jobs in a Queue
Source code samples\WinNT\PrintQueue
Manage Files
Setting and Getting File Security
Bind to a Windows NT 4.0 Domain Directory
You must supply the Windows NT 4.0 domain name. ADSI will transparently connect to one of the domain controllers.
'-----------------------------------------------------
'--- BINDING TO A DOMAIN ---------------------------
'-----------------------------------------------------
domainName = "INDEPENDENCE"
userName = "Administrator"
password = "password"
'----Binding to a domain as currently logged on user
Set dom = GetObject("WinNT://" & domainName)
'- Enumerate object in a domain
For Each obj In dom
Debug.Print obj.Name & " (" & obj.Class & ")"
Next
'----Binding to a domain with alternate credentials
Set dso = GetObject("WinNT:")
Set dom = dso.OpenDSObject("WinNT://" & domainName, userName, password, ADS_SECURE_AUTHENTICATION)
'----Enumerating the object in a domain
For Each obj In dom
Debug.Print obj.Name & " (" & obj.Class & ")"
Next
For VBScript click here.
For VC++ Source Code, click here.
Back to top
Bind to a Windows NT 4.0 Local Directory on a Machine
'--------------------------------------------------
'--- BINDING TO A COMPUTER ---------------------
'--------------------------------------------------
computerName = "ADSI"
userName = "Administrator"
password = "password"
'--- Binding to a computer as currently logged on user
Set com = GetObject("WinNT://" & computerName & ",computer")
'- Enumerate object in a computer
For Each obj In com
Debug.Print obj.Name & " (" & obj.Class & ")"
Next
'--- Binding to a computer with alternate credentials
Set dso = GetObject("WinNT:")
Set com = dso.OpenDSObject("WinNT://" & computerName & ",computer", userName, password, ADS_SECURE_AUTHENTICATION)
'--- Enumerate object in a computer
For Each obj In com
Debug.Print obj.Name
Next
Back to top
Create a User
domainName = "INDEPENDENCE"
'--- Binding to a domain as currently logged on user
Set dom = GetObject("WinNT://" & domainName)
'--- Create user
Set usr = dom.Create("user", "JSmith")
usr.SetInfo
Back to top
Change the User's Full Name and Description
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.FullName = "John Smith"
usr.Description = "DSys WOSD Program Manager"
usr.SetInfo
Back to top
Change the User's Password
A user may change his/her own password, but not others. Administrators have privileges to change any user's password. ChangePassword requires an old password and the user must already exist in the directory, while SetPassword does not. Both functions do not require SetInfo to commit the changes.
'---- CHANGE PASSWORD ------
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.ChangePassword "secret", "password"
Back to top
Setting the User's Password
Administrators may reset the user password.
'---- SET PASSWORD ------
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.SetPassword "secret"
Back to top
Setting the User's Password Expiration Date
The password expiration date is a calculated field. The value is computed as follows:
If the user's "Password Never Expires" (UF_DONT_EXPIRE_PASSWD) f lag is set, then there's no need to compute an expiration date. The user password is valid.
If the user's flag is not set, then it computes the difference between when the password was last set and current time.
If the difference is greater or equal to the MaxPasswordAge found in the domain object, then the user's password is expired.
If the difference is less than MaxPasswordAge, then the user's password expiration date = user's password last set + MaxPasswordAge.
To get the user's password expiration date:
To set user's password expiration date, you set MaxPasswordAge in the domain object. Note that this will affect all users since the password expiration date is a calculated field from the domain object.
expInDay = 60&
expInSec = expInDay * (3600& * 24&)
Set dom = GetObject("WinNT://INDEPENDENCE")
dom.Put "MaxPasswordAge", CLng(expInSec)
dom.SetInfo
Back to top
Make a User Change the Password at Next Logon
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.Put "PasswordExpired", CLng(1)
usr.SetInfo
'-- To clear this flag (so that the user does not have to change the password at next logon)
usr.Put "PasswordExpired", CLng(0)
usr.SetInfo
Back to top
Prevent the User from Changing the Password
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.Put "userFlags", usr.Get("UserFlags") Or UF_PASSWORD_CANT_CHANGE
usr.SetInfo
'-----to clear this flag - use Xor : allow user to change his/her password
usr.Put "userFlags", usr.Get("UserFlags") Xor UF_PASSWORD_CANT_CHANGE
usr.SetInfo
Back to top
Prevent the User's Password from Expiring
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.Put "userFlags", usr.Get("UserFlags") Or UF_DONT_EXPIRE_PASSWD
usr.SetInfo
'---- To clear this flag - use XOr
usr.Put "userFlags", usr.Get("UserFlags") Xor UF_DONT_EXPIRE_PASSWD
usr.SetInfo
Back to top
Disable the User's Account
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.AccountDisabled = True 'disabled the account
usr.SetInfo
'---- To enabled an account
usr.AccountDisabled = False 'enabled the account
usr.SetInfo
Back to top
Set the User's Account Expiration Date
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
'--Set a user account expiration 90 days from now
usr.AccountExpirationDate = Now() + 90
usr.SetInfo
'-- to set account expiration to NEVER (default)
usr.AccountExpirationDate = "01/01/1970"
usr.SetInfo
Back to top
Unlock the User's Account
You can only set the account lockout to FALSE. Only the system can set the account lockout. You can also read the value of account lockout, but you can't lock the user's account.
'--- Unlocking the user's account ------------------
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user)
usr.IsAccountLocked = False
usr.SetInfo
Back to top
Set the User's Home Directory and Home Drive Directory
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.LoginScript = "LoginScriptHere"
usr.SetInfo
Back to top
Get the User's Primary Group
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
grpPrimaryID = usr.Get("PrimaryGroupID")
Back to top
Get the User's SID (Security ID)
Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
sid = usr.Get("objectSID")
For Each element In sid
Debug.Print Hex(element)
Next
Back to top
Rename a User
Renaming a user is similar to renaming an object.
Set dom = GetObject("WinNT://INDEPENDENCE")
Set usr = dom.MoveHere("WinNT://INDEPENDENCE/jsmith,user", "jjohnson")
usr.FullName = "Jane Johnson"
usr.SetInfo
Back to top
Delete a User
Deleting a user is similar to deleting an object.
Set dom = GetObject("WinNT://INDEPENDENCE")
dom.Delete "user", "jjohnson"
Back to top
Create a Group
'-----------------------------------------
'--- CREATING A LOCAL GROUP IN A DOMAIN
'-----------------------------------------
Set dom = GetObject("WinNT://INDEPENDENCE")
Set grp = dom.Create("group", "DSys")
grp.Put "groupType", ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP
grp.Description = "Distributed System Group"
grp.SetInfo
'-----------------------------------------
'--- CREATING A GLOBAL GROUP IN A DOMAIN
'-----------------------------------------
Set dom = GetObject("WinNT://INDEPENDENCE")
Set grp = dom.Create("group", "PM")
grp.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP
grp.Description = "Program Managers"
grp.SetInfo
'-----------------------------------------
'--- CREATING A LOCAL GROUP IN A COMPUTER
'-----------------------------------------
Set comp = GetObject("WinNT://SEATTLE,computer")
Set grp = comp.Create("group", "TheSmiths")
grp.Put "groupType", ADS_GROUP_TYPE_LOCAL_GROUP
grp.Description = "The Smiths Family Member"
grp.SetInfo
Back to top
Add a User to a Group
'----------------------------------------------------
'--- ADDING A USER IN A DOMAIN LOCAL or GLOBAL GROUP
'----------------------------------------------------
Set grp = GetObject("WinNT://INDEPENDENCE/DSys,group")
grp.Add ("WinNT://INDEPENDENCE/JSmith")
'-------------------------------------------------
'--- ADDING A USER IN A LOCAL GROUP IN A COMPUTER
'--------------------------------------------------
Set comp = GetObject("WinNT://SEATTLE,computer")
Set grp = comp.GetObject("group", "TheSmiths")
grp.Add ("WinNT://INDEPENDENCE/JSmith")
Back to top
Add a Group to a Group
Global group can be added to a local group in a Windows NT 4.0 domain. Note that in the Windows 2000 domain environment, you can nest a group.
Set grp = GetObject("WinNT://INDEPENDENCE/DSys,group")
grp.Add ("WinNT://INDEPENDENCE/PM,group")
Back to top
Enumerate Group in a Domain or Computer
'------------------------------------
' ENUMERATING GROUPS IN A DOMAIN
'------------------------------------
Set dom = GetObject("WinNT://INDEPENDENCE")
dom.Filter = Array("Group")
'--- Local Group
Debug.Print "Local Groups---"
For Each grp In dom
If (grp.GroupType = ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP) Then
Debug.Print grp.Name
End If
Next
'-- Global Group
Debug.Print "Global Groups---"
For Each grp In dom
If (grp.GroupType = ADS_GROUP_TYPE_GLOBAL_GROUP) Then
Debug.Print grp.Name
End If
Next
'---------------------------------------
' ENUMERATING GROUPS IN A COMPUTER
'---------------------------------------
Set comp = GetObject("WinNT://SEATTLE,computer")
comp.Filter = Array("Group")
'All groups in a computer is a local group
Debug.Print "Groups:"
For Each grp In comp
Debug.Print grp.Name
Next
Back to top
Enumerate Group Membership
'------------------------------------
' ENUMERATING GROUP MEMBERSHIP
'------------------------------------
Set grp = GetObject("WinNT://INDEPENDENCE/DSys,group")
For Each member In grp.Members
Debug.Print member.Name & " (" & member.Class & ")"
'A local group may contain a global group
'We can enumerate the global group membership as well
If (member.Class = "Group") Then
For Each obj In member.Members
Debug.Print " " & obj.Name & " (" & obj.Class & ")"
Next
End If
Next
Back to top
Remove Member from Group
'-----------------------------------------------------
' REMOVING MEMBER FROM A GROUP
'-----------------------------------------------------
Set grp = GetObject("WinNT://INDEPENDENCE/PM,group")
grp.Remove ("WinNT://INDEPENDENCE/ChristyH")
Back to top
Find Out if a User or Group is a Member of a Group
'---------------------------------------------------
' IS MEMBER
'---------------------------------------------------
Set grp = GetObject("WinNT://INDEPENDENCE/DSys,group")
If (grp.IsMember("WinNT://INDEPENDENCE/JSmith")) Then
Debug.Print "Yes"
Else
Debug.Print "No"
End If
'-------------------------------------------
'--- ENUMERATE SERVICES IN A COMPUTER
'-------------------------------------------
Set comp = GetObject("WinNT://INDEPENDENCE/SEATTLE,computer")
comp.Filter = Array("Service")
For Each svc In comp
Debug.Print svc.Name & " " & svc.DisplayName
Next
Select Case svc.StartType
Case SERVICE_BOOT_START
s = s + "Boot Start"
Case SERVICE_SYSTEM_START
s = s + "System Start"
Case SERVICE_AUTO_START
s = s + "Automatic"
Case SERVICE_DEMAND_START
s = s + "Manual"
Case SERVICE_DISABLED
s = s + "Disabled"
Case Else
s = s + "Unknown"
End Select
Debug.Print s
'Dependencies
Debug.Print "Dependencies: "
For Each dpc In svc.Dependencies
Debug.Print " " & dpc
Next
'Service Type
s = "Service Type: "
Select Case svc.ServiceType
Case SERVICE_KERNEL_DRIVER
s = s + "Kernel Driver"
Case SERVICE_FILE_SYSTEM_DRIVER
s = s + "File System Driver"
Case SERVICE_ADAPTER
s = s + "Adapter"
Case SERVICE_RECOGNIZER_DRIVER
s = s + "Recognizer Driver"
Case SERVICE_WIN32_OWN_PROCESS
s = s + "Win32 Process"
Case SERVICE_WIN32_SHARE_PROCESS
s = s + "Win32 Share Process"
Case SERVICE_WIN32
s = s + "Win32"
Case SERVICE_INTERACTIVE_PROCESS
s = s + "Interactive Process"
End Select
Debug.Print s
'Error Control
s = "Error Control: "
Select Case svc.ErrorControl
Case SERVICE_ERROR_IGNORE
s = s + "Service ignores error"
Case SERVICE_ERROR_NORMAL
s = s + "No Error"
Case SERVICE_ERROR_SEVERE
s = s + "Severe error"
Case SERVICE_ERROR_CRITICAL
s = s + "Critical error"
Case Else
s = s + "Unknown"
End Select
Debug.Print s
Back to top
Stop, Start, and Pause a Service
'----------------------------------------------
'--- STOPPING, STARTING, AND PAUSING A SERVICE
'-----------------------------------------------
Set comp = GetObject("WinNT://SEATTLE,computer")
Set svcOp = comp.GetObject("Service", "Browser")
'Stopping
svcOp.Stop
'Starting
svcOp.Start
'Pausing
svcOp.Pause
Back to top
Enumerate File Shares in a Computer
'-----------------------------------------------
'---- ENUMERATING FILE SHARES IN A COMPUTER
'-----------------------------------------------
Set comp = GetObject("WinNT://SEATTLE,computer")
Set svc = GetObject(comp.ADsPath & "/" & "LanmanServer")
For Each fileShare In svc
Debug.Print fileShare.Name & " " & " " & fileShare.CurrentUserCount & " " & fileShare.Path
Next
Back to top
Create a File Share in a Computer
'------------------------------------------
'---- CREATING A FILE SHARE IN A COMPUTER
'-------------------------------------------
Set comp = GetObject("WinNT://SEATTLE,computer")
Set svc = GetObject(comp.ADsPath & "/" & "LanmanServer")
Set fileShare = svc.Create("FileShare", "public")
fileShare.Path = "c:\public"
fileShare.SetInfo
Extrait du SDK ADSI 2.5 de microsoft.
Il faut avoir installe active Directory Service Library