COM + USERS
Moderator: General Moderators
COM + USERS
has anyone tried to use the COM support to manage users on active directory servers?
It should be possible, however, I am having issues with authentication when trying to instatiate a new user object via.
COM("http://domain/Username,user")
It should be possible, however, I am having issues with authentication when trying to instatiate a new user object via.
COM("http://domain/Username,user")
Re: COM + USERS
I think phpbuilder.com had an article on this. You may want to take a look over there some time.NoReason wrote:has anyone tried to use the COM support to manage users on active directory servers?
It should be possible, however, I am having issues with authentication when trying to instatiate a new user object via.
COM("http://domain/Username,user")
Cheers,
BDKR
yes ..
Using openSSH for windows to do the transerfers.
Here is some of the code .. Its php that creates a vb file which is then scp'd to the remote AD server, then ssh executed.
Using openSSH for windows to do the transerfers.
Here is some of the code .. Its php that creates a vb file which is then scp'd to the remote AD server, then ssh executed.
Code: Select all
<?
mssql_connect($_mssqlї"Hostname"], $_mssqlї"Username"], $_mssqlї"Password"]) or die("Connection Failed To Respond.");
mssql_select_db($_mssqlї"Database"]) or die("DataBase Not Found");
$FP = fopen('C:\Admin Scripts\ActiveDirectory\ScriptToRun\ActiveDirectoryMerge.vbs','w');
fputs($FP,'
set RootDSE = GetObject("LDAP://RootDSE")
set Container = GetObject("LDAP://ou=Imports, ou=Users, ou=Floor, " & RootDSE.Get("defaultNamingContext"))
on Error Resume Next
err.Clear
');
$query_string = "Select * from Query";
$results = mssql_query($query_string);
while( $row = mssql_fetch_assoc($results) )
{
$UserID = $rowї'UserID'];
$Password = $rowї'Password'];
$Username = $rowї'Username'];
$PersonNumber = $rowї'PersonNumber'];
$FirstName = $rowї'FirstName'];
$LastName = $rowї'LastName'];
$DomainName = $rowї'DomainName'];
$Fileserver = $rowї'HostName'];
$AccountInactive = $rowї'AccountInactive'];
$FullName = $FirstName." ".$LastName;
$UserPrincipal = $Username."@cdis.org";
$UserObject = "WinNT://".$DomainName."/".$Username.",user";
$HomeDirectory = "\"e;.$Fileserver.".".$DomainName.""e;.$Username;
$ProfilePath= "\"e;.$Fileserver.".".$DomainName."\profiles"e;.$Username;
fputs($FP,'
set NewUser = Container.Create("User","cn='.$Username.'")
NewUser.Put "sAMAccountName","'.$Username.'"
');
fputs($FP,'
NewUser.Put "homeDirectory","'.$HomeDirectory.'"
NewUser.Put "homeDrive","H:"
NewUser.Put "profilePath","'.$ProfilePath.'"
NewUser.Put "mail","'.$StudentMail.'"
');
fputs($FP,'
NewUser.Put "name","'.$FullName.'"
NewUser.Put "displayName","'.$FullName.'"
NewUser.Put "givenName","'.$FirstName.'"
NewUser.Put "sn","'.$LastName.'"
NewUser.Put "userPrincipalName","'.$UserPrincipal.'"
NewUser.SetInfo
Set User = GetObject("'.$UserObject.'")
Call User.SetPassword("'.$Password.'")
');
if( $AccountInactive == 1 )
{
fputs($FP,'
User.AccountDisabled = True
');
}
else
{
fputs($FP,'
User.AccountDisabled = False
');
}
fputs($FP,'
User.SetInfo
WScript.Sleep 500
');
}
//Modified Accounts
$query_string = "Select * from Query";
$results = mssql_query($query_string);
while( $row = mssql_fetch_assoc($results) )
{
$Password = $rowї'Password'];
$Username = $rowї'Username'];
$DomainName = $rowї'DomainName'];
$AccountInactive= $rowї'AccountInactive'];
$UserObject = "WinNT://".$DomainName."/".$Username.",user";
fputs($FP,'
Set User = GetObject("'.$UserObject.'")
Call User.SetPassword("'.$Password.'")
');
if( $AccountInactive == 1 )
{
fputs($FP,'
User.AccountDisabled = True
User.SetInfo
WScript.Sleep 500
');
}
else
{
fputs($FP,'
User.AccountDisabled = False
User.SetInfo
WScript.Sleep 500
');
}
}
fclose($FP);can't you access the remote server directly with php's ldap functions skipping this com-thing?
I meant accessing the ldap server directly, without adsi 
On the other hand, if you insist using adsi:
On the other hand, if you insist using adsi:
"or it must use an ADsPath with a fully-qualified DNS server name..." that's probably the part you're interested in.Platform SDK: Directory Services wrote:If Kerberos authentication is required for the successful completion of a specific directory request, the binding string must use either a serverless ADsPath, such as "LDAP://CN=John Doe, CN=admin, DC=Fabrikam, DC=com", or it must use an ADsPath with a fully-qualified DNS server name, such as "LDAP://central3.corp.Fabrikam.com/CN=John Doe, CN=admin, DC=Fabrikam, DC=com". Binding to the server using a flat NETBIOS name or a short DNS name (e.g. using the short name "central3" instead of "central3.corp.Fabrikam.com") may or may not yield Kerberos authentication.
with a ldap/128-bit-ssl connection you can modify the ad-stored password.
Nevertheless, did you try the full qualified name with the credentials in your visual basic application (without transfering it to the remote server)?
With the odbc-bridge you can easily access the mysql-database from vb.
Afaik(!) there is nothing like GetObject (getting a reference of a running instance) in php, the new COM() construct always calls CreateInstance (almost the same as CreateObject in VB)
Nevertheless, did you try the full qualified name with the credentials in your visual basic application (without transfering it to the remote server)?
With the odbc-bridge you can easily access the mysql-database from vb.
Afaik(!) there is nothing like GetObject (getting a reference of a running instance) in php, the new COM() construct always calls CreateInstance (almost the same as CreateObject in VB)