ADsOpenObject() defaultNamingContext or distinguishedName?

Martyr · 27-02-2009 02:07PM #1

i'm writing a simple LDAP tool using the windows Active directory interfaces and was wondering what the difference was between the "defaultNamingContext" and "distinguishedName" properties, since they seem to be the same thing?

some code for local domain here

for RootDSE (local domain) "defaultNamingContext" property is there.. but if i use alternative domain..this doesn't seem to exist, and i use "distinguishedName" property instead.

[PHP]
// Initialize COM.
CoInitialize(NULL);
HRESULT hr = S_OK;
// Get rootDSE and the current user domain container distinguished name.
IADs *pObject = NULL;
IDirectorySearch *pContainerToSearch = NULL;
LPOLESTR szPath = new OLECHAR[MAX_PATH];
VARIANT var;

hr = ADsOpenObject(L"LDAP://rootDSE",
NULL,
NULL,
ADS_SECURE_AUTHENTICATION, // Use Secure Authentication.
IID_IADs,
(void**)&pObject);
}
if (SUCCEEDED(hr))
{
hr = pObject->Get(_bstr_t("defaultNamingContext"),&var);
if (SUCCEEDED(hr))
{
// Build path to the domain container.
wcsncpy_s(szPath,L"LDAP://",MAX_PATH);
wcsncat_s(szPath,var.bstrVal,MAX_PATH-wcslen(szPath));
hr = ADsOpenObject(szPath,
NULL,
NULL,
ADS_SECURE_AUTHENTICATION, // Use Secure Authentication.
IID_IDirectorySearch,
(void**)&pContainerToSearch);
[/PHP]

when specifying alternate domain, i need to replace Get() method with:
[PHP]
hr = pObject->Get(_bstr_t("distinguishedName"),&var);[/PHP]

can anyone tell me what the difference is? just curious and don't know much about active directory.

Ginger · 27-02-2009 06:08PM

If you are using Windows 2003R2 there is a nifty tool called ADAM which sits on top of the AD

In that defaultNamingContext is blank unless you specify it whereas DistinguishedName will always have the LDAP string

See here

http://technet.microsoft.com/en-us/library/cc737176.aspx

Ginger · 27-02-2009 06:12PM

And is there any reason you arent using .NET ... the interaction is way easier?

http://www.codeproject.com/KB/system/everythingInAD.aspx

Martyr · 28-02-2009 03:26PM

Thanks Ginger.

i'm not a programmer - just write some code now and then for fun and i haven't taken the time to learn .NET so far.

Ginger · 28-02-2009 03:59PM

No worries, its just easier to read even in C# and easier to work with

Martyr · 01-06-2009 12:00AM

i've hit another issue, this time using different set of api.

using the LDAP functions part of windows, there doesn't appear to be a way of retrieving the base DN (distinguishedName) or defaultNamingContext using any of the API.

1 way to solve this was to make a query of "(&(ObjectClass=*))" returning attribules of "defaultNamingContext" but this also requires using ldap_first_entry()/ldap_next_entry(), ldap_first_attribute()/ldap_count_entries()..etc very painful for just a simple piece of information.

an easier way was to use LDAP_OPT_DNSDOMAIN_NAME to ldap_get_option() and parse this value into a DN, but i'm not sure if this would be valid against all LDAP servers.

other api seem to have LDAP_OPT_DEFBASE as an option, but windows doesn't..

anyone any clue on how to get the base DN of a server using the windows LDAP api?

Martyr · 02-06-2009 04:31AM

just incase anyone asks same question.

in section 3 of RFC 2247, "Mapping Domain Names into Distinguished Names"

ADsOpenObject() defaultNamingContext or distinguishedName?

Welcome!

Comments

Welcome!