Active Directory Programming

Description

• Copyright 2000
• Dimensions: 7.375 X 9.125
• Pages: 870
• Edition: 1st

• Book
• ISBN-10: 0-672-31587-4
• ISBN-13: 978-0-672-31587-9

Active Directory Programming provides you with all the information needed to tap into the Active Directory from your own programs. After being provided with the groundwork of how the Active Directory works, you will be taught both how to design and how to create Active Directory enabled applications. This includes detailed discussions on the different programming interfaces that can be used. The book also contains ADSI and LDAP references that make this a handy resource when you are implementing Active Directory solutions. Coverage includes: Active Directory Fundamentals, Accessing Active Directory with LDAP, Accessing Active Directory with the Active Directory Services Interface (ADSI), The Contents of Active Directory, Active Directory Security, and more.



Sample Content

Table of Contents

Introduction.

I. ACTIVE DIRECTORY FUNDAMENTALS.

1. An Introduction to Network Directories.

What's a Directory?

Simple Directories. Application Directories. Standalone Network Directories. NOS-Integrated Directories. Global Directories.

1999-The Year of the Directory? Why Directories?

Single Sign-on. Security. Device Identification and Location. Location Independence. Global Address Book. Simplified Administration. Reliability. Quality of Service and the DEN Initiative.

Directories-The Technical Challenge.

The Requirements for a Successful Directory. The Solutions.

2. An Introduction to Active Directory.

Active Directory: The Directory for Windows 2000.

Standards-Based. Scalable. Secure. Integrated and Integratable. Extensible Schema. Backward-Compatible.

Integration with Windows 2000. Integration with Other Microsoft Products.

Microsoft Exchange. Zero Administration Windows and Active Directory.

Integration with Other Directory Services. Active Directory Versus Windows NT 4 Domains. Active Directory Versus Novell Directory Services.

3. The Components of Active Directory.

The Logical Structure of Active Directory.

Active Directory Is a Collection of Objects. Classes of Objects. Attributes and Values. The Active Directory Schema. The Directory Information Tree. Identifying Directory Objects. Organizing the Directory Tree. The Root Domain, Domain Trees, and Forests. The Domain Naming System and Active Directory Domains.

The Physical Structure of Active Directory.

Domain Controllers. Partitions and Replicas. Global Catalogs. Active Directory Replication. Active Directory Sites.

4. Active Directory Security.

Overview of Windows 2000 Security.

The Features of Windows 2000 Security. The Components of Windows 2000 Security. Default Access Rights. Evaluating Access Rights.

Windows 2000 Security and Active Directory.

Domain Controllers and the Local Security Authority. Active Directory Domains. Domain Trusts. Access Rights Inheritance. Default Access Rights. Default Owner. Property and Property Group Access Rights. Extending Windows 2000 Security with Private Object Security. Security Descriptors as Strings.

Programming Active Directory Security.

Active Directory Security Attributes. Active Directory Security and LDAP. Active Directory Security and ADSI.

5. Active Directory and DNS.

The Origins of DNS and DNS Basics. DNS Domains. DNS Zones. Host Names. Name Servers. Primary and Secondary DNS Servers. DNS Records. Name Resolution. Updating. Why DNS? Active Directory and.

How DNS Defines the Active Directory Domain Structure. Locating Domain Controllers with. Active Directory: Integrated DNS Servers. Finding DNS Zone Information in Active Directory and Where It Is Stored.

II. THE CONTENTS OF ACTIVE DIRECTORY.

6. Active Directory Operational Attributes.

RootDSE.

configurationNamingContext. currentTime. defaultNamingContext. dnsHostName. dsServiceName. highestCommittedUSN. ldapServiceName. namingContexts. rootDomainNamingContext. schemaNamingContext. serverName. subschemaSubentry. supportedControl. supportedLDAPPolicies. supportedLDAPVersion. supportedSASLMechanisms.

Operational Attributes on Active Directory Objects.

allowedAttributes. allowedAttributesEffective. allowedChildClasses. allowedChildClassesEffective. canonicalName. createTimeStamp. dITContentRules. extendedAttributeInfo. extendedClassInfo. modifyTimeStamp. objectClasses. sDRightsEffective.

7. The Active Directory Domain Structure.

LDAP Directory Hierarchy.

Container Objects. Leaf Objects. Hierarchical Object Names. Naming Contexts. Partitions and Replicas.

Windows NT Domains.

Active Directory Domains. Domain Trusts.

DNSDomain. Active Directory Trees and Forests. The Root Domain. Domain Controllers and Replicas. Sites.

8. The Configuration Naming Context.

A Quick Tour of the Configuration Naming Context.

The Configuration Container Object. DisplaySpecifiers. ExtendedRights. LostAndFoundConfig. Partitions. Schema. Services. Sites. WellKnownSecurityPrincipals.

9. The Active Directory Schema.

Introduction to the Active Directory Schema. Class Definitions.

Three Kinds of Class Definitions. Identifying the Class. Defining the Attributes of a Class. Defining Containment Relationships. Inheritance in the Active Directory Schema. Defining Class Security. The classSchema Attributes.

Attribute Definitions.

Identifying the Attribute. Defining the Attribute's Type. Indexing and the Global Catalog. Linked Attributes. Other Administrative Attributes.

Attribute Syntax.

The Undefined Syntax. The DN Syntax. The OID Syntax. The caseExactString Syntax. The CaseIgnoreString Syntax. The IA5String Syntax. The NumericString Syntax. The ORName Syntax. The Boolean Syntax. The Integer Syntax. The OctetString Syntax. The GeneralizedTime Syntax. The DirectoryString Syntax. The PresentationAddress Syntax. The DNWithString Syntax. The NTSecurityDescriptor Syntax. The INTEGER8 Syntax. The DNWithBinary Syntax. The Sid Syntax.

The Aggregate Object.

attributeTypes. objectClasses. dITContentRules. extendedAttributeInfo. extendedClassInfo.

Investigating the Schema. Using LDAP to Search the Schema. Using ADSI to Search the Schema. Manipulating the Schema.

Finding the Schema FSMOMaster. Making Sure the Schema Can Be Changed. Obtaining OIDs for Schema Extensions. Why Your Schema Changes Don't Show.

Sample Schema Manipulation Programs.

Obtaining the Schema FSMO. Adding a New Class to the Schema. Adding a New Attribute to the Schema. Disabling a Class in the Schema. Disabling an Attribute in the Schema.

10. The Active Directory Domain Naming Context.

Active Directory Domains. The Builtins Container.

Local Groups. Global Groups. Universal Groups. Attributes of Group Objects.

The Computers Container.

Computer Attributes Inherited from the User Class. Other Attributes of the Computer Object.

The ForeignSecurityPrincipals Container.

The foreignSecurityPrincipal Object.

The Infrastructure Object. The LostAndFound Container. The System Container.

trustedDomain Objects. The RIDManager$ Object. The CN=System,CN=Policies Container and Group Policy Objects.

The Users Container.

User Identification Attributes. Security Attributes. Login Attributes. System Service Attributes.

The Domain Controllers Container.

dNSHostName. operatingSystem. operatingSystemHotfix. operatingSystemServicePack. operatingSystemVersion. rIDSetReferences. serverReferenceBL. servicePrincipalName.

III. ACTIVE DIRECTORY SERVICES INTERFACE.

11. ADSI Fundamentals.

Introduction to Active Directory Services Interface.

Multiple Client Platforms. Multiple Directory Providers.

ADSI or LDAP?

Platform. Language. Portability Between Directories. Other Considerations.

Component Object Model (COM) Basics.

I Know Don Box, and I'm No Don Box. What Is COM? Why COM? What's the Big Idea? The Components of COM.

Getting Started with ADSI.

Setting Up Your Machine. The "Hello, World" ADSI Program.

Special COM Data Classes.

A Note on Exceptions with _bstr_t and _variant_t. The _bstr_t Class. The _variant_t Class. The _com_error Class.

Binding to Active Directory Objects.

ADsPaths. Serverless Binding with ADSI. Binding to a Directory Object by GUID. What Happens When You Bind to a Directory Object? Fast Binding with ADSI. Binding with the Helper Functions ADsGetObject(). Binding with the Helper Functions ADsOpenObject(). Binding with the IADsOpenDSObject::OpenDSObject() Function.

12. Basic Active Directory ADSI Interfaces.

The ADSI Directory Object Interfaces.

The IADs Interface. The IADsPropertyList Interface. The IADsPropertyEntry Interface. The IADsPropertyValue Interface. The IADsPropertyValue2 Interface. The IDirectoryObject Interface. The IADsContainer Interface. The IADsDeleteOps Interface.

13. Searching Active Directory with ADSI.

Introduction to Searching with ADSI.

Specifying a Search Base. Search Filter. Specifying Attributes to Return. Objects as Rows. Attributes as Columns.

The IDirectorySearch Interface.

Starting and Ending a Search with IDirectorySearch. Terminating a Search with IDirectorySearch::CloseSearchHandle(). Retrieving Objects with IDirectorySearch::GetNextRow(). Retrievng Attributes with IDirectorySearch::GetNextCol() and IDirectorySearch::GetColumn(). ASimple Search Using IDirectorySearch.

Extended Searches Using Search Preferences.

Synchronous and Asynchronous Searching with IDirectorySearch. Paged Searches Using IDirectorySearch. Sorting Search Results with IDirectorySearch. Enabling and Disabling the Results Cache with IDirectorySearch. Setting Limits on Searches with IDirectorySearch.

14. Accessing Users, Groups, and Organization with ADSI.

Accessing User Objects with ADSI.

The IADsUser Interface. Getting a User's Name with IADsUser. Locking a User Account with IADsUser. Setting a User Password with IADsUser.

Accessing Groups with ADSI.

The IADsGroup Interface. The IADsMembers Interface.

Accessing Organizations, Localities, and Organizational Units with ADSI.

The IADsO, IADsOU, and IADsLocality Interfaces. Getting the Description of an Organization. Enumerating the Contents of an.

15. Accessing the Active Directory Schema with ADSI.

A Tale of Two Schemas.

Which Version of the Schema Should You Use?

Using the Generic Object Interfaces to Access the Schema.

Enumerating Classes in the Schema Using the Generic Object Interfaces. Binding to the Schema Master. Adding a New Attribute Using the Generic Object Interfaces. Adding a New Class Using the Generic Object Interfaces.

Using the Abstract Schema Interface to Access the Schema.

Binding to the Abstract Schema. Using the Abstract Schema Container Interface. Accessing a Schema Class Object with IADsClass. Accessing a Schema Property Object with IADSProperty. Accessing a Schema Syntax Object with IADsSchema.

16. Other Active Directory API Functions.

Connecting to an Active Directory Service. Translating Directory Service Names. Discovering Sites, Servers, and Domains.

Finding a Domain Controller. Listing the Sites in Active Directory. Listing the Servers in a Site.

IV. LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL.

17. LDAP Fundamentals.

LDAP History.

LDAP Version. LDAP Version. LDAP Version.

Installing the LDAPComponents. LDAP Programming Components.

WINLDAP.H. WLDAP32.LIB. WLDAP32.DLL.

Setting Up Visual Studio for LDAP Programming.

Method One: Modify the Project Settings. Method Two: Modify the Visual C++ Directories Options. Method Three: Modify the System Environment Variables.

LDAP Programming Model.

Initializing the Client Library. Connecting to an Active Directory Server. Issuing LDAP Requests. Processing LDAP Results. Closing the Connection.

Some General Notes About LDAP Programming for Active Directory.

Creating an LDAP Connection. Error Handling. ANSI and Unicode Character Sets. Object Identifiers (OIDs). Synchronous and Asynchronous (Multithreaded) Functions.

A Simple LDAPProgram.

18. Connecting to Active Diractory with LDAP.

A Note About Using the LDAP Client Library. Locating a Domain Controller. Intitializing the LDAPClient Library.

The ldap_init() Function. A Note on Port Numbers. The ldap_sslinit() Function.

Connecting to the Domain Controller.

The ldap_connect() Function. The ldap_open() Function.

Connecting with UDPUsing the cldap_open()Function. Disconnecting from an Active Directory Domain Controller.

19. Authenticating with Active Directory.

Authentication Credentials. Multiple Binds. Anonymous Connections. LDAPBinding Funtions. Simple LDAP Binding with ldap_simple_bind_s(). Using SASL to Authenticate with Active Directory. Using ldap_bind_s() to Authenticate with Active Directory.

20. Searching Active Directory with LDAP.

Specifying an LDAP Search.

The Starting Point of the Search. Search Depth. Search Criteria. Requesting Attributes.

A Simple Search Using ldap_search_s(). Processing the Search Results.

Iterating the Returned Entries. Getting the Distinguished Name of a Returned Entry. Retrieving the Returned Attributes. Processing the Attribute Values. Processing Binary Attribute Values.

Searching with a Timeout Value.

21. Advanced Searching with LDAP.

Complex Search Criteria.

How LDAP Processes Search Filters. The Full LDAP Search Filter Syntax. Searching for Bit-Field Attributes.

Checking the Validity of an LDAPSearch Filter. Asynchronous LDAP Searches.

Starting an Asynchronous Search. Processing Asynchronous Search Results. Abandoning an Asynchronous Search.

Attribute Requests.

Requesting All Attributes. Requesting Specific Attributes. Requesting Operational Attributes. Requesting All Attributes and Operational Attributes. Requesting No Attributes.

Time-Limited LDAP Searches.

Setting a Server Time Limit for a Search. Setting a Client Time Limit for a Search. Changing the Server Search Time Limits.

Entry-Limited LDAP Searches.

Why Entry Limits Aren't. Setting Search Entry Limits.

22. Extending LDAP Searches.

Extending LDAP Searches with LDAP Controls.

Client and Server Controls. The LDAPControl Structure. The Extended LDAP Functions. Introduction to Active Directory Search Controls. Getting Notifications of Directory Changes. Searching for Deleted Objects. Retrieving Security Descriptors for Directory Objects. Retrieving Extended Name Information.

Getting Search Results-A Page at a Time.

Two Ways to Perform a Paged Search. Setting Up the Paged Search. Retrieving Pages of Entries. Abandoning a Paged Search.

Getting Search Results in Sorted Order.

Sorting Oddities and Limitations. The Sorted Search Functions.

Using Paged and Sorted Searches Together.

23. Processing LDAP Referrals.

Two Kinds of Referrals. When Are Referrals Generated? Two Strategies for Handling Referrals.

Configuring the LDAP Client to Chase Referrals. Chasing Referrals from Search Results.

Caching Connections for Referrals.

24. Modifying Active Directory Objects with LDAP.

Things to Know Before You.

Multiple Modification Operations. Multivalued Attributes. Modification Operations. No Empty Attributes. Schema Rules. Access Rights. Data Structures for Modifying Objects with LDAP. Selecting the Appropriate API Function.

API Data Structures for Modifying Objects with LDAP.

The berval Structure. The ldapmod Structure.

Modifying an Existing Attribute. Adding a New Attribute to an Existing Object. Adding a New Attribute Using the berval Structure. Deleting an Existing Attribute. Adding Additional Values to an Existing Attribute. Deleting a Value from a Multivalued Attribute. Performing Bulk Directory Updates with the Lazy Commit Control. Asynchronous Directory Modifications.

Retrieving the Results of an Asynchronous Modification. Using Asynchronous Search and Modifications Together.

Moving and Renaming Active Directory Objects.

Renaming an Active Directory Object with LDAP. Renaming Active Directory Objects Asynchronously.

25. Adding Active Directory Objects with LDAP.

Things to Know Before You.

Adding Objects Is a Lot Like Modifying Them. Adding Multiple Attributes at Once. Multivalued Attributes. Existence of the Parent Container. Schema Rules.

API Data Structures for Adding Objects with LDAP.

The berval Structure. The ldapmod Structure.

Selecting the Appropriate API Function. Adding Objects Synchronously by Using ldap_add_s(). Adding Objects Asynchronously by Using ldap_add().

Retrieving the Results of an Asynchronous Addition.

Adding Objects in Bulk by Using the Lazy Commit Control. Adding Objects to the Directory with ldap_add_ext_s().

26. Deleting Active Directory Objects with LDAP.

Things to Know Before You.

Access Rights. Containers Must Be Empty Before You Can Delete Them.

Selecting the Appropriate API Function. Deleting Objects Synchronously by Using ldap_delete_s(). Deleting a Container and Its Subordinate Objects Using ldap_delete_ext_s(). Deleting Objects Asynchronously Using ldap_delete().

Retrieving the Results of an Asynchronous Deletion.

Deleting Objects Asynchronously Using LDAP Controls with ldap_delete_ext().

27. Comparing Active Directory Objects with LDAP.

Things to Know Before You.

The Differences Between Compare and Search. Matching Rules. Access Rights. Comparing Binary Values. Testing Multivalued Attributes.

Using ldap_compare_s() to Test Attribute Assertions. Using ldap_compare_ext_s() to Test Attribute Assertions. Using ldap_compare() to Test Attribute Assertions.

Retrieving the Results of an Asynchronous Comparison.

Using ldap_compare_ext() to Test Attribute Assertions.

28. Extending LDAP with Options and Controls.

LDAP Options.

Reading the Options. Setting the Options.

Turning Options On and Off. "Standard" LDAP Options.

LDAP_OPT_DESC. LDAP_OPT_DEREF. LDAP_OPT_SIZELIMIT. LDAP_OPT_TIMELIMIT. LDAP_OPT_REFERRALS. LDAP_OPT_RESTART. LDAP_OPT_PROTOCOL_VERSION and LDAP_OPT_VERSION. LDAP_OPT_HOST_NAME. LDAP_OPT_ERROR_NUMBER. LDAP_OPT_ERROR_STRING.

Microsoft-Specific LDAP Options.

LDAP_OPT_SSL. LDAP_OPT_REFERRAL_HOP_LIMIT. LDAP_OPT_PING_KEEP_ALIVE, LDAP_OPT_PING_WAIT_TIME, and LDAP_OPT_PING_LIMIT. LDAP_OPT_DNSDOMAIN_NAME. LDAP_OPT_GETDSNAME_FLAGS. LDAP_OPT_PROMPT_CREDENTIALS. LDAP_OPT_AUTO_RECONNECT. LDAP_OPT_SSPI_FLAGS.

LDAP Controls.

Paged Search. Sorted Search. Get Security Descriptor. Change Notification (Persistent Search). Show Deleted Objects. Lazy Commit. DirSync Control. Return Extended. Tree Delete. Cross Domain Move. Verify Server Name. Search with Local Scope. Permissive Modify.

29. LDAP Error-Handling Functions.

Handling LDAP Errors.

LDAP Error Codes. Getting String Descriptions of LDAP Errors. Converting LDAP Errors to Win32 Errors.

V. APPENDIX.

Appendix A. ADSI Interfaces for Active Directory.
Appendix B. Microsoft Windows 2000 LDAP Functions.
Index



Updates

Submit Errata

