Chapter 25. Using ADSI and ADO from ASP or VB

Two important features of Active Directory require administrators to create their own tools:

• The ability to extend the Active Directory schema with your own classes and attributes, which allows you to store additional data with objects

• The ability to delegate control of administration of Active Directory in a very detailed manner

If you take advantage of these, there is a large chance that you will want to provide customized tools for administration.

For example, you might decide that a group of users is to manage only certain properties of certain objects, say which users can go into a group. There is no point in giving them Active Directory Users and Computers snap-in; that's like using a sledgehammer to crack a nut. Why not create a tool of your own that only allows them to manipulate the values that they have permission to? If you then incorporate logging into a file or database within this application, you have a customized audit trail as well.

Tools of this nature do not lend themselves to VBScript since they tend to require a much more enhanced GUI interface. Consequently, you are left with three choices:

• Write code in a compiled language like Visual Basic or VB.NET that supports complex GUI routines.

• Write code for a web-based interface using HTML and Active Server Pages (ASPs) or using ASP.NET.

• Write code in another scripting language such as Perl that supports complex graphical controls.

We will concentrate on the first two in this chapter.