Creating LDAP Directory Objects
In order to create different objects you may just connect to the directory container in which the new objects shall be. There, you use the container operation create(). You have to pass the object class for the new object and its relative distinguished name (RDN). In addition, depending on the specific object class, mandatory attributes have to be set, otherwise the object can not be created appropriately or even cannot be created at all.
Examples for ADS and Exchange (for Exchange 2000 or later):
| Creating Organizational Units | |
| Creating Users | Creating Mail Users |
| Creating Contacts | Creating Local Groups |
| Creating Global Groups | Creating Universal Groups |
Examples for Novell eDirectory (NDS):
| Creating Organizational Units | Creating ZEN Application Objects |
| Creating Users | Creating Groups |
Creating Organizational Units
In order to create an ADS Organizational Unit, you have to connect to the directory container in which it shall be created. This can be either a domain object or another OU.
Set ou = parent.Create("organizationalUnit", "ou=Department1")
ou.SetInfo
Creating Users
In order to create an ADS user, you have to utilize the object class 'user' and after that you have to set at least the attribute 'sAMAccountName' (Windows NT logon name):
Set user = ou.Create("user", "cn=Philipp")
user.sAMAccountName = "philipp"
user.SetInfo
By the way, the user is created as a deactivated user without password. Possible existing password standards (minimum password length or complexity requirements) are not considered. For activating the account at the same time, the following code can be used:
Set user = ou.Create("user", "cn=Philipp")
user.sAMAccountName = "philipp"
user.pwdLastSet = -1
user.SetInfo
user.AccountDisabled = FALSE
user.SetInfo
Attention: In this case, it is inevitable to run the SetInfo routine twice. More information about the relevant LDAP attributes or about the configuration of additional object properties can be found in 'Attributes for ADS User' here in the SelfADSI Tutorial.
Creating Mail Users
In order to create a mail-enabled user within an Exchange organization (Exchange 2000 upwards) the object class 'user' has to be used and then at least the attributes 'sAMAccountName' (Windows NT logon name), 'mailNickName' (Exchange alias), 'displayName' and 'homeMDB' (information store of the mailbox) have to be set:
The exact distinguished name of the information store has to be used which consists of the organization's name of the Exchange server, the name of the storage group and the database.
Set mailuser = ou.Create("user", "cn=Philipp")
mailuser.sAMAccountName = "philipp"
mailuser.homeMDB = "CN=Name of the Priv Database," &
"CN=Name of the StorageGroup,CN=InformationStore,CN=Name of the Exchange server,"& _
"CN=Servers,CN=Name of the administrative group," & _
"CN=Administrative Groups,CN=Name of the Exchange organisation,CN=Microsoft Exchange," & _
"CN=Services,CN=Configuration,DC=cerrotorre,DC=de"
mailuser.mailNickName = "philipp"
mailuser.displayName = "Foeckeler, Philipp"
mailuser.SetInfo
The mailbox of this user will not be displayed in the Exchange System Manager (ESM) as long as the first mail is delivered. By the way, the user is created as deactivated user without password. Possible existing password standards (minimum password length or complexity requirements) are not considered. For activating the account at the same time, the following code has be used:
Set mailuser = ou.Create("user", "cn=Philipp")
mailuser.sAMAccountName = "philipp"
mailuser.homeMDB = "CN=Name of the Priv Database," &
"CN=Name of the StorageGroup,CN=InformationStore,CN=Name of the Exchange server,"& _
"CN=Servers,CN=Name of the administrative group," & _
"CN=Administrative Groups,CN=Name of the Exchange organisation,CN=Microsoft Exchange," & _
"CN=Services,CN=Configuration,DC=cerrotorre,DC=de"
mailuser.mailNickName = "philipp"
mailuser.displayName = "Foeckeler, Philipp"
mailuser.SetInfo
mailuser.AccountDisabled = FALSE
mailuser.SetInfo
Attention: In this case, it is inevitable to run the SetInfo routine twice. More information about the relevant LDAP attributes or about the configuration of additional object properties can be found in 'Attributes for ADS User' here in the SelfADSI Tutorial.
Creating Contacts
If you want to create a mail-enabled contact within an Exchange Organization (Exchange 2000 upward), the object class 'contact' will have to to be used and then at least the attributes 'mailNickName' (Exchange alias), ' displayName' and 'targetAddress' (external mail address) have to be set (this is the Windows NT logon name):
Set mailcontact = ou.Create("contact", "cn=Mail-Contact")
mailContact.mailNickName = "pfoeckeler-extern"
mailContact.displayName = "Föckeler, Philipp (Extern)"
mailContact.targetAddress = "philipp.foeckeler@cerrotorre.de"
mailcontact.SetInfo
More information about the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.
Creating Local Groups
If you want to create a local ADS group, the object class 'group' needs to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name) and 'groupType' (group area) have to be set:
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000
Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")
Set localgroup = ou.Create("group", "cn=SAPUsers")
localgroup.sAMAccountName = "SAPUsers"
localgroup.groupType = ADS_GROUP_TYPE_LOCAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
localgroup.SetInfo
In order to create a local distribution group within an Exchange organization (Exchange 2000 upwards), the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (Windows NT logon name), 'mailNickName' (Exchange alias), 'displayName' and 'groupType' have to be set:
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000
Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")
Set local-dl = ou.Create("group", "cn=All-SAP-Users")
local-dl.sAMAccountName = "All-SAP-Users"
local-dl.mailNickName = "All-SAP-Users"
local-dl.displayName = "All SAP Users"
local-dl.groupType = ADS_GROUP_TYPE_LOCAL_GROUP
local-dl.SetInfo
If you want the group becoming a security group that is able to get permissions as well as to receive mail, then the group type has to be set like this:
local-dl.groupType = ADS_GROUP_TYPE_LOCAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
...
If you need further information concerning the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.
Creating Global Groups
If wanting to create a local ADS group, the object class 'group' needs to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name) and 'groupType' (group area) have to be set:
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000
Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")
Set globalgroup = ou.Create("group", "cn=Development")
globalgroup.sAMAccountName = "Entwicklung"
globalgroup.groupType = ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
globalgroup.SetInfo
In order to create a global distribution group within an Exchange Organization (Exchange 2000 upwards) ,the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name), 'mailNickName' (Exchange alias), 'displayName' and 'groupType' have to be set:
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000
Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")
Set global-dl = ou.Create("group", "cn=All-Department-Managers")
global-dl.sAMAccountName = "All-Department-Managers"
global-dl.mailNickName = "All-Department-Managers"
global-dl.displayName = "All Department Managers"
global-dl.groupType = ADS_GROUP_TYPE_GLOBAL_GROUP
global-dl.SetInfo
If you want the group becoming a security group that is able to get permissions as well as to receive mail, then the group type has to be set like this:
local-dl.groupType = ADS_GROUP_TYPE_GLOBAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
...
More information about the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.
Creating Universal Groups
If you want to create a universal ADS group, the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name) and 'groupType' (group area) have to be set:
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000
Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")
Set globalgroup = ou.Create("group", "cn=Support")
globalgroup.sAMAccountName = "Support"
globalgroup.groupType = ADS_GROUP_TYPE_UNIVERSAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
globalgroup.SetInfo
In order to create a universal distribution group within an Exchange Organization (Exchange 2000 upwards), the object class 'group' has to be used and then at least the attributes 'sAMAccountName' (this is the downwards compatible Windows NT name), 'mailNickName' (Exchange alias), 'displayName' and 'groupType' have to be set:
ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000
Set ou = GetObject("LDAP://ou=Accounts,dc=cerrotorre,dc=de")
Set global-dl = ou.Create("group", "cn=All-Support-Engineers")
global-dl.sAMAccountName = "All-Support-Engineers"
global-dl.mailNickName = "All-Support-Engineers"
global-dl.displayName = "All Support Engineers"
global-dl.groupType = ADS_GROUP_TYPE_UNIVERSAL_GROUP
global-dl.SetInfo
If you want the group to become a security group that is able to get permissions as well as to receive mail, then the group type has to be set like this:
local-dl.groupType = ADS_GROUP_TYPE_UNIVERSAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED
...
More information about the relevant LDAP attributes or the configuration of additional object properties can be found in the topic 'Attributes for ADS User' here in the SelfADSI Tutorial.
Creating Organizational Units in the eDirectory
If you need to create an Organizational Unit within the eDirectory, you connect to the directory container in which the new objects shall be created in at first. This can be either an object of an organization, another OU, a locality object or a domain. No mandatory attributes need to be set.
Set ou = parent.Create("organizationalUnit", "cn=Karlsruhe")
ou.objectClass = "organizationalUnit"
ou.SetInfo
Please note the difference between this case and the creation of objects in Active Directory environments: The attribute "objectClass" is set explicitely. This is not necessary in every eDirectory version, but to avoid errors you should definitely set the objectclass of eDirectory objects in this way.
Creating User in the eDirectory
In order to create an eDirectory user, you have to use the object class 'inetOrgPerson' and then you have to set at least the attribute 'sn' (surname):
Set user = ou.Create("inetOrgPerson", "cn=Philipp")
user.sn = "Foeckeler"
user.objectClass = "inetOrgPerson"
user.SetInfo
Please note the difference between this case and the creation of objects in Active Directory environments: The attribute "objectClass" is set explicitely. This is not necessary in every eDirectory version, but to avoid errors you should definitely set the objectclass of eDirectory objects in this way.
Creating Groups in the eDirectory
For creating an eDirectory group, the object class 'group', 'groupOfNames' or as well 'groupOfUniqueNames' may be used. These are equal synonyms of the same object class. No mandatory attributes need to be set.
Set group = ou.Create("groupOfNames", "cn=CerroAdmins")
group.objectClass = "groupOfNames"
group.SetInfo
Please note the difference between this case and the creation of objects in Active Directory environments: The attribute "objectClass" is set explicitely. This is not necessary in every eDirectory version, but to avoid errors you should definitely set the objectclass of eDirectory objects in this way.
Creating ZEN Application Objects in the eDirectory
For creating a ZEN Application Object the object class 'appApplication' has to be used and at least the attributes 'appCaption' and 'appPath' have to be set. This is the description of the applications and the call path of the respective program:
Set app = ou.Create("appApplication", "cn=AppControl")
app.Put "appCaption", "AppControl 1.0"
app.Put "appPath", "47 NULL"
app.Put "objectClass", "appApplication"
app.SetInfo
Please note that we have to use the entirely official put method here and can not simply set the attributes as object properties. Thus, the call app.appCaption = 'AppControl 1.0' would have caused a runtime error. The reason for this is that the attributes appCaption and appPath feature a type that is specific to providers and are no standard strings.
In our example I have set the path to the executable data file empty - for that purpose the string '47 NULL' has to be set as value.