Provider Specific Attributes
We discussed the approach to read ALL the attributes from an Active Directory object (or an object in any other LDAP directory) in the SelfADSI article 'Reading LDAP Directory Object Attributes'. The data returned with the appropriate methods can be processed in a script.
Anyhow, there is a problem when the regarding directory server returns an attribute with the ADSI data type 'provider specific'. This is never the case in Active Directory environments, but can be seen often when you try to access a Novell eDirectory or another LDAP system which defines it's own attribute syntaxes.
If an LDAP server returns the data type 'Provider Specific', the term should better be 'attribute data type cannot clearly identified by the script'. It's difficult to read the values of such attributes (it's strange that you don't have problems to write these values in most cases). If you attempt the access with normal read methods (like Get or GetEx), you will probably get this error return code:
0x8000500C - "The Active Directory datatype cannot be converted to/from a native DS datatype"
All you can do here is to evaluate the regarding LDAP directory schema - and we need a particular method to convert the data in a format which can be handled in a script. To achieve this, you read the attribute data into the local property cache for the connected directory object. This cache is filled with the ADSI method GetInfo and can be accessed later on with the GetPropertyItem function. This function allows you to specify the data format for the regarding values within certain limits. A reasonable approach would be to always read the data in the LDAP syntax octet string and convert it into any other format afterwards.
Set obj = GetObject("LDAP://nldap.cerrotorre.de/cn=ConsoleOneUpdate,ou=apps,o=cerrotorre", _
"cn=supervisor,ou=users,o=cerrotorre", "P@ssw0rd", 0)
obj.GetInfo 'fill the attribute cache
'get attribute "appPath" from the cache as a binary value
Set prop = obj.GetPropertyItem("appPath", ADSTYPE_OCTET_STRING)
valuearray = prop.Values '...the function always return an array
For Each value In valuearray
data = value.OctetString 'the actual value is read
hstr = OctetToHexStr(data) 'display output
WScript.Echo hstr & vbCrLf
WScript.Echo PrintOutHex(hstr, 16) & vbCrLf
WScript.Echo HexStrToAscii(hstr, True)
Next
Function OctetToHexStr(var_octet)
'Converts binary data to a hex string
Dim n
OctetToHexStr = ""
For n = 1 To lenb(var_octet)
OctetToHexStr = OctetToHexStr & Right("0" & hex(ascb(midb(var_octet, n, 1))), 2)
Next
End Function
Function PrintoutHex(var_hex, width)
'Takes a hexstring and returns an output in a hex editor style
'The width parameter determines how many byte per line the output has
Dim k1, k2, s1, s2
PrintOutHex = ""
For k1 = 1 To Len(var_hex) Step (width *2)
s1 = Mid(var_hex, k1, (width *2))
s2 = ""
s3 = HexStrToAscii(s1, False)
For k2 = 1 To Len(s1) Step 2
s2 = S2 & Mid(S1, k2, 2) & " "
Next
s2 = s2 & String((width *3)-Len(s2), " ")
If (k1=1) Then
PrintOutHex = PrintOutHex & s2 & "| " & s3
Else
PrintOutHex = PrintOutHex & vbcrlf & s2 & "| " & s3
End If
Next
End Function
Function HexStrToAscii(var_hex, format)
'Converts a hex string to an ASCII string.
'If 'format'=TRUE, tabs and CR/LFs are inserted
Dim k, v
HexStrToAscii = ""
For k = 1 To Len(var_hex) Step 2
v = CInt("&H" & Mid(var_hex, k, 2))
If ((v>31) And (v<128)) Then
HexStrToAscii = HexStrToAscii & (chr(v))
Else
If (format) Then
Select Case v
Case 8
HexStrToAscii = HexStrToAscii & vbTab
Case 10
HexStrToAscii = HexStrToAscii & vbCrLf
Case 13
Case Else
HexStrToAscii = HexStrToAscii & "."
End Select
Else
HexStrToAscii = HexStrToAscii & "."
End If
End If
Next
End Function
The result: The binary raw data is first displayed as a pure hex string, after that a second output shows it like it would be in a hex editor, the last output is pure ASCII text:
ADSI Reference
on the MSDN: Property Cache Interface
In Active Directory environments, attribute values should NEVER be returned in the format 'Provider specific' by the server. If this is the case, there has to be a malfunction of the regarding domain controller or in the ADSI interface. In other directory services environments (like eDirectory), you may encounter these provider specific attributes some times.