As in my prior post I mentioned how to retrieve the LDAP url and primary server and port for queries I found also the need to identify the path to a particular active directory object, lets say, I have a group name but I need to find the LDAP id for it, how can I do that?
We’ll, I have found an implementation on Excel (if you search for the code you will find several examples with the same thing)
I don’t remember where I found the code from, so I can’t provide a link to the source but here it is:
Function getLDAPName(ByVal SearchField As String, ByVal SearchString As String, ByVal ReturnField As String)
‘Declare Variables
Dim objAdoCon, objAdoCmd, objAdoRS
Dim objUser, objRootDSE
Dim strDomainDN, strUserFullName
Dim intAnswer As Integer
On Error GoTo Err_NoNetwork
‘ Get the DN of the user’s domain
Set objRootDSE = GetObject(“LDAP://rootDSE”)
strDomainDN = objRootDSE.Get(“defaultNamingContext”)
‘ Search the domain for the user’s account object
Set objAdoCon = CreateObject(“ADODB.Connection”)
objAdoCon.Open “Provider=ADsDSOObject;”
Set objAdoCmd = CreateObject(“ADODB.Command”)
Set objAdoCmd.ActiveConnection = objAdoCon
objAdoCmd.CommandText = _
“SELECT ADsPath,samAccountName FROM ‘LDAP://” & strDomainDN & “‘ WHERE ” & _
“objectCategory=’person’ AND objectClass=’user’ AND ” & _
SearchField & “='” & SearchString & “‘”
‘ “DisplayName='” & clockNumber & “‘”
‘ “sAMAccountName='” & clockNumber & “‘”
Set objAdoRS = objAdoCmd.Execute
‘ If found, get the displayName attribute.
If (Not objAdoRS.EOF) Then
Set objUser = GetObject(objAdoRS.Fields(“ADsPath”).Value)
objUser.GetInfoEx Array(ReturnField), 0
getLDAPName = objUser.Get(ReturnField)
Set objUser = Nothing
Else
‘ handle “not found” error here
GoTo Err_NoNetwork
End If
Set objAdoRS = Nothing
Set objAdoCmd = Nothing
objAdoCon.Close
Set objAdoCon = Nothing
Set objRootDSE = Nothing
Set WshNetwork = Nothing
GoTo Exit_Sub
Exit_Sub:
Exit Function
Err_NoNetwork:
getLDAPName = “Error”
GoTo Exit_Sub
End Function
The most important detail in this code, is the Active directory query. (you can find a list of available properties in this link)
for example in the following query
select cn from LDAP://[LDAP URL] WHERE objectCategory=’group’ and cn=’MyGroupName’
(*Update): When you are querying for a name and you need to filter on a partial string (LIKE statement) you can use the ‘*’ so ‘MyGro*’ will look for anything starting with MyGro and ‘M*yGroupName’ will search for anything with starting M and anything between the yGro.
What I am looking for is the common name of the MyGroupName, and a list of properties can be specified (the full list on the link above)
but If you change the specific attribute for a ‘*’ interestingly enough you won’t get all parameters (as a sql query would) but you receive the full LDAP object name in the value field.
The query highlighted in blue uses * to search for a group:
As you can see the value field lists the entire tree to find the object
You can review the objec with little more detail (using the immediate window)
so, as you can see in this post, you can find a lot of detail for an account or group on active directory using any VBA tool available to you (instead of having to download extra tools)