Platform SDK: Active Directory, ADSI, and Directory Services |
The ADS_AUTHENTICATION enumeration specifies authentication options used in ADSI for binding to directory service objects. When calling IADsOpenDSObject or ADsOpenObject to bind to an ADSI object, you must supply at least one of the options. In general, different providers will have different implementations. The options documented here apply to the providers supplied by Microsoft® that are shipped with the ADSI SDK. For more information, see ADSI System Providers.
typedef enum { ADS_SECURE_AUTHENTICATION = 0x1, ADS_USE_ENCRYPTION = 0x2, ADS_USE_SSL = 0x2, ADS_READONLY_SERVER = 0x4, ADS_PROMPT_CREDENTIALS = 0x8, ADS_NO_AUTHENTICATION = 0x10, ADS_FAST_BIND = 0x20, ADS_USE_SIGNING = 0x40, ADS_USE_SEALING = 0x80 } ADS_AUTHENTICATION_ENUM;
The ADS_SECURE_AUTHENTICATION flag can be used in combination with other flags such as ADS_READONLY_SERVER, ADS_PROMPT_CREDENTIALS, ADS_FAST_BIND, etc.
Serverless binding refers to a process in which a client attempts to bind to an Active Directory object without explicitly specifying an Active Directory server in the binding string, for example, "LDAP://CN=jsmith,DC=Microsoft,DC=Com". This is possible because the LDAP provider relies on the locator services of Windows® 2000 to find the best domain controller (DC) for the client. However, the client must have an account on the Active Directory domain controller in order to take advantage of the serverless binding feature.
Note Because VBScript cannot read information from a type library, VBScript applications do not understand the symbolic constants as defined above. You should use the numerical constants instead to set the appropriate flags in your VBScript applications. If you want to use the symbolic constants as a good programming practice, you should make explicit declarations of such constants, as done here, in your VBScript applications.
The following Visual Basic® code snippet illustrates how to use IADsOpenDSObject to open the "Administrator" user object on "Microsoft" with secure authentication for the WinNT provider.
Dim dso As IADsOpenDSObject Dim domain As IADsDomain Set dso = GetObject("WinNT:") Set domain = dso.OpenDSObject("WinNT://Microsoft", "Administrator", "secret", ADS_SECURE_AUTHENTICATION)
The following C/C++ code snippet illustrates how the ADS_SECURE_AUTHENTICATION flag is used with ADsOpenObject for validating the user bound as "JSmith".
IADs *pObject; HRESULT hr; hr = ADsOpenObject(L"LDAP://CN=Jsmith, DC=Microsoft, DC=com", L"Microsoft\\JSmith", L"password", ADS_SECURE_AUTHENTICATION, IID_IADs, (void**) &pObject);
The user name can be of the UPN format: "JSmith@Microsoft.com", as well as the distinguished name format: "CN=JSmith,DC=Microsoft,DC=COM".
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with DSClient).
Windows 95/98: Requires Windows 95 or later (with DSClient).
Header: Declared in Iads.h.
ADSI Enumerations, ADSI System Providers, ADsOpenObject, IADsOpenDSObject, IADsAccessControlEntry