日期:2009-07-12  浏览次数:20959 次

Learning ADSI - Part I: Adding Users To W2K
By Remie Bolte

print this article


email this article to a colleague


Introduction

As the desire and need for the Internet grew, Microsoft created new products and modified its old ones. Windows OS required features that gave developers and administrators the option to perform tasks remotely. Microsoft responded in part with Active Directory Services Interface (ADSI). ADSI provides a single set of directory interfaces for accessing and managing network resources. So for instance, an administrator could change user permissions or add a user to a network, independent of network environment, using a Web interface or a VB program.


Caveat

Please keep in mind that you are going to modify the basics of the Windows NT security model. You should be very alert when dealing with ADSI. Keep in mind that a simple mistype could mean reformatting and reinstalling your system. Don't do it on a operational machine! Please know that I have tried to make the following code as accurate as possible. Yet I can't guarantee their outcome. So please don't just copy and paste. I know it is very attractive, but it could cause you to spend the next couple of hours looking at a very appealing Windows installation screen.


Windows Security Account Manager

The Security Account Manager (SAM) is the portion of Windows which registers and holds all user information and knows all the default configuration settings. Our first meeting with SAM entails the process of creating a user. This applies to Windows 2000 as well as Windows NT 4.0.

NOTE: In order for the following code to work, administrator rights are required.


Adding A User to The SAM


<%

1. AddUser  "newuser","mydomain"
2.
3.   Sub AddUser(strUser,strDomain)
4.     Dim Computer
5.     Dim User
6.
7.     Set Computer = Getobject("WinNT://" & strDomain)
8.     Set User = computer.create("User",strUser)
9.     User.setinfo
10. End sub

%>


This code can be activated by calling it anywhere in the ASP page (line 1). Also, make sure to spell winnt like the example given in line 7. ADSI is very case sensitive and will refuse to work if you spell it differently. As you can see there are no attributes given; this user is created without a password. Let's do something about that.

<%

1. AddUser  "newuser","mydomain","New user","adsi","Our best employee"
2.
3.   Sub AddUser(strUser,strDomain,strFullname,strPassword,strDesc)
4.     Dim Computer
5.     Dim User
6.
7.     Set Computer = Getobject("WinNT://" & strDomain)
8.     Set User = computer.create("User",strUser)
8.     User.fullname = strFullname
9.     User.Description = strDesc
10.   call User.SetPassword(strPassword)
11.   User.setinfo
12. End sub
%>


As you can see, I added more than just a password. I also added the fullname and the description. These aren't really important if you have a system with 5 users, but large corporations usually have a po