Binding String
Due to the number of objects accessible from a directory service, naming collisions can occur. The binding string, which is commonly referred to as the ADsPath, enables you to specify a particular object without causing a naming collision. This can be applied for a single directory service provider or across multiple directory service providers.
An ADsPath is a string that uniquely identifies an ADSI object on a directory service. Because ADSI objects exist within the context of the namespace of the underlying directory service, part of the syntax of an ADsPath name is provider-specific.
The following table lists the ADSI providers provided by default.
Provider | Description |
---|---|
WinNT |
Used to communicate with Windows domain controllers. For more information about the WinNT ADsPath, see WinNT ADsPath. |
LDAP |
Used to communicate with LDAP servers, such as Active Directory. For more information about the LDAP ADsPath, see LDAP ADsPath. |
ADs |
Provides an IADsNamespaces implementation that can be used to enumerate all of the ADSI providers installed on the client. |
Use these provider names to access the default provider namespace. For example, if you bind to LDAP, ADSI binds to a container that contains the domain object currently logged on. If you bind to WinNT, ADSI binds to a container that holds objects that correlate to all domains on the network.
The initial elements of the ADsPath string are the programmatic identifier (progID) of the ADSI provider, followed by "://", followed by syntax dictated by the provider namespace. The progID string may or may not be case-sensitive, depending on the provider. The progID strings for the providers listed above are case-sensitive.
The path string may or may not be case-sensitive, depending on the provider. The path strings for the providers listed above are not case-sensitive.
The following are examples of ADsPaths.
LDAP://CN=Jeff Smith,CN=users,DC=fabrikam,DC=com
LDAP://server01/CN=Jeff Smith,CN=users,DC=fabrikam,DC=com
WinNT://MyDomain/ComputerName,Computer
WinNT://MyDomain/UserAccount
To find all providers installed on your computer, bind to the ADs provider as shown in the following code example.
Set x = GetObject("ADs:")
For Each provider In x
provider.Name
Next
Using the LDAP provider, you can specify the ADsPath either in an X.500 distinguished name (DN) form, starting with the CN tag, or you can specify its hierarchical inverse, starting with the O tag. The form you use in the initial ADsPath determines the order of the tags.
The following table lists ADsPath special characters.
Name | Character | Description |
---|---|---|
Double quote |
" |
Used to quote any part of the ADsPath that may contain a special character so that the string is interpreted literally. For example, "CN=Name/Prefix". |
Backslash |
\ |
Used to precede special characters to signify they should be used as literals. For more information and a list of special characters, see Distinguished Names. |
Slash |
/ |
Component separator. |
Angle brackets |
<> |
Delimit an ADsPath within another naming convention. |
To delimit an ADsPath in a search specification or as part of a URL, use the left and right angle bracket (< >). For example, "<WinNT://MyDomain/UserAccount>".
Some ADSI providers may have added syntax restrictions due to namespace requirements.
Active Directory Binding Options
Active Directory provides the ability to bind to an object using several other types of binding strings, such as a COM globally unique identifier (GUID) or a security identifier (SID). For more information, see Binding to Active Directory.