Identify record in Global Catalog
-
hi All, Suppose GC consists of a number of forests. with ldap search, i found a record in the GC and now want to update this record, but attribute which i want to update is not presented in GC. how to identify forest this record belongs to and what ldap port i must use to update this record in the forest?
modified on Friday, January 11, 2008 10:46:33 AM
-
hi All, Suppose GC consists of a number of forests. with ldap search, i found a record in the GC and now want to update this record, but attribute which i want to update is not presented in GC. how to identify forest this record belongs to and what ldap port i must use to update this record in the forest?
modified on Friday, January 11, 2008 10:46:33 AM
GC, forest? I don't understand what you are taking about. Are you refering to garbage collection? Give a little more detail to your question :)
"If an Indian asked a programming question in the forest, would it still be urgent?" - John Simmons / outlaw programmer I get all the news I need from the weather report - Paul Simon (from "The Only Living Boy in New York")
-
GC, forest? I don't understand what you are taking about. Are you refering to garbage collection? Give a little more detail to your question :)
"If an Indian asked a programming question in the forest, would it still be urgent?" - John Simmons / outlaw programmer I get all the news I need from the weather report - Paul Simon (from "The Only Living Boy in New York")
Hi Justin, good catch for Indian :) GS is Global Catalog (GC). So GC contains info from number of Active Directory forests. thanks, max
-
hi All, Suppose GC consists of a number of forests. with ldap search, i found a record in the GC and now want to update this record, but attribute which i want to update is not presented in GC. how to identify forest this record belongs to and what ldap port i must use to update this record in the forest?
modified on Friday, January 11, 2008 10:46:33 AM
You may wnat to actually say you're working with Active Directory and "Global Catalog" instead of GC. In .NET, GC normally stands for "Garbage Collector". The Global Catalog does NOT hold every property of every object. It holds a small subset of properties for all objects. Your command text probably starts with "
GC://...", correct?? Well, to get at the full record, you have to start with "LDAP://...". The port number is there to talk to either the unsecured version of LDAP, or the secured version. What you're doing on that connection has nothing to do with the port number you use. You normally don't need to give it the port number since AD uses the stadnard LDAP ports, 389 for normal connections and 636 for SSL secured. But, to find the object, all you have to do is return thedistiguishedNameof the object your looking for from the Global Catalog. The distiguishedName will tell you the full path to the object, including which domain the object is in. You can then use that you get the object from LDAP so you can modify all the properties you want.A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007 -
You may wnat to actually say you're working with Active Directory and "Global Catalog" instead of GC. In .NET, GC normally stands for "Garbage Collector". The Global Catalog does NOT hold every property of every object. It holds a small subset of properties for all objects. Your command text probably starts with "
GC://...", correct?? Well, to get at the full record, you have to start with "LDAP://...". The port number is there to talk to either the unsecured version of LDAP, or the secured version. What you're doing on that connection has nothing to do with the port number you use. You normally don't need to give it the port number since AD uses the stadnard LDAP ports, 389 for normal connections and 636 for SSL secured. But, to find the object, all you have to do is return thedistiguishedNameof the object your looking for from the Global Catalog. The distiguishedName will tell you the full path to the object, including which domain the object is in. You can then use that you get the object from LDAP so you can modify all the properties you want.A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007Dave, you're right! i work with Active Directory and Global Catalog. My command text always starts with "LDAP://..." but port is 3268 - port for GC. i know that 389 port is default port for LDAP. but aslo i know that this port can be changed. LDAP query i read from 3rd party programm and i don't know exactly would this query will point to GC or LDAP. So if query points to GC i want to find this record tin its forest. Or just LDAP://CN= will point to it?
-
Dave, you're right! i work with Active Directory and Global Catalog. My command text always starts with "LDAP://..." but port is 3268 - port for GC. i know that 389 port is default port for LDAP. but aslo i know that this port can be changed. LDAP query i read from 3rd party programm and i don't know exactly would this query will point to GC or LDAP. So if query points to GC i want to find this record tin its forest. Or just LDAP://CN= will point to it?
robot_rock wrote:
LDAP query i read from 3rd party programm and i don't know exactly would this query will point to GC or LDAP.
GC queries always start with
GC://, so if you're getting this a 3rd party app and it usesLDAP://to begin it's command string, chances are it's not comming from the Global Catalog. If you're sure the result is comming from the Global Catalog, and you get the distinuishedName back from the query, that name will point directly to the object in question if you use it in another LDAP command string:LDAP://_distinguishedName_/_yourParameterList_Keep in mind though when you bind to an object, you only immediately get back some basic properties of the object. You need to tell it to retrieve either all of the remaining properties, or just specify which properties you need. After that, you can modify them and write the changes back to AD.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007 -
robot_rock wrote:
LDAP query i read from 3rd party programm and i don't know exactly would this query will point to GC or LDAP.
GC queries always start with
GC://, so if you're getting this a 3rd party app and it usesLDAP://to begin it's command string, chances are it's not comming from the Global Catalog. If you're sure the result is comming from the Global Catalog, and you get the distinuishedName back from the query, that name will point directly to the object in question if you use it in another LDAP command string:LDAP://_distinguishedName_/_yourParameterList_Keep in mind though when you bind to an object, you only immediately get back some basic properties of the object. You need to tell it to retrieve either all of the remaining properties, or just specify which properties you need. After that, you can modify them and write the changes back to AD.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007ok Dave. as i know LDAP://distinguishedName/yourParameterList will only work if machine, from what i'm binding to object, belongs to this forest, otherwise i must specify machine name and port in LDAP query, isn't it?
thanks, max
-
ok Dave. as i know LDAP://distinguishedName/yourParameterList will only work if machine, from what i'm binding to object, belongs to this forest, otherwise i must specify machine name and port in LDAP query, isn't it?
thanks, max
If you use the distinguishedName, the domain information is already supplied and any controller in that domain can service the request. No, you don't have to specify the port, unless those domain controllers are not using the standard port numbers.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007 -
If you use the distinguishedName, the domain information is already supplied and any controller in that domain can service the request. No, you don't have to specify the port, unless those domain controllers are not using the standard port numbers.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007Dave, thank you very much. i'll try this. thanks max
thanks, max
-
If you use the distinguishedName, the domain information is already supplied and any controller in that domain can service the request. No, you don't have to specify the port, unless those domain controllers are not using the standard port numbers.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007but, one more question - if these DCs are using non-default ports, how should i connect them?
thanks, max