Active Directory
[http://en.wikipedia.org/wiki/Active_Directory] is
[Microsoft]'s implementation of, among other things,
[LDAP] services.

Two approaches to AD work [http://www.winnetmag.com/Windows/Article/ArticleID/16170/16170.html] are:
   * through standard LDAP tools
   * through Microsoft's own [ADSI]-based utilities, which often involve extra-LDAP functionality.


I like this
[http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_adsrh_tools.asp]
reference to Microsoft's own AD Searches [[sic]] Tools.  Note, though, that the previous
page fails to mention ldifde and csvde, which, despite the appearance of their documentation
[http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/ldifde.asp]
[http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/CSVDE.asp],
are available for Windows Server 2000.  Also significant is 
schemadocfile
[http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/schemadoc.asp].

----
[LV] 2009-Sep-15
So, does anyone have an example of interacting with Active Directory from Tcl? In particular, what I'd like to be able to do is find a '''simple''' way to get information about the users on AD so that I can audit the information (to determine whether the user's attributes like department, room number, etc. are correct).

----
Little example. LDAP authentication function.

======
package require ldap
                
foreach SERVER [list ad1 ad2] {
                    
        if {[catch {set handle [ldap::connect $SERVER $ad_tcp_port]} err]} {
                puts "ldap::connect: $err"
                continue
        }
        if {[catch {set tok [ldap::bind $handle $User $Passwd]} err]} {
                # Auth problem, skip next ad server
                catch {ldap::disconnect $handle} err
                continue
        } else  {
                # User/Passwd OK
                break
        }
}

catch {ldap::unbind $handle} err
catch {ldap::disconnect $handle} err
======

<<categories>> Glossary | Windows