Recipe 10.16 Finding the Linked Attributes
10.16.1 Problem
You want to find attributes that
are
linked.
10.16.2 Solution
10.16.2.1 Using a graphical user interface
Open LDP. From the menu,
select Connection Connect. For Server, enter the name of a domain controller (or leave blank to
do a serverless bind). For Port, enter 389. Click OK. From the menu, select Connection Bind. Enter credentials of a domain user. Click OK. From the menu, select Browse Search. For BaseDN, type the Schema container DN (e.g.,
cn=schema,cn=configuration,dc=rallencorp,dc=com). For Scope, select One Level. To find linked attributes, use the following for Filter: (&(objectcategory=attributeSchema)(linkid=*)) Click Run.
10.16.2.2 Using a command-line interface
> dsquery * cn=schema,cn=configuration,<ForestRootDN> -scope onelevel -filter[RETURN]
"(&(objectcategory=attributeSchema)(linkid=*))" -attr cn linkID
10.16.2.3 Using VBScript
' This code prints out all of the attributes that are linked
' and their corresponding linkID values
set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("SchemaNamingContext") & ">;"
strFilter = "(&(objectcategory=attributeSchema)(linkid=*));"
strAttrs = "cn,linkid;"
strScope = "onelevel"
set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
objRS.MoveFirst
while Not objRS.EOF
Wscript.Echo objRS.Fields(1).Value & " : " & objRS.Fields(0).Value
objRS.MoveNext
wend
10.16.3 Discussion
The values of some attributes in Active Directory are linked. For
example, if you set the manager attribute on one
user object to be the DN of a second
user object, the
reports attribute on the second
user object will automatically contain the first
user object's DN. In this
example, the manager attribute, or the attribute
that gets set, is considered the forward link and the
reports attribute, or the attribute
that automatically gets calculated, is called the back link. Another
common example is group membership. The member
attribute of the group object represents the
forward link, while the memberOf attribute of the
corresponding object (e.g., user) represents the back link.
You can identify which attributes are linked in the schema by
searching for attributeSchema
objects that have a linkID attribute that contains
some value. The linkID value
for a forward-link attribute will be an even, positive number. The
corresponding back-link attribute will be the
forward-linkID plus
1. For example, the manager
attribute linkID is 42 and the
back-link
reports attribute has a
linkID of 43.
|