Introduction to Active Directory Objects
Active Directory Service Interfaces (ADSI) is a programmatic interface for Microsoft Windows Active Directory. It enables your applications to interact with diverse directories on a network, using a single interface. Visual Studio .NET and the .NET Framework make it easy to add ADSI functionality with the DirectoryEntry and DirectorySearcher components. For an overview of Active Directory, see Active Directory Technology Backgrounder.
Using ADSI, you can create applications that perform common administrative tasks, such as backing up databases, accessing printers, and administering user accounts. ADSI makes it possible for you to:
- Log on once to work with diverse directories. The DirectoryEntry component class provides username and password properties that can be entered at runtime and communicated to the Active Directory object you are binding to.
- Use a single application programming interface (API) to perform tasks on multiple directory systems by offering the user a variety of protocols to use. The DirectoryServices namespace provides the classes to perform most administrative functions.
- Perform "rich querying" on directory systems. ADSI technology allows for searching for an object by specifying two query dialects: SQL and LDAP. For more information see Searching Active Directory Hierarchies.
- Access and use a single, hierarchical structure for administering and maintaining diverse and complicated network configurations by accessing an Active Directory tree.
- Integrate directory information with databases such as SQL Server. The DirectoryEntry path may be used as an ADO.NET connection string provided that it is using the LDAP provider.
You can use the DirectorySearcher class to search and perform queries against an Active Directory hierarchy using the Lightweight Directory Access Protocol (LDAP). You can perform queries based on properties (Rich Query) of an object that is located in a large directory to find a specific object by one or more of its property values. For more information, see Searching Active Directory Hierarchies.
The DirectoryEntry component can be bound to an object in the directory to perform administrative tasks, such as modifying properties or monitoring informational changes. For example, suppose that your company allows employees to place online orders for books needed in their jobs. Spending limits vary depending on the employee's position. When an employee places a book order, the company's tracking application can use a DirectoryEntry component to verify information about the employee's position and spending limits. If the limit is exceeded, the DirectoryEntry component can retrieve the e-mail address for the employee and his manager and can then send additional information to both of them.
Both the DirectoryEntry component and DirectorySearcher component require that you have the ADSI SDK or ADSI runtime installed on your computer in order to create applications with their functionality. ADSI 2.5 is installed by default with Windows 2000 or Windows XP. If you are using a previous version of Windows, you can install the SDK yourself from the Microsoft Web site.
The following requirements apply to DirectoryEntry components:
- To make changes to property values of Active Directory objects, you must have administrative rights to the object you are bound to. For information about Active Directory user rights see your Active Directory documentation in the Windows 2000 help directory.
The following requirements apply to DirectorySearcher components:
- DirectorySearcher component instances require the LDAP provider to perform rich queries against an Active Directory hierarchy.
- You must have a directory service provider, such as Active Directory or Lightweight Directory Access Protocol (LDAP), installed on your computer for the ADSI APIs to be useful when conducting searches. For more information about the directory services you can use and how to install them, see the Microsoft Web site.