using OpenDSObject

[Frederick Shotton]

I'm using ADSI to find out which groups a user belongs to. It works fine
except when the user is not logged into the domain I am querying. I then
use OpenDSObject so I can query the domain with passed in credentials but I
can't for the life of me figure out how to use this on an NT domain. Can
someone show me a piece of code that uses OpenDSObject on an NT domain? The
code below is my closest attempt at doing so.

Dim dl As IADs
Dim NameSpace As IADsOpenDSObject
Set NameSpace = GetObject("WinNT:") ' this line only works with LDAP: for
some reason!
Set dl = NameSpace.OpenDSObject("WinNT://domain/username", "username",
"password", 0)
Debug.Print dl.Name

PS: Also is there a way to retrieve a unique ID for each object/group?

Frederick Shotton
Aeneid Inc.

[Richard Ault]

NT does not permit you to hold credentials (be logged in) to more than one
NT domain at a time. For this reason, the WinNT provider does not expose
an IADsOpenDSObject interface. LDAP (and NDS) access non-NT directories,
so they expose IADsOpenDSObject interfaces to allow you to specify
credentials for these "foreign" directories. You must take some action to
log into the NT domain you want to query. You could try establishing a
secure channel to the PDC in the domain (via net use or WNetAddConnection2
to IPC$ on the PDC) and you *MIGHT* be able to access the groups on that
domain.

For your other question, the .Name properties of global groups and users
are unique within the domain, but member servers can create duplicate names
in their local account databases. You cannot get to an NT 3/4 account's
SID using ADSI.

Richard Ault
--------------------
> From: "Frederick Shotton" <fsho...@aeneid.com>
> Subject: using OpenDSObject