The introduction of Windows 2000 (Win2K) has come and gone and, with a purported one million seats sold as of early 2001, Microsoft is making reasonable progress toward moving the world onto its new platform. Many new aspects come with Win2K and one of the major ones that most people feel uncomfortable with is Active Directory (AD).
In an attempt to make access to the directory a simpler task, as well as less daunting to those who are used to COM objects and Microsofts Visual Studio, Microsoft introduced a technology known as Active Directory Services Interface (ADSI). Application developers and system administrators alike can use ADSI, which lets them use anything that supports OLE automation (e.g., COM+, OLE DB, or ODBC) to access directory services.
While you can find a lot of good documentation about ADSI at Microsofts Developer Network (MSDN) Web site (www.microsoft.com/adsi), its good to find a book that provides real world, task-related examples that you can apply to everyday administrative problems.
Despite the name, ADSI can be used to access many different types of directory or service information, including Novell Directory Services (NDS), Lightweight Directory Access Protocol (LDAP) services, File System and application settings within Internet Information Server (IIS), and, of course, AD itself. For those who dont know, AD is essentially an LDAP-accessible directory with a number of Microsoft customizations to make it work for Win2K. That said, a lot of the code also works with NT 4 -- for example, NT account management and IIS service management.
The book serves as an excellent introduction to ADSI coding through the judicious use of sample scripts that relate closely to the tasks that a system administrator often undertakes in a Windows environment. This includes administration of Exchange through LDAP using ADSI, which was particularly useful, and likely to be so, too, to many administrators in Microsoft environments.
This ability to truly manage Exchange is one of those often-requested solutions from Microsoft that is usually hidden away in obscure DAPI calls, or is left for their Professional Services group to deal with.
I wish I had this book when I was writing my original list manager against Exchange a couple of years ago. The code examples show how to deal with distribution list management in Exchange. This is also useful if you are considering using such code in your ASP pages to check for membership of distribution lists as an authorization mechanism in IIS, providing a potential authorization solution so often missing from many Web applications.
Chock full of sample scripts, the book shows you how to work in both Visual Basic (VB) and VB Script for Windows Scripting Host (WSH) or Active Server Pages (ASP). There is a difference between these two and it is reasonably well explained; however, I do have a minor gripe with the amount of space given to the code samples, which Ill discuss shortly. Alas, there are several more issues I have with the book and, unfortunately, they take up more space than the things I like about it.
Because the book is very light on theory around COM and the ADSI-specific implementation, it is not the best for C++ programmers. However, if you can bear examples in VB or VB Script, you will find a lot of useful error code and object definitions. If you want a book on C++ programming against ADSI, take a look at "Active Directory Programming" by Gil Kirkpatrick.
The book dedicates a lot of space to using ADSI against IIS and its various services. This might be exactly what you need and, given the code samples included, I would recommend the book heartily. But I believe more space should have been dedicated to the use of LDAP and Active Directory through ADSI.
The book provides detailed examples of how to program ADSI using VB and then takes another 100 pages to provide exactly the same code samples, but with the very small changes required in VB Script. This approach seems incredibly redundant. One of the primary differences between the two mechanisms is that VB Script does not allow you to "type" variables when you declare or dimension them. Therefore, in VB you would cast a variable using a line such as
Dim adsiObject as adsuser
but VB Script forces you to dimension the variable and then know its type when you wish to use it, as follows:
Dim adsiObject
This, to me, is a flagrant waste of paper and I would rather have seen a more extensive explanation of the differences between VB and VB Script so that readers could make their own changes to the scripts. I remember something about "give a man a fish and you feed him for a day, but if you teach him to fish you feed him for life." Corny perhaps, but the analogy applies here.
The book also dedicates a lot of space to the basic ADSI COM model, providing an appendix to the raw MSDN ADSI 2.5 Programmers Reference. Again, I think this is wasted space; you can download a more comprehensive version from Microsoft.
Finally, a small gripe on my part is the amount of white space given over to the functional specifications of Mr. Ecks own Class Module definitions. This is certainly not a specific flame at this book, just a personal rant because I see a lot of books that seem padded through the judicious use of formatting. All publishers should take a hard look at this practice.
In conclusion, this book is probably useful on top of downloading the ADSI references from the Microsoft Web site -- especially if you like to have a handy printed copy of things while you write code.
Windows NT/2000: ADSI Scripting for System Administration
Author: Thomas Eck
Publisher: New Riders Publishing
Published: March 2000
ISBN: 1-57870-219-4
719 pages
$45