YNY
Full Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Цитата: The following code example shows how to use the ADsOpenObject function to bind to a specific server using the ADS_SERVER_BIND flag: ADsOpenObject("LDAP://server/domain.com/DC=domain, DC=com",..., ADS_SERVER_BIND) If you cannot specify the fully qualified DNS domain name, you can use other forms for the HostName parameter. The formats for specifying a HostName parameter are (in order of preference): Fully Qualified Domain Name (FQDN), such as dev.myCompany.com Fully Qualified Machine Name (FQMN), such as myComputer.dev.myCompany.com Flat domain name, such as dev NETBIOS computer name, such as myComputer IP address, such as 127.0.0.1 Note If you specify a NETBIOS computer name or an IP address, you cannot perform mutual authentication. Добавлено: If Kerberos authentication is required for the successful completion of a specific directory request, the binding string must use either a serverless ADsPath, such as LDAP://CN=Jeff Smith,CN=users,DC=fabrikam,DC=com, or it must use an ADsPath with a fully-qualified DNS server name, such as LDAP://server01.fabrikam.com/CN=Jeff Smith,CN=users,DC=fabrikam,DC=com. Binding to the server using a flat NETBIOS name or a short DNS name, for example, using the name server01 instead of server01.fabrikam.com, is not guaranteed to yield Kerberos authentication. Добавлено: http://support.microsoft.com/kb/q258507/ Добавлено: ПРИМЕР использования OpenDSObject() из MSDN {вызов OpenDSObject() "аналогичен" GetObject(), т.е. в GetObject() должны передаваться параметры так же как в примере ниже, а не как у тебя}: Dim dso As IADsOpenDSObject Dim obj1, obj2 As IADs Dim szUsername As String Dim szPassword As String Set dso = GetObject("LDAP:") ' Insert code securely. ' Supply full credentials to initiate a server connection. Set obj1 = dso.OpenDSObject( _ "LDAP://server1/CN=Dept1,DC=Fabrikam,DC=com", _ szUsername, _ szPassword, _ ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND) Добавлено: Возмона это уже лишнее но все же LDAP://<servername>/rootDSE ПОСМОТРИ что у тя за rootDSE, возмона там и есть твой зацикленный КД, и вообще не понятно зачем унифицировать скрипт (определять программно домен, а не прописывать его руками если от этого одни проблемы. The <servername> is the DNS name of a server. The <servername> is optional, as shown in the following format. LDAP://rootDSE In this case, a default domain controller from the domain that the security context of the calling thread is in will be used. If a domain controller cannot be accessed within the site, the first domain controller that can be found will be used. |