Introduction

The Active Directory Service Interface (ADSI)

The Active Directory Service Interfaces (ADSI) is a set of Component Object Model (COM) interfaces used to access the features of directory services from different network providers and from within client applications. ADSI enables developers and network administrators to easily manage network resources by providing a way to automate tasks. From a net-admin perspective, these tasks can include user management and printing device configuration, whereas from a developer perspective, ADSI provides a way to develop directory-enabled applications. Administrators and developers handle a single set of directory service interfaces, regardless of which directory services are installed.

A common scenario where ADSI is the solution to many problems is while working on a distributed computing environment; in this type of environment, we have multiple directory services and we have to find a way to access and manage all the resources inside of it. To address those problems, ADSI provides a consistent set of interfaces that can be used to seamlessly manage any directory contained within the environment.

The ADSI offers many benefits to system administrators, benefits that span between the simplicity of learning and implementation to the flexibility of usage. Listed below are some possible benefits that ADSI offers:

• Open: Any directory provider can implement ADSI.
• Directory Services (DS) Independent: It can be used without restrictions on the directory service provider.
• Multi-language support: Interfaces are accessible from multiple language (VB, C#, C++).
• Simple programming model.
• Scriptable: Can be used by any automation capable language, such as VBScript.
• Functionally rich: ISV have the chance to deploy serious and functionality rich applications.

Event Tracing in ADSI

Event tracing in ADSI is a feature that has been added to certain areas of the ADSI LDAP provider because of their complex under-the-hood implementation. This tracing makes it easier for developers to troubleshoot problems during the development of directory-enabled applications. Some of these areas include:

• Schema parsing and downloading.
• Changing and setting passwords.

Active Directory Service Interface Architecture

Figure 1 shows a COM-style diagram of the ADSI architecture. As we can see, at the top-level we have a system object that contains a list of all the ADSI providers currently installed. Each entry in the list is in turn a namespace Object specific for a particular ADSI provider. At the top-level root nodes of each namespace container object, we have defined whatever directory-system object the directory service uses. ADSI supplies a set of predefined objects and interfaces so that client applications can interact with directory services using a uniform set of methods. However, ADSI may not provide access to all features of a directory service. The root-node container objects, found within each provider Namespace object, include an ADSI schema container object. This object contains the definition of all features for that provider.

1. A diagram showing the namespaces container object

Providers Supported by Active Directory Service Interface

1. Supported ADSI

Not every service provider supports the methods and property methods exposed by ADSI interfaces. Because different directory services vary in the types of objects and properties stored, and use different protocols and authentication, ADSI is designed to work seamlessly with supported service providers. Thus, there are interfaces, methods, and property methods that work with one service provider, such as LDAP, that may not work on another, such as WinNT.