Binding to Active Directory Domain Services
In Active Directory Domain Services, the act of associating a programmatic object with a specific Active Directory Domain Services object is known as binding. When a programmatic object, such as an IADs or DirectoryEntry object, is associated with a specific directory object, the programmatic object is considered to be bound to the directory object.
Binding Functions and Methods
The method for programmatically binding to an Active Directory object will depend on the programming technology that is used. For more information about binding to objects in Active Directory Domain Services with a specific programming technology, see the topics listed in the following table.
Programming technology | For more information |
---|---|
Active Directory Service Interfaces | Binding to an ADSI Object |
Lightweight Directory Access Protocol | Establishing an LDAP Session |
System.DirectoryServices | Binding to Directory Objects |
Binding Strings
All bind functions and methods require a binding string. The form of the binding string depends on the provider. Active Directory Domain Services are supported by two providers, LDAP and WinNT.
Beginning with Windows 2000, the LDAP provider is used to access Active Directory Domain Services. The LDAP binding string can take one of the following forms:
- "LDAP://<host name>/<object name>"
- "GC://<host name>/<object name>"
In the examples above, "LDAP:" specifies the LDAP provider. "GC:" uses the LDAP provider to bind to the Global Catalog service to execute fast queries.
"<host name>" specifies the server to bind to and is optional. If possible, do not specify a server. It is also possible to bind to an object in a different domain. To do this pass the domain naming system (DNS) name of the target domain for "<host name>". For example, to bind to the Users container in the domain2 domain of fabrikam.com, the binding string would be "LDAP://domain2.fabrikam.com/CN=Users,DC=domain2,DC=fabrikam,DC=com".
"<object name>" represents a specific object in Active Directory Domain Services. The object name can be a distinguished name or an object GUID.
For more information about LDAP binding strings, see LDAP ADsPath.
For Windows NT 4.0, the WinNT provider is used for access to directory data such as users, user groups, computers, services, and other network objects in the Windows 2000. The WinNT provider on Windows 2000 and later systems has limited functionality compared to the LDAP provider. For more information about WinNT binding strings, see WinNT ADsPath.
An ADsPath of "LDAP://" or "GC://" can be used to bind to the root of the namespace. When bound to the root of the namespace, the supplied namespace object contains no properties and contains the domain object for LDAP and a container object containing a partial replica of all domains in the forest for GC.
For more information about binding in Active Directory Domain Services, see:
- Serverless Binding and RootDSE
- Binding to the Global Catalog
- Using objectGUID to Bind to an Object
- Binding to Well-Known Objects Using WKGUID
- Binding to an Object Using a SID
- Enabling Rename-Safe Binding with the otherWellKnownObjects Property
- Authentication