Limiting Enumeration with Filters and Hints

Microsoft® Windows® 2000 Scripting Guide

The Filter and Hints properties of IADsContainer allow limiting the number of objects returned by enumeration. The filter property is similar to the search filters discussed earlier in "Searching Active Directory for User Accounts." Unlike search filters, the Filter property of IADsContainer requires the client to filter objects rather than the server. The Hints property is equivalent to the attributes requested in a search query. For example, you can use the Hints property to instruct IADsContainer to return only the cn or the ADsPath of an object.

IADsContainer also provides methods, including Create, MoveHere, and Delete (discussed earlier in this chapter), which can be used to perform account management tasks on enumerated objects.

Because IADsContainer enumeration loads all objects from a container into the local property cache, using enumeration for a large number of objects can affect client performance. Therefore, to retrieve the contents of a container with many objects, use the ADO OLEDB provider to perform a search.

Scripting Steps

Listing 7.34 contains a script that enumerates a container and then modifies an attribute in user account objects. To carry out this task, the script performs the following steps:

  1. Bind to the target container, the Management OU, by using the GetObject function and the LDAP provider.

  2. Set the Filter property of the IADsContainer interface to return user account objects.

    Contact account types are not returned by this filter.

  3. Use a For Each loop to assign each object stored in the objOU container object to the objUser variable.

  4. Display the value of the IADs name property for each user account in the enumeration.

  5. Use the Put method of IADs to update the company single-valued attribute in the local property cache to Fabrikam.

  6. Use SetInfo to commit the company value assigned to the user account object in the local property cache to Active Directory.

  7. Use the Get method of IADs to read the value of the company attribute for each user object.

  8. Repeat the loop for each object in the enumeration.

Listing 7.34 Modifying Multiple User Accounts in a Container by Using Enumeration


Set objOU = GetObject("LDAP://ou=Management,dc=NA,dc=fabrikam,dc=com")

objOU.Filter = Array("user")

For Each objUser In objOU
  Wscript.Echo "Modified " & objUser.Name
 objUser.Put "company", "Fabrikam"
 Wscript.Echo "The new company name is: " & _