|
aku1 发表于 2006-11-30 14:53:54 |
Not all attribute values are stored in a directory service. Instead, attribute values that are not contained in the directory can be calculated when a request for the attribute is made. This type of attribute is called operational. Note that this type of attribute is defined in the schema but it does not contain a value in the directory. Instead, the domain controller that processes a request for an operational attribute calculates the attribute's value to answer the client request.
It is critical that you know which attributes are operational because, unlike the other attributes of an object, operational attributes are not downloaded to the local property cache unless you make an explicit call to the GetInfo or GetInfoEx method. For more information about how to use these methods, see "Data Caching" earlier in this chapter.
The script in Listing 5.53 determines which attributes in the schema are operational. It accomplishes this task by reading the systemFlags attribute of each AttributeSchema object. The steps to complete this task are similar to those for Listing 5.52; therefore, these steps are summarized.
|
1. |
Set the ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED constant to determine later in the script whether an attribute is operational. |
|
2. |
Use rootDSE to determine the value of the schemaNamingContext attribute and initialize the strADsPath variable. |
|
3. |
Using ADO, query Active Directory for all AttributeSchema objects and return the lDAPDisplayName and systemFlags attributes of the objects. |
|
4. |
Use a While Wend statement to read each record in the result set. |
|
5. |
For each record in the result set, determine whether the attribute is operational, indicated by whether the third bit of the searchFlags attribute is on (lines 19 and 20).
| • |
If the searchFlags attribute is on, display the lDAPDisplayName of the attribute (stored in the strAttribute variable). | |
Listing 5.53 Determining Which Attributes Are Operational
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Const ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED = &h4
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "<LDAP://" & objRootDSE.Get("schemaNamingContext") & ">"
objCommand.CommandText = strADsPath & _
";(objectCategory=AttributeSchema);" & _
"lDAPDisplayName,systemFlags;onelevel"
Set objRecordSet = objCommand.Execute
Wscript.Echo "Constructed Attributes: "
While NOT objRecordSet.EOF
strAttribute = objRecordSet.Fields("lDAPDisplayName")
If ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED AND _
objRecordSet.Fields("systemFlags") Then
Wscript.Echo strAttribute
objRecordSet.MoveNext
End If
Wend
objConnection.Close
|
When this script runs, it echoes a list of operational attributes, as shown in the following abbreviated result set: Constructed Attributes:
allowedAttributes
allowedAttributesEffective
allowedChildClasses
allowedChildClassesEffective
aNR
attributeTypes
canonicalName
createTimeStamp
...
| 
