Addison wesley the dot NET developers guide to directory services programming may 2006 ISBN 0321350170
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.92 MB, 759 trang )
The.NETDeveloper'sGuidetoDirectoryServices
Programming
ByJoeKaplan,RyanDunn
...............................................
Publisher:AddisonWesleyProfessional
PubDate:May08,2006
PrintISBN-10:0-321-35017-0
PrintISBN-13:978-0-321-35017-6
Pages:512
TableofContents|Index
"Ifyouhaveanyinterestinwriting.NETprogramsusingActiveDirectoryorADAM,thisis
thebookyouwanttoread."JoeRichards,MicrosoftMVP,directoryservices
IdentityandAccessManagementarerapidlygainingimportanceaskeyareasofpracticein
theITindustry,anddirectoryservicesprovidethefundamentalbuildingblocksthatenable
them.Forenterprisedevelopersstrugglingtobuilddirectory-enabled.NETapplications,
The.NETDeveloper'sGuidetoDirectoryServicesProgrammingwillcomeasa
welcomeaid.
MicrosoftMVPsJoeKaplanandRyanDunnhavewrittenapracticalintroductionto
programmingdirectoryservices,usingbothversions1.1and2.0ofthe.NETFramework.
TheextensiveexamplesinthebookareinC#;acompanionWebsiteincludesbothC#
andVisualBasicsourcecodeandexamples.
Readerswill
Learntocreate,rename,update,anddeleteobjectsinActiveDirectoryandADAM
Learntobindtoandsearchdirectorieseffectivelyandefficiently
Learntoreadandwriteattributesofalltypesinthedirectory
LearntousedirectoryserviceswithinASP.NETapplications
GetconcreteexamplesofcommonprogrammingtaskssuchasmanagingActive
DirectoryandADAMusersandgroups,andperformingauthentication
Experienced.NETdevelopersthosebuildingenterpriseapplicationsorsimplyinterestedin
learningaboutdirectoryserviceswillfindthatThe.NETDeveloper'sGuidetoDirectory
ServicesProgrammingunravelsthecomplexitiesandhelpsthemtoavoidthecommon
pitfallsthatdevelopersface.
The.NETDeveloper'sGuidetoDirectoryServices
Programming
ByJoeKaplan,RyanDunn
...............................................
Publisher:AddisonWesleyProfessional
PubDate:May08,2006
PrintISBN-10:0-321-35017-0
PrintISBN-13:978-0-321-35017-6
Pages:512
TableofContents|Index
Copyright
Microsoft.NETDevelopmentSeries
Listings
Tables
Foreword
Preface
Acknowledgments
AbouttheAuthors
PartI:Fundamentals
Chapter1.IntroductiontoLDAPandActiveDirectory
ABriefHistoryofDirectoryServices
DefinitionofLDAP
DefinitionofActiveDirectory
DefinitionofADAM
LDAPBasics
Summary
Chapter2.Introductionto.NETDirectoryServicesProgramming
.NETDirectoryServicesProgrammingLandscape
NativeDirectoryServicesProgrammingLandscape
System.DirectoryServicesOverview
System.DirectoryServices.ActiveDirectoryOverview
System.DirectoryServices.ProtocolsOverview
SelectingtheRightTechnology
Summary
Chapter3.BindingandCRUDOperationswithDirectoryEntry
PropertyandMethodOverview
BindingtotheDirectory
DirectoryCRUDOperations
Summary
Chapter4.SearchingwiththeDirectorySearcher
LDAPSearchingOverview
DirectorySearcherOverview
TheBasicsofSearching
BuildingLDAPFilters
ControllingtheContentofSearchResults
ExecutingtheQueryandEnumeratingResults
ReturningManyResultswithPagedSearches
SortingSearchResults
Summary
Chapter5.AdvancedLDAPSearches
AdministrativeLimitsGoverningActiveDirectoryandADAM
UnderstandingSearchingTimeouts
OptimizingSearchPerformance
SearchingtheGlobalCatalog
ChasingReferrals
VirtualListViewSearches
SearchingforDeletedObjects
DirectorySynchronizationQueries
UsingAttributeScopeQuery
ExtendedDNQueries
ReadingSecurityDescriptorswithSecurityMasks
AsynchronousSearches
Summary
Chapter6.ReadingandWritingLDAPAttributes
BasicsofReadingAttributeValues
CollectionClassUsage
UnderstandingtheADSIPropertyCache
LDAPDataTypesin.NET
ADSISchemaMappingMechanism
.NETAttributeValueConversion
StandardDataTypes
BinaryDataConversion
COMInteropDataTypes
SyntacticversusSemanticConversion
DealingwithAttributeswithManyValues
BasicsofWritingAttributeValues
WritingCOMInteropTypes
Summary
Chapter7.ActiveDirectoryandADAMSchema
SchemaExtensionBestPractices
ChoosinganObjectClass
ChoosingAttributeSyntaxes
ModelingOne-to-ManyandMany-to-ManyRelationships
SearchFlagsandIndexing
TechniquesforExtendingtheSchema
DiscoveringSchemaInformationatRuntime
Summary
Chapter8.SecurityinDirectoryServicesProgramming
BindingandDelegation
DirectoryObjectPermissionsinActiveDirectoryandADAM
CodeAccessSecurity
Summary
Chapter9.IntroductiontotheActiveDirectoryNamespace
WorkingwiththeDirectoryContextClass
LocatingDomainControllers
UnderstandingtheActiveDirectoryRPCAPIs
UsefulShortcutsforDevelopers
Summary
PartII:PracticalApplications
Chapter10.UserManagement
FindingUsers
CreatingUsers
ManagingUserAccountFeatures
ManagingPasswordsforActiveDirectoryUsers
ManagingPasswordsforADAMUsers
DeterminingUserGroupMembershipinActiveDirectoryandADAM
Summary
Chapter11.GroupManagement
CreatingGroupsinActiveDirectoryandADAM
ManipulatingGroupMembership
ExpandingGroupMembership
PrimaryGroupMembership
ForeignSecurityPrincipals
Summary
Chapter12.Authentication
AuthenticationUsingSDS
AuthenticationUsingSDS.P
AuthenticationUsingSSPI
DiscoveringtheCauseofAuthenticationFailures
Summary
PartIII:Appendixes
AppendixA.ThreeApproachestoCOMInteropwithADSI
TheStandardMethod
TheReflectionMethod
HandcraftedCOMInteropDeclarations
Summary
AppendixB.LDAPToolsforProgrammers
LDP
ADSIEdit
ActiveDirectoryUsersandComputers
LDIFDE
ADFind/ADMod
BeaverTailLDAPBrowser
SofterraLDAPBrowser
Summary
AppendixC.TroubleshootingandHelp
Error0x8007203A:"Theserverisnotoperational."
Error0x8007052E:"LoginFailure:unknownusernameorbadpassword."
Error0x80072020:"Anoperationserroroccurred."
Error0x80072030:"Thereisnosuchobjectontheserver."
Error0x8007202F:"Aconstraintviolationoccurred."
Error0x80072035:"Theserverisunwillingtoprocesstherequest."
Error0x80070005:"Generalaccessdeniederror."
InvalidOperationExceptionfromDirectorySearcher
GettingHelp
Summary
Index
Copyright
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andthepublisherwas
awareofatrademarkclaim,thedesignationshavebeenprinted
withinitialcapitallettersorinallcapitals.
The.NETlogoiseitheraregisteredtrademarkortrademarkof
MicrosoftCorporationintheUnitedStatesand/orother
countriesandisusedunderlicensefromMicrosoft.
Theauthorsandpublisherhavetakencareinthepreparationof
thisbook,butmakenoexpressedorimpliedwarrantyofany
kindandassumenoresponsibilityforerrorsoromissions.No
liabilityisassumedforincidentalorconsequentialdamagesin
connectionwithorarisingoutoftheuseoftheinformationor
programscontainedherein.
Thepublisheroffersexcellentdiscountsonthisbookwhen
orderedinquantityforbulkpurchasesorspecialsales,which
mayincludeelectronicversionsand/orcustomcoversand
contentparticulartoyourbusiness,traininggoals,marketing
focus,andbrandinginterests.Formoreinformation,please
contact:
U.S.CorporateandGovernmentSales
(800)382-3419
ForsalesoutsidetheUnitedStatespleasecontact:
InternationalSales
VisitusontheWeb:www.awprofessional.com
LibraryofCongressCataloging-in-PublicationData:
Kaplan,Joe.
The.NETdeveloper'sguidetoDirectoryServicesprogramming/
p.cm.
Includesbibliographicalreferencesandindex.
ISBN0-321-35017-0(pbk.:alk.paper)
1.ComputersoftwareDevelopment.2.Directoryservices(Comput
3.Microsoft.NETFramework.I.Dunn,Ryan1976-II.Title.
QA76.76.D47K3632006
005.2'768dc22
Copyright©2006PearsonEducation,Inc.
Allrightsreserved.PrintedintheUnitedStatesofAmerica.This
publicationisprotectedbycopyright,andpermissionmustbe
obtainedfromthepublisherpriortoanyprohibited
reproduction,storageinaretrievalsystem,ortransmissionin
anyformorbyanymeans,electronic,mechanical,
photocopying,recording,orlikewise.Forinformationregarding
permissions,writeto:
PearsonEducation,Inc.
RightsandContractsDepartment
75ArlingtonStreet,Suite300
Boston,MA02116
Fax:(617)848-7047
TextprintedintheUnitedStatesonrecycledpaperatCourierin
Stoughton,Massachusetts.Firstprinting,April2006
Dedication
Tomywife,Karen,andson,Evan.
J.K.
Tothedevelopersthatstrugglesohardeachdaywith
integratingActiveDirectoryandADAMmeaningfullyinto
theirapplications.Remember:"Thisisnot'Nam,thisis
softwaredevelopment;therearerules."
R.D.
Microsoft.NETDevelopmentSeries
JohnMontgomery,SeriesAdvisor
DonBox,SeriesAdvisor
MartinHeller,SeriesEditor
TheMicrosoft.NETDevelopmentSeriesissupportedand
developedbytheleadersandexpertsofMicrosoftdevelopment
technologiesincludingMicrosoftarchitectsandDevelopMentor
instructors.Thebooksinthisseriesprovideacoreresourceof
informationandunderstandingeverydeveloperneedsinorder
towriteeffectiveapplicationsandmanagedcode.Learnfrom
theleadershowtomaximizeyouruseofthe.NETFramework
anditsprogramminglanguages.
TitlesintheSeries
BradAbrams,.NETFrameworkStandardLibraryAnnotated
ReferenceVolume1:BaseClassLibraryandExtendedNumerics
Library,0-321-15489-4
BradAbramsandTamaraAbrams,.NETFrameworkStandard
LibraryAnnotatedReference,Volume2:NetworkingLibrary,
ReflectionLibrary,andXMLLibrary,0-321-19445-4
KeithBallinger,.NETWebServices:Architectureand
Implementation,0-321-11359-4
BobBeauchemin,NielsBerglund,DanSullivan,AFirstLookat
SQLServer2005forDevelopers,0-321-18059-3
DonBoxwithChrisSells,Essential.NET,Volume1:The
CommonLanguageRuntime,0-201-73411-7
KeithBrown,The.NETDeveloper'sGuidetoWindowsSecurity,
0-321-22835-9
EricCarterandEricLippert,VisualStudioToolsforOffice:Using
C#withExcel,Word,Outlook,andInfoPath,0-321-33488-4
EricCarterandEricLippert,VisualStudioToolsforOffice:Using
VisualBasic2005withExcel,Word,Outlook,andInfoPath,0321-41175-7
MaheshChand,GraphicsProgrammingwithGDI+,0-32116077-0
KrzysztofCwalinaandBradAbrams,FrameworkDesign
Guidelines:Conventions,Idioms,andPatternsforReusable
.NETLibraries,0-321-24675-6
AndersHejlsberg,ScottWiltamuth,PeterGolde,TheC#
ProgrammingLanguage,0-321-15491-6
AlexHomer,DaveSussman,MarkFussell,ADO.NETand
System.Xmlv.2.0TheBetaVersion,0-321-24712-4
AlexHomer,DaveSussman,RobHoward,ASP.NETv.2.0The
BetaVersion,0-321-25727-8
JamesS.MillerandSusannRagsdale,TheCommonLanguage
InfrastructureAnnotatedStandard,0-321-15493-2
ChristianNagel,EnterpriseServiceswiththe.NETFramework:
DevelopingDistributedBusinessSolutionswith.NETEnterprise
Services,0-321-24673-X
BrianNoyes,DataBindingwithWindowsForms2.0:
ProgrammingSmartClientDataApplicationswith.NET,0-32126892-X
FritzOnion,EssentialASP.NETwithExamplesinC#,0-20176040-1
FritzOnion,EssentialASP.NETwithExamplesinVisualBasic
.NET,0-201-76039-8
TedPattisonandDr.JoeHummel,BuildingApplicationsand
ComponentswithVisualBasic.NET,0-201-73495-8
Dr.NeilRoodyn,eXtreme.NET:IntroducingeXtreme
ProgrammingTechniquesto.NETDevelopers,0-321-30363-6
ChrisSells,WindowsFormsProgramminginC#,0-321-116208
ChrisSellsandJustinGehtland,WindowsFormsProgramming
inVisualBasic.NET,0-321-12519-3
PaulVick,TheVisualBasic.NETProgrammingLanguage,0321-16951-4
DamienWatkins,MarkHammond,BradAbrams,Programming
inthe.NETEnvironment,0-201-77018-0
ShawnWildermuth,PragmaticADO.NET:DataAccessforthe
InternetWorld,0-201-74568-2
PaulYaoandDavidDurant,.NETCompactFramework
ProgrammingwithC#,0-321-17403-8
PaulYaoandDavidDurant,.NETCompactFramework
ProgrammingwithVisualBasic.NET,0-321-17404-6
Formoreinformationgoto
www.awprofessional.com/msdotnetseries/
Listings
[Pagesxvi-xviii]
LISTING PseudocodeRepresentationofBindingSyntax63
3.1:
LISTING TypicalActiveDirectoryBindingDemonstratingtheFour
3.2:
Parameters63
LISTING DemonstrationofDifferentGUIDBindingApproaches71
3.3:
LISTING Well-KnownGUIDBinding75
3.4:
LISTING BuildOctetStringFunction78
3.5:
LISTING DemonstratingSIDBinding78
3.6:
LISTING BindingwithDefaultCredentials79
3.7:
LISTING BindingwithExplicitCredentials80
3.8:
LISTING BindingtoaSpecificUserwithDefaultCredentials80
3.9:
LISTING AuthenticationTypesEnumerationMembers84
3.10:
LISTING RetrievingtheDefaultNamingContextwithRootDSE95
3.11:
LISTING DemonstratingProperConnectionCaching96
3.12:
LISTING CreatinganObjectintheDirectory100
3.13:
LISTING RemovingaSingleObjectfromtheDirectory103
3.14:
LISTING DeletinganObjectviaanExistingReference104
3.15:
LISTING DeletingManyObjectswithDeleteTree104
3.16:
LISTING MovinganObjectandSimultaneouslyRenamingIt105
3.17:
LISTING RenaminganObject106
3.18:
LISTING AnAlternateApproachtoRenaminganObject106
3.19:
LISTING InitializingtheSearchRootoftheDirectorySearcher116
4.1:
LISTING ConvertingBinarytoStringforSearchFilters128
4.2:
LISTING ConvertingaGUIDtoaFilterString129
4.3:
LISTING GeneratingUTCandGeneralizedTimeFilters131
4.4:
LISTING CreatingaLargeIntegerDateFiltertoFindOldPasswords132
4.5:
LISTING FindingDisabledAccountswithaBitwiseFilter133
4.6:
LISTING ANRFilterExpansion135
4.7:
LISTING BewareANRFilterExpansion135
4.8:
LISTING SpecifyingAttributestoReturn137
4.9:
LISTING SettingtheSizeLimit138
4.10:
LISTING ATypicalInvocationofFindOne139
4.11:
LISTING FindingObjectswithEmailAddressesUsingFindAll142
4.12:
LISTING EnablingPagingSupport144
4.13:
LISTING Server-SideSorting147
4.14:
LISTING SearchingtheGlobalCatalog160
5.1:
LISTING SearchingbyOffset166
5.2:
LISTING SearchingbyString168
5.3:
LISTING SearchingforDeletedItems170
5.4:
LISTING SampleDirSyncClass174
5.5:
LISTING DemonstratingDirSyncClassUse177
5.6:
LISTING UsinganAttributeScopeQuerytoRetrieveDatafromthe
5.7:
MembersofaGroup179
LISTING UsingtheExtendedDNQuery182
5.8:
LISTING RetrievingaSecurityDescriptor184
5.9:
LISTING UsingAsynchronousSearching187
5.10:
LISTING RetrievingPartialResults188
5.11:
LISTING ConvertingIADsLargeIntegertoSystem.Int64inC#218
6.1:
LISTING ConvertingIADsLargeIntegertoSystem.Int64inVisualBasic
6.2:
.NET220
LISTING ReadingLargeIntegerSyntaxwithDirectorySearcher221
6.3:
LISTING ConvertingDN-With-BinaryforWellKnownObjects222
6.4:
LISTING ReadingDN-With-BinarywithDirectorySearcher224
6.5:
LISTING SettingSecurityMasksforDirectoryEntry226
6.6:
LISTING ReadingSecurityDescriptors229
6.7:
LISTING RangeRetrievalUsingDirectorySearcher232
6.8:
LISTING ConvertingInt64BacktoIADsLargeInteger241
6.9:
LISTING SettingtheAccountExpirationDate241
6.10:
LISTING IADsLargeIntegerConversioninVisualBasic.NET242
6.11:
LISTING WritingaDN-With-BinaryAttribute243
6.12:
LISTING WritingaSecurityDescriptorUsingPropertyValueCollection
6.13:
244
LISTING DeterminingAvailableSchemaatRuntime266
7.1:
LISTING DynamicSchemaInformationUsingVersion2.0268
7.2:
LISTING DeterminingSchemaUsingConstructedAttributes269
7.3:
LISTING DeterminingModifiableAttributesandCreatableClasses270
7.4:
LISTING RetrievingRawSSPIResultFlags286
8.1:
LISTING ListingtheDACL302
8.2:
LISTING ModifyingSecurityDescriptors305
8.3:
LISTING GUID-to-Friendly-NameConversion306
8.4:
LISTING ExaminingSecurityDescriptorsin.NET1.x311
8.5:
LISTING UpdatingaSecurityDescriptorin.NET1.x313
8.6:
LISTING TheDirectoryContextandDirectoryContextTypePublic
9.1:
Members326
LISTING UsingDirectoryContextstoCreateForestObjects329
9.2:
LISTING UsingDirectoryContexttoAccessSpecificServers330
9.3:
LISTING FindingaSingleDomainController333
9.4:
LISTING EnumeratingAllDomainControllers334
9.5:
LISTING ForcingRediscovery335
9.6:
LISTING FindingaDomainControllerbySiteName335
9.7:
LISTING DOMAIN_CONTROLLER_INFOStructure337
9.8:
LISTING C#DeclarationofStructureReturnedby
9.9:
DsGetDomainControllerInfo337
LISTING BindingtotheDefaultNamingContext341
9.10:
LISTING BindingtotheDefaultNamingContext,Revised341
9.11:
LISTING GettingtheSchemaContainer342
9.12:
LISTING EnumeratingADAMInstances342
9.13:
LISTING SettingthedefaultNamingContextAttributeinADAM343
9.14:
LISTING CreatinganActiveDirectoryorADAMUser351
10.1:
LISTING UserAccountControlFlags353
10.2:
LISTING ReadingtheuserAccountControlAttribute354
10.3:
LISTING WritingAccountValues355
10.4:
LISTING ReadingthemsDS-User-Account-Control-ComputedAttribute
10.5:
358
LISTING WritingAccountValues359
10.6:
LISTING DeterminingDomainPolicies360
10.7:
LISTING PasswordExpires,PartI364
10.8:
LISTING PasswordExpires,PartII365
10.9:
LISTING PasswordExpires,PartIII366
10.10:
LISTING CheckingPasswordExpiration368
10.11:
LISTING FindingExpiringPasswords369
10.12:
LISTING FindingaUser'sLastLogon370
10.13:
LISTING DeterminingAccountLockout373
10.14:
LISTING SearchingforLocked-OutAccounts374
10.15:
LISTING Using.ProtocolsforPasswordOps384
10.16:
LISTING UsingDirectoryEntryConfigurationforADAM387
10.17:
LISTING SettingIADsObjectOptionsviaReflection388
10.18:
LISTING RetrievingTokenGroupswithanLDAPSearch391
10.19:
LISTING UsingDsCrackNamestoConvertTokenGroups393
10.20:
LISTING UsingSidIdentifierandIdentityReference394
10.21:
LISTING GroupConstants398
11.1:
LISTING ValidGroupTypeCombinations398
11.2:
LISTING CreatingaSecurityGroup399
11.3:
LISTING StronglyTypingtheGroupMembership401
11.4:
LISTING UsingthememberAttributetoManageMembership402
11.5:
LISTING ExpandingMembershipinVersion2.0405
11.6:
LISTING ExpandingMembershipinVersion1.1407
11.7:
LISTING ForeignSecurityPrincipals414
11.8:
LISTING ANaïveActiveDirectoryAuthenticationMethod420
12.1:
LISTING ADAMAuthenticationUsingSDS422
12.2:
LISTING SettingLdapConnectionOptions424
12.3:
LISTING DeterminingServerCapabilities426
12.4:
LISTING LDAPAuthentication428
12.5:
LISTING WindowsAuthenticationUsingSSPI429
12.6:
LISTING UsingReflectiontoReadIADsLargeInteger437
A.1:
LISTING UsingVisualBasic.NETLateBindingtoAccess
A.2:
IADsLargeInteger438
LISTING Handwritten.NETTypeDeclarationforIADsLargeInteger439
A.3:
Tables
TABLE ExampleLDAPADsPaths64
3.1:
TABLE Well-KnownDefinedGUIDs76
3.2:
TABLE AuthenticationTypesRequirementsforUsernameSyntaxes82
3.3:
TABLE ValidAuthenticationTypesCombinationsandRestrictions92
3.4:
TABLE FilterTypes120
4.1:
TABLE ReservedCharacters123
4.2:
TABLE SummaryofAttributeFilterSyntaxesandAllowedOperators
4.3:
125
TABLE AdministrativeLimitsforLDAPSearcheswithActiveDirectory
5.1:
150
TABLE NonpagedTimeoutPrecedence153
5.2:
TABLE PagedSearchTimeoutPrecedence154
5.3:
TABLE PerformanceTips156
5.4:
TABLE LDAPAttributeSyntaxeswithTheirMatchingProgrammatic
6.1:
DataTypes202
TABLE SecurityDescriptorReadBehavior227
6.2:
TABLE OIDPrefixes249
7.1:
TABLE VariousStringAttributeSyntaxes253
7.2:
TABLE ActiveDirectoryandADAMsearchFlagsvalues262
7.3:
TABLE ActiveDirectoryandADAMsystemFlagsvalues263
7.4:
TABLE ActiveDirectoryRPCAPIFunctions340
9.1:
TABLE AuthenticationOptionsMatrix432
12.1:
Foreword
Acoupleofyearsago,Ibeganworkonanidentity-aware
applicationthatwouldinvolveprogrammingagainstActive
Directory.Atthattime,the.NETFrameworkwasatversion1.1,
andSystem.DirectoryServicesclearlywaswhereIwantedtoinvest
myenergy.Iwasshockedthatabooksearchrevealedvirtually
nohitsonthistopic.TherewereafewolderbooksonADSI
programming,manyofwhichweretargetedatsystem
administratorswhouseADSIscriptstoautomatemuchoftheir
day-to-daychores.Buttherewasnothingforme,a.NET
developerwhosimplywantedtowriteanidentity-aware
application.
Knowingthetremendousvalueofhavingagreattechnicalbook
bymyside,Itriedsomethingcrazy.Ipostedanentryonmy
blog[1]suggestingthatifanysubjectmatterexpertswere
interestedinputtingsuchabooktogether,I'dbehappytohelp
byreviewingtheirworkandintroducingthemtotheeditorsat
Addison-Wesley.Apparently,thatpostrekindledalatentinterest
inthemindsofabunchofMicrosoftMVPs,whojustneededa
littlepushtogetgoing.JoeKaplanandRyanDunnthrew
themselvesonthegrenadeandnowhereIsit,writingthis
foreword!
[1] />
Inthemeantime,Ihavebeenfortunatetobeabletoreview
muchofthisbook,andI'velearnedagreatdealabout
programmingSystem.DirectoryServicesbyreadingthedraft
chapters.Chapter3wasinvaluablewhenIwasbuildingthe
identity-awareapplicationImentionedearlier,andoverallthe
bookprovidedanumberofinsightsthatIsharewithstudents
whenIteachmysecuritycourseatPluralsight.Ifyouare
currentlydoing(orevenconsidering)anyworkwith
System.DirectoryServices,simplytakethisbooktothecheckout
counternow,andcontinuereadingthisforewordathome.You'll
begladyoudid.
Directoriessurroundus,butmanyenterpriseprogrammers
aren'tawareofthewealthofinformationontheirowndomain
controllers.Forexample,itwouldbewisetoavoidbuildingyour
own"Users"tableinSQLServerifyoucansimplyleverageuser
datainActiveDirectory.Itwouldbeutterfollytocreatea
passworddatabaseandrollyourownauthenticationprotocolon
anintranetwhereyoucouldsimplyleverageKerberos.Oneneat
techniqueIlearnedfromthisbookwashowtouse"SID
binding"tolookupauser'srecordinActiveDirectoryonce
you'veauthenticatedthatuser.Thesearethesortsofpractical
techniquesusedeverydaybydirectoryprogrammingexperts,
butyou'dbehard-pressedtofindthembysimplyreadingthe
documentation.
I'veseenalotofbookswrittenbyprofessionaltechnical
writers.Forsomeofthem,youcantellthattheonlylegupthe
authorhasoveryourownexperienceisthathereadthe
documentationafewweeksbeforeyoudid.Thisisnotoneof
thosebooks.JoeandRyantogetherhaveansweredliterally
thousandsofquestionsinpublicforumssuchastheADSI
USENETnewsgroupatmicrosoft.public.adsi.general.Theyknow
thepainpointsthatyou'llencounterwhenyouprogramagainst
ActiveDirectory,andthisbookoverflowswithpracticalwisdom
asaresult.
Thanksforthegreatwork,guys!
KeithBrown
Pluralsight
February2006
