{"id":71413,"date":"2004-09-17T11:34:00","date_gmt":"2004-09-17T11:34:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2004\/09\/17\/how-do-i-bind-to-a-user-account-in-a-sub-ou\/"},"modified":"2004-09-17T11:34:00","modified_gmt":"2004-09-17T11:34:00","slug":"how-do-i-bind-to-a-user-account-in-a-sub-ou","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-do-i-bind-to-a-user-account-in-a-sub-ou\/","title":{"rendered":"How Do I Bind to a User Account in a Sub-OU?"},"content":{"rendered":"

\"Hey,<\/p>\n

Hey, Scripting Guy! How do I bind to a user account when the user is in a sub-OU? Code like this doesn\u2019t work: LDAP:\/\/CN=Ken Meyer, OU=NA\\Human Resources, DC=fabrikam, dc=com.<\/p>\n

— RD<\/p>\n

\"Spacer\"\"Hey,\"Script<\/a><\/p>\n

Hey, RD. The past few days we\u2019ve done some lengthy answers to questions, so we decided to be a little lazy today (hey, it is<\/i> Friday!) and take an easy one. In your Active Directory, you have an OU named NA, and inside that<\/i> OU you have a sub-OU named Human Resources. You\u2019re trying to get at a user account located in the Human Resources OU but, as you\u2019ve discovered, this code won\u2019t do it:<\/p>\n

Set objUser = GetObject _\n  (\"LDAP:\/\/CN=Ken Meyer, OU=NA\\Human Resources, DC=fabrikam, dc=com \")\n<\/pre>\n
Why not? Well, you\u2019re trying to take a shortcut here and, in this case at least, ADSI doesn\u2019t like you taking shortcuts. You\u2019re specifying an OU named NA\\Human Resources, obviously meaning, \u201cThe OU named Human Resources that\u2019s found inside the NA OU.\u201d That makes sense to us, but not to ADSI. Instead, ADSI requires you to separate each part of the distinguished name; no shortcuts. Thus you need to use a binding string like this:<\/p>\n
Set objUser = GetObject _\n  (\"LDAP:\/\/CN=Ken Meyer, OU=Human Resources, OU=NA, DC=fabrikam, dc=com \")\n<\/pre>\n
Notice that ADSI requires you to work backwards when creating a binding string. You start with the actual user account itself (CN=Ken Meyer). Next you go to the OU in which the user account resides: OU= Human Resources. From there you go to the parent OU: OU=NA. What if the NA OU was actually a sub-OU of, say, Headquarters? No problem; in that case, your binding string would look like this:<\/p>\n
Set objUser = GetObject _\n  (\"LDAP:\/\/CN=Ken Meyer, OU=Human Resources, OU=NA, \" & _\n        \"OU=Headquarters, DC=fabrikam, dc=com \")\n<\/pre>\n
You then tack on the domain components (DC=fabrikam, DC=com), and you\u2019re off and running.<\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How do I bind to a user account when the user is in a sub-OU? Code like this doesn\u2019t work: LDAP:\/\/CN=Ken Meyer, OU=NA\\Human Resources, DC=fabrikam, dc=com. — RD Hey, RD. The past few days we\u2019ve done some lengthy answers to questions, so we decided to be a little lazy today (hey, it […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,20,5],"class_list":["post-71413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-user-accounts","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How do I bind to a user account when the user is in a sub-OU? Code like this doesn\u2019t work: LDAP:\/\/CN=Ken Meyer, OU=NA\\Human Resources, DC=fabrikam, dc=com. — RD Hey, RD. The past few days we\u2019ve done some lengthy answers to questions, so we decided to be a little lazy today (hey, it […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/71413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=71413"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/71413\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=71413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=71413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=71413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}