Accessing Active Directory Service Interfaces (ADSI) from Java

Accessing Active Directory Service Interfaces (ADSI) from Java

Java/J2EE COM Interoperability Products Page

This example demonstrates how to access Active Directory Service Interfaces (ADSI) from Java. J-Integra® for COM is a Java interoperability component that bridges Java and ADSI. It provides bi-directional access of Java objects and COM components.


  1. Introduction
  2. Run the Java Client on Local Windows Machine
    1. Generate Java Proxies
    2. Create the Example
    3. Compile and Run the example
  3. Run the Java Client on Remote Machine, e.g. Windows, UNIX, Linux and etc
  4. More about ADSI programming

1 Introduction

This example shows you how to programmatically automate ADSI from Java using the COM API that ADSI exposes, in order to create a new "local" user account from Java. You can run the Java client on a Windows machine to access its local ADSI, or run the Java client on a non-Windows machine (such as Linux) to access ADSI on a remote Windows machine.

We assume that you are familiar with Java -- no COM knowledge should be required. We assume you have downloaded and expanded the J-Integra® kit from and installed it correctly.

2 Run the Java Client on Local Windows Machine

You can try this example on local Windows machine first to get a feel for how easy it is to use J-Integra® to access ADSI from Java. Once you make it working on local machine, you can then try to run the Java client on a non-Windows machine to remotely access ADSI on another Windows machine.

2.1 Generate the Java proxies

Run J-Integra®'s com2java tool on the Windows machine, and select C:\WINNT\system32\activeds.tlb as the type library, choose an empty directory named activeds (e.g. C:\activeds) as output directly, and use activeds as Java package name. Click the Generate Proxies button to generate Java proxies from ADSI type library.

2.2 Create the example

This example is written for ADSI on Windows 2000 machine. If you use a different version of Windows, you need to look at the generated Java proxies of ADSI and call the methods accordingly.

Create a .java file named Then copy and paste the Java code below:

public class CreateUser {  

  public static void main(String[] args) throws Exception {  
    try {  
      String host = "localhost"; // IP name of NT machine we are talking to  
      String ntDomain = "linardellw2k"; // Its domain (use machine name if no domain)  
      String adminUser = "administrator";  
      String adminPassword = "...";  
      String newUserName = "fred";  
      String newUserPassword = "fredsSecretPassword";  
      String newUserFullName = "Frederick Bloggs, esq.";  
      String newUserDescription = "A new user created from pure Java";  
      createUser(host, ntDomain, adminUser, adminPassword,  
      newUserName, newUserPassword, newUserFullName, newUserDescription);  
    } catch (Exception e) {
    } finally {  
   * createUser. Create a new Windows User account via the Active Directory Services.  
   * @param     host. The TCP/IP name of the Windows 2000 machine on which the user should be created  
   * @param     domain. The NT domain for the machine (specify the machine name if no domain)  
   * @param     adminUser.  The name of an account with Administrator priviliges  
   * @param     adminPassword.  The password for the administrator account you specified  
   * @param     newUserName.  The NT UserName for the new account  
   * @param     newUserPassword.  The NT password for the new account  
   * @param     newUserFullName.  The full name to be specified for the new account  
   * @param     newUserDescription.  The description associated with the new account  
   * @exception If there are communications problems or if the create fails.  
  public static void createUser(String host, String domain, String adminUser, String adminPassword, 
                                 String newUserName, String newUserPassword, String newUserFullName, 
                                 String newUserDescription) throws {  
    // DCOM authentication: Make sure domain, adminUser, adminPassword are valid credentials.
    // Uncomment this line if remotely accesses ADSI:
    // com.linar.jintegra.AuthInfo.setDefault(domain, adminUser, adminPassword);
    // Connect to the Windows NT ADSI namespace COM object  
    // (messier than normal because there is no TLB with this class in it)  
    activeds.IADsOpenDSObject adsOpen = new activeds.IADsOpenDSObjectProxy(WINNT_NAMESPACE_CLSID, host, null);  

    // Open the specific domain we want, 1 == "Secure Encryption"  
    Object tmpObject = adsOpen.openDSObject("WinNT://" + domain, adminUser, adminPassword, 1);  
    activeds.IADsContainer computer = new activeds.IADsContainerProxy(tmpObject);  

    // Create the new user
    activeds.IADsUser  user = new activeds.IADsUserProxy(computer.create("user", newUserName));  

    // Set various properties, and confirm the change
    user.setFullName (newUserFullName);  

  private static final String WINNT_NAMESPACE_CLSID = "250e91a0-0367-11cf-abc4-02608c9e7553";  


2.3 Compile and run the example

On the Java client machine, make sure your CLASSPATH and PATH environment variables are set up according to J-Integra® installation instructions. Compile and run the example in  J-Integra®'s native mode (you need to use DCOM mode if remotely accessing ADSI):


When you run the example nothing much will happen, but on the NT machine you will see the new user under the Computer Management tool.

3 Run the Java Client on Remote Machine, e.g. Windows, UNIX, Linux and etc

You can also run the Java client on a remote machine, such as Linux, Solaris, UNIX and AIX. For instance, if you run it on a Linux machine, then you must do the following.:

  1. Move the com2java tool to the Windows machine to generate the Java proxies from ADSI, and then move the Java proxies from the Windows machine to the Linux machine.
  2. Install J-Integra® (the jintegra.jar file) on the Linux machine and include the jintegra.jar file and generated Java proxies in CLASSPATH.
  3. Use setdllhost to configure a surrogate for WMI on the Windows machine:
    c:\WINNT\system32>setdllhost activeds.dll adsnds.dll adsldp.dll adsnt.dll "ADSI"
  4. Use DCOMCNFG to configure ADSI on the Windows machine.
  5. Assign the IP address or computer name of the ADSI machine to String host in
    String host = "123.456.78.9";
  6. Pass correct login credentials to com.linar.jintegra.AuthInfo.setDefault(domain, adminUser, adminPassword);
    Refer to Configuring DCOM for Remote Access for more information about AuthInfo.setDefault.
  7. Move to the Linux machine. Compile and run it in DCOM mode without using DJINTEGRA_NATIVE_MODE property:
    java CreateUser

4 More about ADSI programming

We do not provide the documentation of the generated Java proxies since the Java proxies are just mapped from the programming API of the COM component. For more information about ADSl programming, please refer to Microsoft Platform SDK: Active Directory Service Interfaces and Mapping VB code to Java code.